Here’s your checklist for maximum smartphone security
Keep your accounts to yourself.
Everyone wants the data on their phone to stay private, but there’s a reason Android and iOS come with a variety of security measures to prevent other people from accessing it.
If you suspect someone is snooping on you, there are some simple steps you can follow to secure your information—and also a few warning signs to look out for to make sure it doesn’t happen in the future.
Keep your lock screen secure
Your phone’s lock screen is the first barrier against unauthorized access. Whether you use a PIN code or a biometric feature (like pressing down a fingerprint or showing a face), make sure you protect your handset with something.
You can customize lock screen security on Android by going to Settings, choosing Security, and then Screen lock. Meanwhile, from the Settings app on iOS, choose either Touch ID & Passcode or Face ID & Password depending on which biometric security method is built into your iPhone.
You should also make sure the screen on your device locks as soon as possible after you’ve stopped using it—otherwise someone could surreptitiously swipe it while you’re not looking, before the locking mechanism kicks in. On Android, open Settings, then go to Display, Advanced, and Screen timeout to set how quickly the screen should turn off. Over in iOS settings, pick Display & Brightness, then Auto-Lock. The shorter the time period you set here, the more secure your data is.
If you need to lend your phone to someone, but still worry about their unfettered access to your handset, know that you can lock people inside one particular app or prevent them from installing anything while you’re not looking. We’ve gone deeper into these features and other similar security options, for both Android and iOS.
Thanks to the security protocols in place on Android and iOS, it’s actually quite difficult for spying software to get on your phone without your knowledge. To succeed, someone would need to physically access your phone and install a monitoring app, or trick you into clicking on a link, opening a dodgy email attachment, or downloading something from outside your operating system’s official app store. You should see a warning if you do any of these things by mistake, but because it’s easy to disregard those little notifications, you should always be careful what you click on.
Android and iOS don’t allow apps to hide, so even if someone has gained access to your handset to install an app that’s keeping tabs on you, you’ll be able to see it. On Android, go to Settings, Apps and notifications, and then See all apps. Within iOS, just check the main apps list in Settings. As the device’s owner, you can uninstall anything you don’t recognize or trust—you won’t break your phone by removing apps, so don’t hesitate if there’s something you’re unsure about.
If you want to do a bit more detective work, you can check the permissions of any suspicious apps. These will show up when you tap through on the apps list from the screens just mentioned. In terms of notifications, system settings, device monitoring, and other special permissions, Android gives apps slightly more leeway than iOS—you can check up on these by going to Settings and choosing Apps and notifications, Advanced, and finally Special app access.
If you think your phone might have been compromised in some way, make sure you back up all of your data first, then perform a full reset. This should remove shady apps, block unauthorized access, and put you back in control. From Android’s settings page, choose System, Reset options, and Delete all data (factory reset). On iOS, open Settings, then pick General, Reset, and Erase All Content and Settings.
Watch what you’re sharing
Apple and Google make it easy for you to share your location, photos, and calendars with other people—but only if you want to. This sort of sharing is something that might be enabled without your knowledge, or that you may have switched on at one point but now want to deactivate.
If you’re on an iPhone, head to the People tab in the Find My app to see who can see your location at all times, and to revoke access if necessary. You can audit shared photo albums from the Shared Albums section of the Albums tab in Photos, and shared calendars from the Calendars screen in the Calendar app. If you’re in a Family Sharing group that you no longer want to be a part of, open Settings, tap your name, and choose Leave Family.
Android handles location sharing with other people through Google Maps. Tap your avatar (top right), then Location sharing to check who can see your location, and to stop them, if necessary. You can check your shared photo albums in Google Photos by tapping the message bubble icon (top left), but you’ll need to open up Google Calendar on the web to edit shared calendars. Click the three dots next to any calendar in the column on the left, then Settings and sharing to see who can view your schedule.
Google Families works in a similar way to Apple Family Sharing, with certain notes and calendars marked as accessible by everyone. No one in the family can see any personal files unless you specifically share them, but if you want to leave a family group, open up the Play Store app on Android. Then tap the menu button (top left), Account, Family, and View family members. If you tap the three dots (top right), you’ll find the Leave family group option.
Protecting your accounts
With so much of our digital lives now stored in the cloud, hacking these services is arguably an easier route into your data than physically accessing your phone. If your Apple or Google account gets compromised, your emails, photos, notes, calendars, and messages could all be vulnerable, and you wouldn’t necessarily know it.
The usual password rules apply: Don’t repeat credentials across multiple accounts and make sure they’re easy for you to remember while remaining impossible for anyone else to guess. This includes even those closest to you, so avoid names, birthdays, and pet names.
Two-step authentication (2FA) is available on most digital accounts, so switch it on wherever you can. For Apple accounts, visit this page and click Edit next to Security; for Google accounts, go to Manage account, Security, and click on 2-Step Verification.
It’s a good idea to regularly check how many devices are logging in using your Google or Apple account credentials as well. On Android, open Settings and pick Google, Manage your Google account, and Security. You’ll see a list of all the devices linked to your Google account, and you can remove any of them with a couple of taps. On an iPhone, open Settings and tap your name at the top to see devices linked to your account—you can tap on one and then choose Remove from account to revoke its access to your Apple account.
As long as you have 2FA set up, any unwelcome visitor should be blocked from signing straight back into your account, even if they know your password. To be safe though, if you discover some sort of unauthorized access, we’d still recommend changing your password. It’s also a good idea to do this regularly to make sure that only your devices have access to your accounts.