Body
Mobile Devices generally refers to phones, tablets, and other devices running Apple iOS or Google Android. Their centrality to our lives, their portability, and their contact with the Internet and use of third-party applications make securing them important.
Audience
Everyone
Platforms
Apple iOS, Google Android
Why Update?
Nothing is more important for protecting your phone from malware and other cyber threats than ensuring the operating system (iOS or Android) and all your apps get security updates automatically. Updating automatically also ensures you have the latest features and functionality.
Older devices and apps for which security updates are no longer available are risky and must be retired. Ithaca College policy requires any computers or mobile devices used to log into College systems or services must have currently supported operating systems and other software and have security updates applied within 30 days of release, preferably 14 days. This includes personally-owned devices. (See section 2.10.5.4 Computer and Mobile Device Security of the Information Security Policy)
How to Enable Automatic System and App Updates
iOS System Updates
- Go to Settings > General > Software Update.
- Turn on Automatic Updates if it’s not already.
iOS App Updates
- Go to Settings > Apps > App Store (not Apple Store).
- Turn on App Updates if it’s not already on.
Android System Updates
- Depends on manufacturer
- Samsung phones - Open the Settings > System Update.
- Google phones - Open the Settings > System > System Update.
- Turn on Automatic system updates if it’s not already on.
Android app updates
- Open the Google Play app.
- Tap your Profile picture at the top right.
- Go to Settings > Network Preferences > Auto-update apps.
- Choose your preferred option:
- Update all apps over Wi-Fi or mobile data
- Update with limited amount of mobile data
- Update over Wi-Fi only
Don’t auto-update apps
Enable Auto-Lock
Most phones have this set as the default, but if not, set your phone to auto-lock after a period of inactivity. And, require a passcode/PIN or biometrics (face-recognition or your fingerprint) to unlock it.
- Which inactivity period you choose depends on your needs, but five minutes is reasonable starting point for most people. This will help protect your phone and data if you leave it unattended or it gets stolen.
- Which verification methods you enable for unlocking your phone depends on your preference and what you want to protect against.
- You may want to look into legal arguments surrounding passcodes vs. biometrics and your 4th and 5th Amendment rights.
Other Best Practices
- Secure your Apple, Google, manufacturer, and phone company user accounts. These accounts can access your data or associate another phone with your account. Use a strong password that you don't use on any other accounts and set up multi-factor authentication.
- Don't jailbreak your phone or use untrusted app stores. Much of the security of mobile devices rests on only running trusted apps that have been vetted. Jail-breaking a device to allow it to run other software opens it up to attack.
- Be selective in what apps you install and what permissions you grant them. Review your apps' permissions and choose which to all to access your data, use your location information, or enable your microphone or camera.
- Configure remote wipe capabilities. Having the ability to remotely delete the data on your device can help protect your data if your device is lost or stolen.
- Report stolen or lost devices as soon as you are aware that your device is missing or has been stolen. It is useful to know your device’s serial and IMEI number in the event of theft.
- Before selling or discarding a device, be sure to erase all data. Do not sell, trade-in, or recycle a mobile device before erasing all of the data stored on the device. Refer to the device manual for instructions on how to completely erase the device.