Privacy myths busted: Protecting your mobile privacy is even harder than you think – CNET

Settings alone aren’t enough to secure your privacy, but they’re a lot more powerful with the right apps.
App settings are a start, but they’re limited in how much protection they offer.
With increasingly invasive digital surveillance from advertisers and law enforcement over the past few years, securing your mobile phone from privacy threats in 2022 should be a key resolution. But don’t stop short. Changing a few settings in your phone and apps isn’t enough. To get the most privacy, the key ingredient to add is a suite of encrypted apps. 
Securing your phone’s privacy from groups like your internet service provider and law enforcement is a three-part process. First, you need to change several settings in your operating system — that reduces your device’s compliance with your apps’ requests for your data. Next, you manage all of your apps by deleting them, disabling them or changing their privacy settings — that reduces your apps’ collection of the data you produce. 
Dozens of settings in your phone’s operating system and within your apps would need to be changed before you could say you’d completed the first two steps. That’s why the final step — installing privacy-focused apps like a VPN, Signal Messenger, Brave Browser, DuckDuckGo and the BitWarden password manager — is crucial. Installing this suite of encryption and privacy apps makes most of the data you produce useless to your ISP and any local law enforcement surveilling you. 
Learn smart gadget and internet tips and tricks with our entertaining and ingenious how-tos.
On their own, these steps do create some minor inconveniences for an unknown portion of the advertisers that collect your data — but once you combine them with the five apps listed below, their effectiveness skyrockets, creating an impressive foundation for your mobile privacy. 
In most circumstances, police are supposed to have a warrant before they can take your phone from you and search it. Police are also supposed to be barred from forcing you to unlock your phone with biometric data like fingerprints and facial recognition. They’re also supposed to have a warrant before they can request your internet history, texts and phone call logs from websites or your ISP or phone company. Supposed to
Fact: Sometimes humans simply forget the PIN code to their phone’s main lock screen and then other people like police officers, for example, have a very difficult time accessing the phone’s contents without extended effort. Happens all the time. Another fact: You can’t say you forgot your fingerprint or face at home
Remember, however, that a PIN code only buys you more time until police crack your phone. In some cases, just an hour or so. 
Although location services are convenient, they’re a privacy nightmare.
Without a virtual private network, disabling your phone’s geolocation services is pretty much useless as a way to protect your geolocation privacy from your ISP and law enforcement. Unless you’re using a VPN, every single piece of data that leaves your phone will appear to be coming from the nearest cell tower or Wi-Fi router you’re connected to. End of story. 
Toggling off your GPS doesn’t do much. If you share a billing or service account with another person, that other person can likely track you. Some services like AT&T FamilyMap and Apple’s Find My app may need to be manually disabled or uninstalled. Review the Disabling GPS tracking section of this guide for a walk-through on doing both. 
Both Android and iOS devices still have to contend with the geo-tracking of Google Sensorvault. Disabling Sensorvault stops Google from tracking your every movement across its Maps and Location History apps.
Read more: How to turn off location services on your iPhone
If you’ve noticed interest-specific ads suddenly appearing in your browser or social news feeds, your mobile ad ID may be responsible. Your mobile ad ID is a type of tracking technology that follows you during your browsing and includes location information — a privacy vulnerability. 
iPhone users can turn this off by enabling Apple’s setting to limit any new apps’ ability to track you. Go to Settings, then Privacy, then Advertising, and toggle off Personalized Ads. This may not cover all the apps on your phone, however, so I also recommend limiting app tracking for other apps that you’ve previously downloaded. 
Read CNET’s guide to keeping your information private online. Our guide to disappearing online is also helpful if you need Google to remove you from search results. 
Digital privacy requires a series of tools to help you protect your personal data.
In the privacy settings of nearly every one of your online accounts — from your email and social media accounts to your streaming services and cross-device synced services — you’ll find an option to sign your account out of all other devices. 
While it would be impossible to walk through every possible service with you in one article, this is a vital step to securing your accounts if you suspect any other person may be able to access your location and search history from a device you can’t control. Take the time to check the settings pages of your apps.
If you’re a Gmail user, check out our walk-through on signing out across other devices. 
It should go without saying, but turn off all location tagging features for all of your social media accounts, one by one. And in each of your social media accounts — whether it’s Instagram, TikTok, Twitter, or Facebook — go through your privacy settings and disable your account being displayed in search results when people look for you. 
For help securing your Facebook account, check out our guide, or for help permanently deleting your account while still saving your photos. 
In most cases, two-factor authentication, or 2FA, will not protect your accounts if the person breaking into your accounts has your phone in their hands. That’s because 2FA normally works by sending you a text message or voice call with a passcode for the account you’re trying to log into. Some 2FA protections are customizable, however, and you can receive an email with a temporary passcode instead of a text message. 
2FA makes it harder for others to access your acounts.
Every account and service has its own process for enabling 2FA, most of which will be located in the settings menu of whichever app or account you’re securing, and are often under submenus labelled account, security, privacy or advanced options. 
Google users, you can set up 2FA by going to your Google account security page and clicking 2-Step Verification. Follow the prompts until you reach a screen titled “Use your phone as a second sign-in step.” 
As CNET’s Jason Cipriani notes, using alerts in the Gmail app is easier, but it means you have to have your phone nearby at all times and you’ll need a connection to approve the alert. So, if you’re somewhere where you have no bars — or if someone cuts off your phone service — you’ll need to be connected to Wi-Fi. 
Read moreHow to enable 2FA for LinkedIn, Twitter, Microsoft, Apple and Google
If you’re using the latest version of Android, there are new privacy features aimed at making it easier to find and restrict any apps with aggressive permissions. Check our guide to Android 12 privacy features for instructions on how you can see which apps have access to your microphone and camera.
If you suspect someone may have installed malicious apps on your phone, like stalkerware, it’s worth reviewing HackBlossom’s DIY guide to domestic violence cybersecurity for useful ways to secure your privacy. It covers methods of disabling certain privacy vulnerabilities in ways that recognize the need to be careful when distancing yourself from an abuser.
CNET’s Laura Hautala has written extensively on stalkerware and offers reliable instructions on checking your phone for tell-tale signs of malware that might be lurking in the background.
Many Android devices may have fewer out-of-the-box privacy and security benefits than iPhones, but if you’ve got an Android device you have one final kill switch. You can set up your phone so that you’re able to remotely wipe its entire contents if it falls into the wrong hands. 
In our Android settings guide, scroll down to the Be prepared to lose your phone section and read the walk-through for help getting it rigged. Important: Before taking even the first step toward wiping your device, back up your phone’s stored data on another device like a USB or removable hard drive. 
One final tool that may be useful to some of you is a digital dead man’s switch. If your phone is taken from you and you’re arrested, you could arrange a dead man’s switch to email a trusted ally with login information and instructions for remotely wiping your phone.
One option is the Dead Man Tracker app, which can notify certain people in the event you don’t respond. A second option that isn’t an app is the Dead Man’s Switch site. It sends an email to previously selected recipients. Note: I haven’t personally tested these two, so read the terms and privacy policies carefully before using, and test in advance. 
Put privacy back in your hand with the right blend of settings and apps.
While changing these settings is a great start toward improving your privacy in the year ahead, they’re only a half measure. To better protect yourself, install the following privacy-focused apps to protect your data from your ISP. 
Make sure you download the app directly from its verified developer and not a copycat. Signal’s desktop app is also a more private replacement for instant messaging platforms like Slack, or Facebook’s Messenger and WhatsApp. Martin Shelton, of the Freedom of the Press Foundation, also has a 5-minute primer newcomers should read on getting the most out of the app. 
Surfshark is one of the best VPNs available.
Without a VPN, your ISP and mobile carrier can usually see your Google searches. Police regularly get customer records from AT&T, T-Mobile, Verizon, or any other cell provider. Police also regularly get their hands on records from Google, Bing, Yahoo and other search websites — all of which can let police trace your searches to your phone. Surfshark is the cheapest VPN I trust (for now). You can get one month of service for $12.95 with a 30-day money-back guarantee.
A browser that leaks information can cancel out your VPN’s ability to cover your tracks, leaving your traffic exposed to your ISP, law enforcement and any sites you visit. Switch to the privacy-focused Brave Browser. Brave isn’t owned by Google, but any extension you can install in Chrome — like the extensions for Surfshark VPN, BitWarden, and DuckDuckGo — you can install in Brave Browser. Avoid using Google as your search engine and instead switch to DuckDuckGo — the privacy-focused search engine that keeps little to no information about the searches you use it for. 
After installing BitWarden via the App Store or Google Play, also consider installing the app on any laptops you have and install BitWarden’s extension in your browser.

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported