Keep your phone data safe, wherever you are - Smartphone security

Smartphones are now the main focus for a growing number of malicious hackers with the ability to download and run apps and yet most devices are completely unprotected. For online criminals, the situation resembles that of PCs in the mid-1990s, except they now know how much money there is to be made from online crime.

Passwords first
Your first line of mobile defence should always be to select a password that's both memorable for you and difficult for a thief to crack. For a few years now, the best advice on creating memorable and secure passwords has been to take the initial letters of a line in a song, poem, play or book, and to make a password from those letters.

You can test the strength of passwords you generate in this way using free online web security site services like How Big is Your Haystack at grc.com/haystack.htm.

As of version 2.2, Android OS supports not only gesture passwords, but also the more traditional text-based variety. To enable a password, click 'Menu > Settings > Location and security > Screen unlock'. Also set the screen's timeout to a short period by clicking 'Menu > Settings > Display'.
To enable passwords, iPhone users should open the Settings app and select 'General > Passcode lock'. Windows Phone 7 users should tap 'Settings > Lock and wallpaper', and BlackBerry users need to select 'Options > Security options > General settings'.


Install antivirus
Spam containing malware attachments or links to attack sites, infected apps and code that exploit OS weaknesses are all starting to appear. Botnets made up of mobile devices are also becoming more common.
Most antivirus vendors now offer free versions of their commercial mobile offerings, and many offer handy package deals on their commercial versions, including protection for multiple PCs and a phone, for a yearly subscription.

Never be tempted to simply click a link that looks okay and install what purports to be a free version of an antivirus package. Check the URL; if it isn't part of a vendor's official website, don't visit the page. Fake antivirus software, written to infect your device or make you think it's protected when it's not, has now made its way to smartphones. If you've found a package on an app store, click through to the software vendor's website and download it from there.


Remote wipe
If the worst happens and someone takes your smartphone either by stealth or by force, you may also want to protect your data by wiping files and contacts quickly and remotely.

Android, BlackBerry and Windows Phone users have a range of third-party, dedicated remote wipe applications to choose from, which enable you to contact the phone and have it wipe itself. These tend to be subscription services, but prices are usually less than £5 a month, which is good value for extra peace of mind.
Alternatively, you can examine the facilities offered by different antivirus packages. Free versions, like AVG's Mobilation Free, offer local wipe facilities. However, it's not always clear if remote wipe is included or just a local wipe facility, so check with the software vendor before you part with your cash.

iPhone users can install Apple's free Find My iPhone app. This gives you the ability to sign into another iOS device with your Apple ID, locate the missing or stolen device, display a rather satisfying message to the robber, play a sound, lock the device and then erase it. The only proviso is that your iPhone must have been enabled in the iCloud settings in order to locate it.


Beware rogue apps
There's enough space on the average smartphone to contain all the apps you want and plenty more besides, but you must take care when buying or downloading new ones. With the overwhelming number of apps on offer, it's unsurprising that malware writers have turned their hands to crafting rogue versions and slip them past the checking processes at legitimate app stores.

How do you avoid dodgy apps? First, never install an app just because a friend tells you to do so in an email, text or on Facebook. After all, it may be the app sending you the request to spread its malicious payload.
Similarly, never follow a link in a text or email encouraging you to install anything. When you install an app from what looks like a real app store, examine the URL of the link from which you are being asked to download. If it isn't an official store for your phone, forget it.

Your friend may believe that he or she has found a store that sells cheaper versions of famous apps, but this alone should be enough to raise your suspicions. It's cheap or even free for a reason.
Rogue apps sometimes drain your battery quickly due to the extra activity, so check this to ensure that your shiny new app isn't doing something nasty in the background.


Share and share alike
When you install an app, you give it access to information like your location, contact details, personal ID and other data. Some apps even want full internet access.

Always pay close attention to the information an app says it needs, either at the app store itself, in the user agreement, or (depending on your phone's operating system) during installation. Some legitimate apps, including antivirus software, have a long list of required permissions. Make sure you read the entire list.
In the Android app store, for example, remember to click 'Show all' at the bottom of the permissions page to see more. If an app demands too much access to your phone and the information it contains, don't use it. There's no reason why downloaded wallpaper needs your location, for example, or why a single-user game needs access to your contacts.

source and the full story at: techradar