Posted 15 Jun 2011
Cell phones are like drivers licenses. It's really hard to function in the modern world without one, but they reveal a lot of information about you that you might not want to share.
Fortunately, most people won't try and verify the weight you put on your drivers license, and there are a lot of great ways to protect confidential information with cell phone security.
Unfortunately there are too many service providers, too many types of phones, too many different countries, a lack of fully developed solutions, and not much compatibility across them all to give you one simple solution to your mobile privacy needs.
This is an overview of the information that you might want to keep private and a few general ways to do that, mostly for smartphones, but not-so-smart ones can be more secure as well. With this overview, it should be easier to discover and implement your optimum privacy configuration.
Laws are different everywhere. It may be illegal in some places to use some of these cell phone security tools or techniques. Do not use any techniques that will violate the law.
That will negatively affect your privacy much more than if you had complied with the law and not used that tool.
When you buy a phone, your name is usually attached. You sign a contract or you make payments with a credit card, or do something else that ties all of the activity on that device to you.
Keeping subscription information private prevents corrupt governments from accessing that information with or without warrants, subpoenas or due process to silence dissidents, jail peaceful protesters, and hide abuse.
It also prevents hackers and rogue employees from compromising networks and databases to steal the valuable data.
Prepaid Cell Phone – Prepaid cell phones can still be purchased for cash without a contract. Minutes can be reloaded with cash as well. You can use the prepaid cell for all of your communications, or just for the most sensitive communications. After a while, the prepaid phone will probably gather enough data to identify you. Replace your prepaid phone often.
Most phone numbers can be found in online directories. Those directories are compiled by the vast amounts of data that thousands of companies gather from their customers. If you give a number to a company, or even give them a call, they probably record that number in their database. Your number then might be shared, sold and copied many times by hackers, corrupt governments, thieves and stalkers.
Your phone number can be a key piece of data to paint a data profile that identifies you and a lot more information about you. Hackers, thieves and overly curious stalkers could easily use your phone number to cause you harm.
Unlist Number – Ask your service provider to unlist your number. Contact the databases that collect this information, like Intelius and Acxiom, and follow their procedures for unlisting your number. Stop giving out your number or give out a fake number to people who don't really need it.
Block Caller ID – Many carriers will allow you to block caller ID so that the people you are calling can't get your phone number. In the US you can block caller ID before an individual call (for a price) using *67.
Call Forwarding – You can sign up for call forwarding that forwards calls from your public number to your private number, keeping your private number confidential. Google Voice is a helpful free call forwarding service.
SpoofCard – With Spoofcard it can appear that you are calling from any number you want, protecting your actual number.
Your general location is constantly triangulated by your service provider's cell towers. Your precise GPS coordinates and the WiFi networks you are close to can be monitored and recorded as well. When you use your device, the location is logged.
Corrupt governments can access this data with or without warrants and thieves can use it to target your house when you are on vacation. The cell phone can also be pinged at any time to determine its location, even if you aren't using it.
Prevent Unwanted Tracking – You can turn your cell phone off to make sure that you aren't connecting to any WiFi, your general location isn't being triangulated, and your GPS coordinates are not being tracked to increase your cell phone security.
Malware can continue to broadcast location information, even when the phone is switched off, although it is not common. To prevent surreptitious tracking, remove the battery.
Every phone has lots of information stored on it like contact lists, calendars, text messages, photos, call logs, browsing history and much more. The most basic aspect of cell phone security is securing the device itself.
Corrupt, over-criminalized governments that gain access with unjustified searches could use this information to convict you of ridiculous crimes. Sneaky competitors can get inside information that harms a business if employees and owners don't use good cell phone security. Thieves and snoops could get vital information like bank records, passwords, and many other pieces of information that might be on your device.
Settings – Many phones allow you to adjust settings to store less history on the phone itself. This way your old text messages, call logs and other sensitive items can be less vulnerable.
Password Protect – This isn't just to prevent butt-dialing. This also keeps out the curious. Most thieves, illegal government searches and hackers will easily get around the password protection unless the phone is encrypted.
Delete – Regularly delete unwanted data. Just like a computer, its not really gone until it gets overwritten, but at least novice thieves and the casually curious won't get it.
Don't let your phone out of your sight – All someone needs is a few minutes with your phone to install software or hardware that can overcome almost any cell phone security precautions you have taken. If someone that you don't trust has had access to your phone, you may think twice about trusting it.
Wipe/Remote Wipe – Some phones allow you to completely wipe the phone memory remotely. If your phone is lost or gets stolen, you can make sure that data won't be compromised. Every provider also publishes steps needed to wipe a phone before you dispose of it.
Full Encryption – Full encryption is ideal to make sure that all the data is well protected from all but the most sophisticated attacks. The best encryption is open source, since there will be no entity that could provide a back door. There are few open source options available right now, so using a trusted encryption program is the next best thing.
Partial Encryption – Many smartphone apps allow you to encrypt certain types of data on your phone while the rest of it is not encrypted. It can be tricky to make sure there are no unencrypted copies of the data somewhere else on the phone, but partial encryption can be useful to save certain confidential files. Again, open source is best, but trusted encryption software is also good.
CellCrypt Mobile (Blackberry, Nokia)
Usually when you have a confidential call with your business partner, your spouse, your attorney or your doctor, nobody else is invited to the conversation.
Cell phone networks around the world allow governments to secretly listen in on those conversations without a warrant. Rogue employees can listen to those conversations too. There is even a slight chance that malicious software is installed on your phone to capture your voice conversations.
Voice Over IP (VOIP) – Many phones let you use VOIP to communicate over the internet instead of over the network which may be compromised by secret wiretaps. A VOIP app might be available or you can use VOIP through your phone's internet connection. You will still have to trust that the VOIP service is not eavesdropping.
Open source VOIP software is best, trusted software is good too. Some common software that is free but not open source is Google and Skype. None of this will stop malicious software on your phone from spying on you.
Antivirus – Although it is still rare, phones can be infected with viruses and malware, just like a computer. But, there is antivirus software for cell phone security, just like for computers. You can use that software to protect yourself from viruses.
You can also protect from viruses by not opening suspicious email attachments and not clicking on sketchy links like you would on a computer. You can also make sure to download only trusted apps.
Text messages are very unsecure. They travel through the network unencrypted, are stored on your device and might be stored for a long time.
Text messages are available to just about anyone who gets any access to your phone like corrupt governments, clever hackers, thieves, and unscrupulous competitors. They get it by accessing the network, accessing your provider's records, accessing your phone, and many other ways.
Secure Text Message App – There are some apps available that encrypt your text messages both in transit and at rest on your device.
Instant Messaging – There are several web based IM programs and IM programs designed for different phones that are encrypted and protect your cell phone security and text communications much better than old fashioned text messaging. Unless the IM software is open source, you still have to trust the source, but it is probably better than trusting a large provider.
Voicemail is stored by your service provider on their server.
Rogue employees, corrupt governments and hackers are the most likely to have unauthorized access to voicemail information.
Encrypted Voicemail – Some VOIP services will also offer encrypted voicemail. You still have to trust the VOIP service, but a small offshore VOIP service is less likely to reveal confidential data than a larger service provider.
Smartphones not only take photos, but they usually add a lot of hidden data to the picture file, called EXIF data. It can include time, date and GPS coordinates, among other things. Any photo that you email or upload from your phone might have this identifying EXIF information in the file.
Turn GPS Tracking Off – Some phones let you turn off geo tagging in the settings. Turning geo tagging off can prevent the data from ever being added to the picure file.
Wipe sensitive data before uploading or emailing – There are several programs which let you remove the EXIF data from images. That way you can send and share images without sharing the identifying information.
Mobile apps let you play cool games and have powerful business tools at your fingertips, but many of them can be mining a lot of data that you wouldn't want to share. Linked-In, for example, stores your username and password in plain text. Since most people use the same username and password in many places, this is very damaging information that is very unprotected. And there are lots more apps that do similar things. Some apps even have malicious code hidden in them.
Use Trusted Apps – Minimize your usage of apps or only use trusted apps to increase your cell phone security. Research what data they access and then use them only if you are willing to share that information and are sure there is no malware in them.
Email is the digital equivalent of a post card. The message passes through the hands of many servers en route to its destination and everyone along the way can read it. At the very least your email provider will have a log of your emails which can be subpoenaed or peeked at by corrupt governments.
Encrypt Email – You may be able to encrypt the emails that you send from your device so that nobody can read them in transit or at rest. If the recipient is also using proper encryption, the message may be protected from end to end.
Your internet provider can see every website that you visit and they can see every wireless network that your phone connects to. Your browser can see every term you search for.
All of this data is readily available to rogue employees and corrupt governments. In many cases it may be sniffed out by clever hackers and sneaky competitors. Most of this data is also stored right on the phone where anyone that has physical access, even the casually curious, can find it.
Use Anonymous Web Surfing – Some phones let you use VPNs like the Tor network so that your carrier, the web browser, and the websites that you visit can't see where you go on the internet. The VPN records would only be available to corrupt governments if the VPN is in a cooperative jurisdiction.
This is just an outline of what is possible. There is no single cell phone yet available that can accomplish complete cell phone security. You may only be interested in a few features.
Figure out what features you want and what is most feasible to protect as much of your confidential communications using your cell phone or smart phone as possible. Check out the book How To Vanish for more tips on protecting your phone communications.