Each of these planes works slightly differently, and the result is ambiguous to the end user. While app installs ask for permission to access various features, it is not clear what and when they collect those already running in the background.

Tracking data related to the operating system

This plane is associated with setting up a mobile device, which includes linking a smartphone to an email address, Instagram, Facebook, VK and messengers. When using them, the user's phone is linked to the accounts of these programs. This integration is a „storehouse of knowledge“ about user behavior, preferences and online activity.

That being said, it should be added that, unlike a web browser, we do not delete the history of our activities in a social media application, for example, by clearing cookies or cache. These apps often combine activity data based on a user's ID already registered with the social app.

As a result, the range of sites and their topics that the user is interested in are actively monitored by the developers. What the user does later (for example, change the phone to a new one) is also added to the tracked activity.

User tracking based on web browser activity

In this plane, the smartphone collects data about the user based on the pages and content viewed using a web browser. This allows companies to know the preferences of smartphone users and, therefore, better target advertisements to potential customers who have visited this site.

User tracking based on installed apps

Most mobile applications require permission to use certain phone resources in order to function. However, applications often request access to more permissions. In addition, there are many mobile applications that log user activity and forward it.

An example of such an application is Brightest Flashlight Free, an alternative version of the flashlight. The installation and launch of the program ends with the immediate sending of user information to the developers.

What data can criminals get?

If you haven't delved into the settings, then your phone performs the programmed functions, which means that it owns by default data about your location and a certain set of files that you store in galleries or receive from friends in instant messengers.

The phone can also eavesdrop on your conversation and transmit information about it, even without a bug installed by hackers.

This is done very simply: when you first download an application that asks for access to the microphone, you need to answer: do you allow to use it or not. Of course, in order for the application to work in full, you have to give your consent. This is where wiretapping can begin.

Why is it so important?

Because any of your data can be used against you. For example, you may be framed or blackmailed because of your photos and correspondence. Your conversations can be recorded for the same purpose. We're not talking about your bank account data and how important it is to protect it. But we hope that you already understand that privacy is really important.

Now you have to give up audio messages and calls?

Not really, because if an app eavesdrops on you, it does so to figure out which ad to show. And the bot is listening to you, not an FSB officer or a hacker. We think that if you threatened the security of the country or people, you would not need to read this article, because you would be able to protect your gadget from eavesdropping anyway.

So paranoia is useless here, although it is definitely worth thinking about the very fact of the existence of such bots.

What about geotags?

Since all calls go through a telecom operator, nothing prevents him from tracking your location. Remember the geotags that you indicate on Instagram. In theory, from your posts on social networks, you can easily understand where you are. It is unlikely that anyone will need to look for you so meticulously, but if you are under the threat of stalking, then you need to bear this in mind. And your geodata can also be received by some applications that you allowed it during installation – fortunately, you can always go to the settings and cancel the transfer of geo-location.

How do you know if an application is safe?

At first glance, this can be difficult to do. Scammers know that good design and visuals can make anything look like a trusted source. Of course, if the program forces you to allow access to your SMS messages or settings, this is suspicious, and it must be removed.

But it also happens that applications exploit a vulnerability in the operating system without prior agreement.

Then you will notice that something was wrong only when something really happens – for example, the money from the card disappears. Therefore, always install programs from the official Google Play, Yandex.Store and App Store markets – this is safer. Be sure to read the reviews and see if this developer has any suspicious apps called „battery saver“ or „wifi everywhere.“ And always check the permission for what actions the application is asking for.

Is it safe to update my phone and apps?

In the case of official releases, yes. Responsible developers always write what flaws in the phone they fixed, and scammers use this and create malware for them. But we still advise you not to rush to update and wait for the first reviews. It happened more than once that incomprehensible bugs were found in the new version, so it is better to install the update when it becomes clear that it has been finalized to the end.

Programs that protect the smartphone from unauthorized interference

Hardware and software protection

Hardware and software protection cannot guarantee 100% protection against illegal copying and hacking, but a guarantee with a probability of 85-99% is much better than nothing. Traditionally used solutions: hardware keys (connected to com, lpt or usb connectors) for expensive (from $ 300-400) software or software binding to a specific computer configuration used for inexpensive software. Altruists are worthy of the highest respect who distribute their own software development for free or with a price indication, but without any protection. It is noble to bet on the conscience of users, which will make them pay, but, alas, given the current economic realities, it is not very practical.

When deciding how to most simply, quickly and reliably protect programs of my own development, distributed on the Internet, I proceeded from the following considerations:

Protection must be reliable, effective, but at the same time easy to install and use;
I am currently unable to develop software protection that can resist qualified hackers (more precisely, crackers), so you should use the professional development of a third-party manufacturer;
Selling software, I want to make money, but I am currently not ready to invest a large amount of my own in an expensive security system – a typical situation for a novice developer. And the point here is not greed as such, but the fact that you do not know how successfully your own development will be bought, therefore, a completely free protection system or with the possibility of subsequent payment is desirable.
The programs will be distributed on the Internet, so the option with the use of protection on hardware keys-plugs does not work in principle. Firstly, it is too expensive, since the cost of the hardware key is more than the cost of my program, and secondly, it is inconvenient, since the hardware key cannot be sent to the user over the Internet.

Protection from Software Activation Service

We managed to find software protection that meets the formulated criteria surprisingly quickly. Moreover, the solution turned out to be not only free, but also linked to the service of the large electronic payment system WebMoney Transfer http://www.webmoney.ru(at the time of writing the article, the system has more than 540 thousand registered members, with a daily increase of about 700 new users). Integration with the electronic payment system is an additional plus that allows users to pay for the software product as quickly as possible and saves the author of the development from many problems associated with accepting funds. The disadvantage of the chosen protection system is that in order to activate the purchased program, the user needs to access the Internet, but this is not a disadvantage for my version of distributing a software product that was originally oriented towards the Internet. The need to install software (software) from the WebMoney Transfer system is also not a big inconvenience, since the program does not take up much space, and the installation process is elementary.

Protected by Software Activation Service (http://www.softactivation.com/) it is proposed for buyers participating in the WebMoney Transfer system to use KeeperID instead of HardwareID: a unique identifier for the WebMoney Transfer user, which is a function of the system user's identification data and the product code (that is, a certain unique ID). The developed method of „binding“ the registration code or key to the buyer is such that no one can use the purchased program on a computer that does not have WebMoney Transfer system client software – WebMoney Keeper Classic and files for working with the account of a particular buyer of the software product in this payment system. But, if the developers stopped only at this, the following unpleasant scenario would become possible: An attacker who decided to make money by selling a program protected by WMID, registers in the WebMoney Transfer system under a fictitious name and transfers to his wallet exactly as much money as is necessary to purchase the program. Writes the purchased program and registration code to disk. It also writes down its WMID, password and key files. Attached to buyers instructions on how to install WebMoney Keeper and log in to the system using the specified WMID! That's all – the program has become the property of pirates. The algorithm is simple, but in reality not everything is so simple if the Software Activation Service is used. That's all – the program has become the property of pirates. The algorithm is simple, but in reality everything is not so simple if the Software Activation Service is used. That's all – the program has become the property of pirates. The algorithm is simple, but in reality not everything is so simple if the Software Activation Service is used.

Software Activation Service сервис

Any shareware developer can register for this service for free. To register, you need to become a member of the WebMoney Transfer system, registration in which is also free. By registering on the service, the developer can add his new software products to the service database. The product being added is described and the activation policy for the product registration code is configured. You can set how many times the customer will use the registration code received upon purchase. By setting the value of this parameter equal to three, you can allow the WebMoney Transfer member who bought the program to install and run it at home, at work, and also provide one backup installation (which may be necessary, for example, in the case of reinstalling the operating system). The mechanism of control over how many times the buyer of the program is allowed to use the registration code received upon purchase, allows not to fear that after the purchase the product will end up on one of the pirated CDs. The developer of the program does not need to handle such moments as reinstalling the system or changing the network card, which lead to a change in the HardwareID for software protection built using generally accepted methods. In our case, at startup, the program will say that the user has entered the correct registration data, but the registration code has not been activated for use on this computer, which means that it is impossible to work with the program. The developer of the program does not need to handle such moments as reinstalling the system or changing the network card, which lead to a change in the HardwareID for software protection built using generally accepted methods. In our case, at startup, the program will say that the user has entered the correct registration data, but the registration code has not been activated for use on this computer, which means that it is impossible to work with the program. The developer of the program does not need to handle such moments as reinstalling the system or changing the network card, which lead to a change in the HardwareID for software protection built using generally accepted methods. In our case, at startup, the program will say that the user has entered the correct registration data, but the registration code has not been activated for use on this computer, which means that it is impossible to work with the program.

Registration code activation is an online procedure that requires a command to be executed on the Software Activation Service server. The command parameters indicate that such and such a WMID asks to activate the registration code for such and such a program. The service extracts from the database the maximum possible number of activations for a given software product determined by the developer, the number of activations of the registration code of this product made by this WMID and compares. If activation is possible, the activation code is returned, which is saved on the computer. The procedure is over, the program has been successfully registered. An activation code is data that is unique for each workplace, program, and WMID, so copying the activation code to another computer is useless – by executing it, an attacker will not be able to launch the program.

The software developer will benefit from the additional features provided by the Software Activation Service:

„Black list“ for WMIDs of „unreliable“ members of the WebMoney Transfer system, who will never be able to activate the registration codes of your products obtained by illegal means. This solution is more convenient than flashing data about „stolen keys“ in a HardKey or ASProtect project file, since the service is online and at the time of activation, the latest data from the „black list“ is used. Of course, the developer can cross out the „corrected“ WMID from the list;
resolution of disputable situations: the user of the program could, for objective reasons, use up the limit of activations allocated to him. If his arguments are convincing, then he can increase the allowed number of activations.

Smooth only on paper or pitfalls of using protection

It is known that the description of the operation of a system in theory is often at odds with its behavior in practice. Striving for the most objective assessment of the presented protection system, I will focus on one unpleasant moment that I had to face when using the HardKey License Manager Lite WM Edition: one of the computers had problems with activation. The user received the following message „An error occurred while activating the registration code. Error code: 22 „. Moreover, the activation error in the dialog message was attributed to an error of an unknown type, therefore, not being able to independently figure out the reasons for its occurrence, I was forced to contact the developers of the protection system. With the help of a very promptly answered support service, I was able to find out that such a situation can arise in the case of
„Talk“ to the Software Activation Service server (that is, the XML request cannot be processed correctly). In the course of communication with a user who had problems with activating the program, it turned out that although he is using the latest version of WebMoney Keeper Classic 2.2.0.8, this is not enough for successful activation, since the program does not want to „befriend“ the Microsoft Internet Explorer version: 5.50.4522.1800IC. In a private correspondence, the user said that the Internet browser was installed from a pirated CD (once again to the question of the inadmissibility of using pirated software, which may be incomplete, damaged or contain viruses !!!). The activation issue was successfully resolved by reinstalling the browser (probably taken by the user from a more recent pirated disc).

Having told about a single case that caused overlays with the use of specific protection, I will share general considerations on the account that, although any protection is useful, it complicates life not only for users, but also for the developer. If a programmer could write a program without major or minor errors the first time, then the number of software product releases would be several orders of magnitude smaller. The more complex the software product, the larger the volume of the program code, the more difficult it is to test it and track possible errors. Errors are made not only by developers of application programs, but also by operating systems (OS). Let's remember, for example, the widespread Windows NT OS for which Macrosoft has released as many as 6 service packs. Each of them eliminated several dozen errors made (including errors related to system vulnerabilities, that is, with the possibility of obtaining unauthorized access to OS resources). By adding a protection module to your program, you protect your work from the encroachments of computer pirates, but the protection system is also a program code written by another person. This code should, for example, in this case, determine the parameters of the user's computer to generate a unique binding code, report this data to the server, and perform a number of more complex operations. A conscientious developer of the security system tries to test his creation as fully as possible for the absence of errors, but you can't foresee everything. Therefore, a situation is possible when your program will work poorly for the user (or will not work at all), not only because of your own errors, but also because of errors related to protection. Consequently, using protection systems, be morally and financially prepared for the fact that some users who bought your software product will have to return their money, since the program does not work on their computers. As a consolation, I can only say that without using the protection system, the software developer incurs much more losses from pirates than those that sometimes take place due to the incorrect operation of the protection system.

Password protect apps

AppLock (от DoMobile Lab)

AppLock is a popular Android lock and is preferred by a lot of users. You can use it to password protect any specific application on your phone and prevent unauthorized access. This allows you to hide photos and videos from the gallery and save them to private storage.

After installing it for Android lock, you need to create a master template lock and use it every time you access the app. You can even hide the app icon from the list to prevent attackers from easily gaining access to it.

In addition, you can set different profiles to lock different apps, add fake cover to locked apps, enable fingerprint recognition, and more.

Norton App Lock

Norton is a big name in the antivirus vendor space. However, the company also offers a free Android app. You can lock your programs with a PIN or pattern or fingerprint scanner. In addition to protecting your apps, you can also protect photos, prevent deletion, and capture images from intruders.

Norton App Lock provides a list of recommendations where it suggests which apps you should block. It has many features. But it can still be a good choice and does its job well enough.

AppLock-Fingerprint Unlock от Cheetah Mobile

AppLock-Fingerprint Unlock by Cheetah Mobile is a lightweight app blocker for Android that allows you to use your fingerprint sensor to lock access. You can also use a pattern or create a numeric PIN to lock your phone app. Besides the standard locks, you can also use it to block Wi-Fi, Bluetooth, incoming calls, and phone settings.

It has an „Intruder Selfie“ feature that can snap a photo of someone who can't unlock your apps. You can also customize the blocking mode and set a timer for it. It's completely free with no ads.

Privacy Knight — Privacy Applock, Vault, Hide apps

Privacy Knight is one of the best Android apps that covers some great features to keep your programs safe. It contains no ads and does not contain any in-app purchases. It provides you with various ways to block.

You can use PIN / pattern, fingerprint scanner, face tracking or cover disguise, for example, to blow, shake, or use an emergency message to unlock. You can hide private photos and videos, prevent app uninstallation, hide notification preview from apps, and more.

It can also display an image of anyone entering the wrong password. Although it is not as popular as other Android app lockers, it has almost all the basic functions.

Smart App Protector

And this is a pumped up variation on the theme of the previous application. In addition to restricting access, you can also monitor those users who are trying to access password-protected content. To do this, Smart App Protector uses the front camera, and as soon as someone enters the wrong password, the app takes a picture of it.

Perfect App Protector

And this tool differs from the first one in that it can hide password-protected applications, has administrative rights (other users cannot delete it while the feature is activated), a fake fingerprint scanner and fake error notifications. The last two features are designed to confuse the cracker and prevent him from reaching your content.

Visidon Applock

Unlike the aforementioned counterparts, Visidon Applock is based on face recognition technology. If the application does not recognize the owner, then in this case, you can use the previously specified password. To avoid such a situation, you need to upload several of your photos to Visidon Applock at once. The tool can also be given administrative rights, making it extremely difficult to remove it.

Smart Lock

Smart Lock provides reliable protection not only for applications, but also for individual files and folders. In total, Smart Lock has three tabs: applications, media and contacts, however, the latter is not active yet, but the developers promise to fix it soon.

Installing the application on Android

Step 1. Download Smart AppLock.

On Android smartphones, you can install applications in two ways – using the Play Store, and also manually using the APK file with the installer of the selected game or application. Both of these methods can be easily locked with a password using Smart AppLock.

Download Smart AppLock from Play Store

Smart AppLock is a tool with which we can enter different types of locks in your phone's password. The main function is to block access to selected applications without requiring any PIN. Without a PIN, it will not be able to launch the application, which is useful, for example, to provide social applications such as Facebook, Instagram and Snapchat.

However, we will use Smart AppLock to block the services required to install new applications so that no one who does not know the PIN can install anything on our phone.

Step 2. Set up app lock in Smart Lock app

After the first activation, we will be prompted to create a PIN, which we want to block access to various functions of the phone. Create a PIN by entering it twice and confirming with the bird in the lower right corner.

Click the plus button at the bottom of the screen to display the additional services and applications screen in the block list.

In the list, you will find all your apps on your phone. To block the ability to install new applications, select the following items:

Package Installer (responsible for manually installing applications from APK files)
Play Store

It is also worth noting the settings app that no one in our absence should try to bypass the blockade or change the settings, although this is not required.

Choosing these two options to do this without a PIN will not be able to access the Play Store (so you cannot install apps) and you cannot install the APK file of the application (you will be prompted for a PIN).

That's not all. In case someone misses any blocking (for example, installing an application remotely through a computer), it is worth activating the ability to automatically block newly installed applications. To do this, go to the Smart AppLock „Settings“ tab, and then select the „Additional Locks „ option .

A new window will appear where you can activate alternative lock options for various functions on your phone. In the list, you will find an option named „New automatic blocking of the application“ (the full name of the part does not fit) with the Play Store icon. Check this parameter.

From now on, additional locking is enabled, which means that even if someone overrides the security and installs something on our phone, such an application will be automatically locked with a PIN code and it cannot be activated.

Step 3. Make sure Smart AppLock is not blocked by battery saving features on your smartphone

In the comments on Smart AppLock, you can often find negative reviews in which users claim that the lock only works for 15 seconds and then turns off. Most often they are the owners of Huawei smartphones and tablets. This makes sense, and it follows that Huawei Devices have an aggressive battery saving feature, killing applications running in the background. In short, after a while, the system simply disables the Smart AppLock and therefore any locks to save battery life.

To protect yourself from this, mark the Smart AppLock as important, which should not be obscured by energy saving features. On Huawei smartphones, go to Settings> Advanced Options> Battery Manager> Protected Apps.

A list of applications will appear where you should find the AppLock application and mark it for protection. Thanks to this, he will be able to work after the screen turns off and continues to lock. A similar thing needs to be done on newer Samsung smartphones, which also have aggressive battery saving options and disable apps running in the background.

I think everyone got into a situation where they want to show some kind of picture or photo to friends. But there is also often a situation when friends can flip through a photo with one light movement (swipe) and see what they should not see 🙂 There are several simple ways to hide images and any other files from prying eyes, these methods will be discussed speech in this article.

Pinning an application

Starting with Android 5.1, Android has a „pinning application“ function. This mode allows you to display and work with only one selected application, without accessing others. It is easy to do this:

Go to „Settings“, section „Lock screen and security“> „Other security settings“
Run the program you want to pin
Tap on the „Recent Apps“ button and then tap on the pin icon
Press the „Launch“ button to pin this application

Android phone protection

I helped her with the computer remotely via TeamViewer, the old version of Ardamax Keylogger was installed on the computer. But it turned out that she was also being followed using her phone. The most interesting thing is that the Anti-Virus for Android installed on her did not find anything suspicious. Then I decided to do something differently, not to search remotely for a needle in a haystack, but to install a firewall / firewall for it and cut everything suspicious that tried to knock on the network.

Protecting your Android phone remotely is difficult. Rooting the phone was quite problematic, and not safe when it comes to ordinary users, we have already talked about the consequences of Root in terms of security in the article „Security of a Rooted Smartphone“.

Therefore, my choice fell on a free firewall, which does not require root rights to work. By the way, a couple of years ago there was no firewall for Android that did not require root rights.

Firewall for Android without Root

A few words about the terms used in this article. Human language about what a Firewall / Firewall is. Firewall is a program that allows you to filter all outgoing and incoming traffic. And traffic is data that passes through networks from a computer or smartphone to a site, or between them.

Firewall without Root: Installation

First, let's download the app. Download Firewall without Root for free on Google Play.

After you follow the link, the application page will open. As you can see, the rating of the application is 4.4. A rare app on the market can boast of such a rating.

Click on the „Install“ button.

It is good news that the application does not require special permissions, and this is a very good sign of friends.

Click on the „Accept“ button.

After the application has been downloaded and installed, click on the „Open“ button

Installing Firewall without Root

The application is installed. You can start the application by clicking on the „Open“ button, but it is better to close all windows and reboot the device.

Firewall without Root: Configuration

After rebooting, we will see such a window. In which we are offered to launch the application. Before starting, I recommend ticking the box „Automatically turn on …“

Launching the Firewall application without Root

After starting, a system warning window will appear. We read and boldly click on „OK“. I will explain later what this means.

VPN connection request

The second after the “ Home “ tab, in which we launched the application, is the “ Pending Access “ tab. On this tab, you can see all applications that are trying to connect somewhere from your device. Why somewhere? Because each application connects and sends information to different servers.

Every time when some new or installed application for which there is no previously created rule in our application will try to send information or try to connect to remote servers, you will see an alert on this tab.

Pending Access

Now it's up to you whether, for example, the Chrome browser will work or not. What you consider to be trusted – allow, what is not – forbid. Anything that should not, in your opinion, have access to the Internet should be turned off. For example, you are not using a camera, then feel free to turn it off. Or, for example, an album of photos, a music player, all these applications have nothing to look for in the internet, so feel free to prohibit it.

If you are seriously concerned about the anonymity of your mobile devices, then I recommend reading the article „Android Anonymity“

For example, I recently needed to record a telephone conversation. As you know, there is no preinstalled application in Android, so I had to search in Google Market. I installed a dictaphone, but from the very first minute it started trying to send something somewhere. Turning on the logic, I decided that he had nothing to do on the internet, this is a local application, this is not Skype or Viber, and he just needs to record a mobile conversation, and as a result turned it off. At the moment, the application works fine without network access. And there will be a need to update it, I will do it through Google Play, which, by the way, I allow access only in cases of need to update installed applications.

On the “ Applications “ tab, you can see all installed applications and the rules for them. There are two empty boxes (squares) next to each application.

The first is access to the network via WiFi.
The second square is access via the mobile network.

Programs

By clicking on each of them, the user can set the settings. Enable or disable network access. You can block this or that application selectively. To save traffic, you can, for example, block YouTube or another gluttonous application by checking the ban only for the Wi-Fi field. This can be a very useful feature in terms of bandwidth savings.

The “ Global Rules “ tab offers to manually block this or that resource by IP or by name. It may be some kind of site or some kind of left-wing Chinese server, on which Chinese non-name smartphones and tablets so often knock (leak information).

Global rules

Well, the last tab is “ Event log „. Here you can see everything that is happening at the moment on the network. All applications that interact with the network in real time. Looking here, you will be surprised when you see that your phone is constantly sending something somewhere.

The event log

The program marks all allowed applications in green, and blocked applications in red. It also provides information about the remote IP and the exact time of the event.

Firewall without Root: Usage

My friends, the Firewall without Root described in this article is an application that must be installed on your Android device, smartphone and tablet. Also, the protection of the Android phone can be improved by another similar application such as DroidWall, but it requires Root.

From now on, it's up to you to decide what is on your phone, where and when it connects, what it uploads and what it downloads. The method described in the article does not give a 100% guarantee, but it greatly improves the protection of the phone.

That's all. Taking this opportunity, I would like to thank everyone who likes our articles on social networks. Without your likes, it is difficult for us to understand what you like and what we should write about in our subsequent publications. Thanks again!

How to protect your phone from wiretapping

Here are some ways to help protect your mobile phone from wiretapping and unauthorized interception of information.

Set a strong password

A password can prevent malicious software from being installed without the user's knowledge. On phones running the Android operating system, it can be of three types:

PIN code;
a combination of letters and numbers;
pattern key.

To set or change a password, you will need to do the following:

go to the settings menu;
go to the „Security“ section;
select the item „Screen lock“;
choose the appropriate type of password and set it.

Now, to unlock the screen, you will need to enter information known only to the owner of the phone.

The password must be strong. A complex combination of letters and numbers is ideal. An intricate pattern will also work. This greatly improves the security of the phone.

Modern models of mobile gadgets support unlocking by biometric parameters. It could be a fingerprint or a face photo. If your device supports a similar function, it is best to use it. It provides more security than a classic password or pattern, since only the owner can unlock the device.

A strong password primarily prevents anyone who might install surveillance software from accessing the gadget.

In more detail, the procedure for setting a password on a mobile gadget based on Android is shown in this video.

Install only trusted applications

The second way to avoid trouble is to install only trusted applications, the code of which probably does not contain a malicious script. For this, programs must be downloaded exclusively from trusted sources. There are two of them for the Android operating system:

official Google Play store;
the official website of the software developer.

Numerous third-party sites that offer a variety of software for downloading should be avoided. Also, do not download software from torrents. You should not install pirated versions of programs in which the protection against unlicensed use is cracked. They can lead not only to wiretapping, but also to more unpleasant consequences. For example, to write off money from a personal account of a bank or an electronic payment system.

Keep your operating system up to date

Another way to protect yourself is to update the operating system of your mobile phone on time. The fact is that in each subsequent version of the OS, developers eliminate security gaps that can be exploited by attackers. Thus, the risk of wiretapping or unauthorized access to information is significantly reduced.

To update you will need:

go to the settings section;
select the item „Additional settings“;
click System update „.

On earlier versions of Android, the update button is located in a different place – in the „About phone!“ Section of the settings menu.

More details on the update procedure can be seen here

Block the installation of applications from unverified sources

Most often, malicious software is installed from third-party sources. This also applies to those cases when it is installed on the phone on its own. To exclude such situations and block the automatic installation of programs, you need to prohibit unknown sources of software. This can be done on any Android phone, including the earliest models. You will need to do the following:

go to the settings menu;
go to the „Security“ section;
uncheck the box next to the item „Unknown sources“.

By default, the box is usually unchecked. However, it's best to check for it.

Do not turn off the phone lock

To avoid unauthorized access to your smartphone, you should never disable its lock in the settings. However, it must always be protected with a password, pattern or biometric data.

Also, don't leave your phone unlocked unattended. While the screen has not yet turned off, outsiders can use it and install software to intercept information.

Avoid public Wi-Fi and disable bluetooth

It was already mentioned above that attackers can use special software to intercept data transmitted over wireless protocols. This primarily concerns Wi-Fi and Bluetooth. Therefore, the use of these networks should be minimized. Especially in public places where Wi-Fi is distributed for free: metro, cafes, libraries and others.

You should also minimize the use of Bluetooth wireless devices (such as headphones or headsets).

Don't spread your phone number

To organize wiretapping of a phone using specialized equipment, you need to know its number. This is required to connect to the device. In this case, the listening equipment replaces the base station (that is, the cellular antenna). Therefore, the fewer outsiders know the subscriber's number, the lower the likelihood of unauthorized access to data.

Limiting the distribution of a number is often very difficult. Especially when a person's work is connected with constant telephone conversations. However, even in this case, its transmission should be limited to professional contacts and the circle of relatives and friends.

What specific data do developers collect about users?

Firstly, any gadget runs on an operating system, the most common are Android and iOS. Each OS developer has its own services: maps, an Internet browser, an email service, a messenger, an application store, without which it is impossible to imagine using a gadget today. When you use a particular service, you allow developers to process information about you. To process means, for example, to store, to use for analytics.

Secondly, you connect the SIM-card of the mobile operator and so you allow him not only to process the data entered in the contract concluded at the stage of purchasing the tariff, but also to accumulate new data about you. Read on for a detailed breakdown of what a mobile company can do with information about you.

Third, you install applications. Standard minimum: a couple of social networks and instant messengers, an Internet browser, food delivery service, taxi, mobile banking. Despite the fact that many people use applications much more actively: they play, monitor physical activity, sleep quality, keep track of their personal budget and have fun using some kind of neural networks like Face App.

As a result, dozens of companies have access to data on your smartphone, can see your location, record routes, and some even have access to numbers from your phone book.

How is this data used?

The simplest thing is that companies collect customer data in order to better know who and how uses their services, based on this, to refine products and even more precisely offer their other services.

What is a little less obvious (according to the VTsIOM survey, not all Russians understand that their data is somehow used in social networks): data about users is collected and analyzed in order to show them targeted ads on sites at the request of advertisers. The most harmless thing is that by allowing services to know your geolocation, you see an advertisement for a fitness club located near your home, and not in an area where you are not. Or that the social network shows you content based on your interests that you showed when you liked some pages. And the unpleasant thing is data leaks, they can be used for fraudulent purposes. Or, personal data can be used to manipulate your opinion – we recommend reading the story about the scandal with Cambridge Analytica.

Another interest for developers is to use data to train their algorithms. Remember the flash mob in 2016? When people posted a video where they freeze in frozen poses while an operator with a camera passes between them. Later, researchers at one Google laboratory were able to create an algorithm based on these videos that estimates the location of objects in relation to each other. Entertainment applications can do the same with your data – for example, photo processing.

When did the era of personal data collection begin? The phone that I had ten years ago also saved some information about me?

Developers of any IT product have always collected user data.

In the 90s, not everyone had a computer, but they already had the opportunity to use geotargeting – displaying ads by location, it was configured by IP addresses. With the advent of smartphones, companies have more opportunities to get information about us. As popular services evolve, developers learn to analyze more and more data.

If I change the settings – take away access to geolocation and photos from services – will my data be unavailable?

Not always.

„The location of a smartphone, even if you turned off geolocation, can also be determined by the Wi-Fi point to which it is connected, or by the base station of a mobile operator,“ says Artem Myshenkov, software engineer for technical information security of the hosting provider Reg. ru.

You can take away access to the microphone, photos, location from any applications, but every time you want to, for example, post a story or photo to Instagram, you will have to allow access to these rights. If you are concerned about the safety of personal data and decide to delete all photos from Facebook, this will not help, such sites have a multi-level data storage system.

What new things can developers learn about users?

More recently, companies have begun to analyze emotions and identify psychological types of users. For example, in early 2018, Mail.ru Group introduced this type of targeting. This model, according to the company, will allow advertisers to reach customers based on their psychological characteristics.

„Back in 2017, the EmotionNet Challenge was held for the automatic recognition of people's emotions,“ says Alexander Rogozin, consultant at the Information Security Center of Jet Infosystems. „Smartphones and apps like Instagram have been using technology like this for a long time. Voice assistants recognize speech online, which facilitates additional analytics of the device owner's emotions on the developers‘ servers. Internet inquiries can also characterize a person and give an idea of his interests and plans. All this data allows us to conduct a behavioral analysis of the user „.

They say smartphones eavesdrop on us. It's true? I see advertisements for products that I have spoken about with my friends, but have never searched for them on the web

All companies categorically deny wiretapping of users.

Some experiments of journalists speak in favor of the opinion about wiretapping. And many users can tell what they saw on social networks and on websites advertisements for goods and services that they have recently discussed with someone, but have never searched on the Internet. Against this version, experts explain that we ourselves leave so much data about ourselves that site owners do not even need to listen to us.

In doing so, they acknowledge that the commands we give to voice assistants such as Apple's Siri or Google Assistant are being tapped. That is, your audio recordings can really be listened to – those that you say after a command like „Hello Siri.“ Apple explains that not all conversations are tapped and user data in this case is impersonal. Google gives the same explanation. Companies explain that they analyze teams to improve the functionality of the algorithms. But in theory, the voice assistant can misunderstand your words, interpreting them as a command. In support of this, the case of Alexa from Amazon, when she mistakenly took some words from a private conversation for a command, recorded a family conversation through the Amazon Echo column and sent it to a person in her contact list.

Data protection on Android

Connected Google Account

Seemed to do with having a Google account? If you connect your Google account, then you can use the service and remotely detect Android, block it or delete all your personal data, the only thing is that you must always have the Internet turned on.

Protected screen lock

Undoubtedly, remote blocking or deletion of all information, a great way to secure information, but if the device is blocked in a simple, usual way

the attacker will have time to quickly turn off the Internet and then you will not be able to delete anything. A safer way to block is worth considering. In Settings -> Lock Screen -> Screen Security -> Screen Lock

it is possible to choose other methods of blocking, more secure:

Slider – regular blocking
Face control – unlock the screen by displaying your face (unreliable, your printed photo of a face or video is enough)
Pattern – enter a secret pattern (most reliable)
PIN (not SIM) – enter a numeric password to unlock (secure)
Password – enter alphanumeric password (strong)

We recommend using the „Graphic Key“ locking method as it is currently the most difficult to guess to unlock.

SIM card PIN code

Since we have already started talking about security, then it is worth additionally enabling the PIN code on the SIM card, this will allow you to block the device even at the stage of turning it on. Also, the PIN code on the SIM will allow you to be sure that no one will be able to use it and save the data on the card. To enable the PIN code on the SIM go to Settings -> Security -> Configure lock -> Sim card lock

Hide files

Of course, this method will not protect 100% from the attacker, but at least it will allow you to keep them invisible for a certain period of time. For more information on how to hide files, see the dedicated article on hiding data.

Data encryption

This method will allow you to be 100% sure that your data will not fall into the wrong hands, and here's why: if the attacker failed to crack the PIN code of the SIM card and threw it out, or if he stole the memory card, then all these files will be encrypted and not will be able to use them. Therefore, the data encryption method, together with the previous methods, gives the best effect. In order to enable encryption, go to Settings -Security- Encrypt data, then put the device on charge and start the process. Please note that the process cannot be interrupted and it lasts at least one hour!

If your smartphone is missing and you weren't ready

Let's be honest: many people are careless about the security of their gadgets: they carry them in shallow pockets, leave them unattended on tables, do not set up a lock even with a fingerprint scanner. What can we say about more serious protection measures. But even with all precautions, there is a risk that an attacker will still penetrate the holy of holies of your social and personal life: a fingerprint can be bypassed with the help, and a face scanner without special sensors is deceived by a banal photo – even the vendors themselves warn about this.

Therefore, in any case, you need to protect yourself (and your friends) from losing personal information and money. So what should you do first?

Block the SIM card. The case when the fraudster spends all the money on the account, including in debt, is not worth mentioning due to the obviousness. It is much worse if he starts writing to all contacts with requests to transfer money to a card, Yandex.Money account, or even a mobile account. This is not a hacked VKontakte page – he will write from your mobile number.

Block a card linked to contactless payment services. Just in case, we remind you: contactless payments for up to 1,000 (in some banks – 1,500) rubles do not require a PIN. This means that if your bank card is linked to Google Pay or any other mobile payment service on a smartphone with NFC, scammers will gladly take advantage of this.

As well as trying to penetrate the installed banking applications. Of course, they are protected by an additional PIN-code (which, of course, differs from the unlock code of your device, right?), But since the scammers managed to get into the device, there is a chance that they will be able to get into banking applications to withdraw your money. Two-factor authentication will not help: the SMS will come … correctly, to an unblocked number in the same smartphone.

Get all personal files from the linked „clouds“. Almost all vendors want you to store your data in the cloud. On the one hand, it is beneficial for them, on the other hand, you have access to your photos, recorded videos and other content from any device. Including if the smartphone is stolen. Therefore, check your cloud storage for synced data that can still be saved. By the way, there is a chance to find a selfie of a particularly narcissistic thief there – there are a lot of such stories on the Web. In some cases, photos like these help in the investigation.

First steps

So, the smartphone is not in your pocket, at home, at school / work – in no place where you could forget it. I want to run somewhere and do something. The impulse is correct, but what exactly?

Calling your number is the first required action. Most smartphones today are locked with a fingerprint or face scan, so if someone found your device on the street and wants to return it, he cannot do it. But blocking does not apply to an incoming call, and any well-wisher will be happy to inform you where and how you can return the loss.

On the other hand, it is much more likely that the number will be unavailable. Maybe the battery just ran out, or maybe the smartphone was turned off and / or the SIM card was thrown out. Therefore, the next step …

Try to track your smartphone. Big surprise in case you're not in the know: Google is tirelessly monitoring you and your data. And Big Bro is ready to share some information. For example, chronicling the movement of your Android devices. It is enough to follow the link or to the address under your account: „Google Maps → context menu → Timeline“. And, of course, the Good Corporation has a function to find a device, which will show the current location and allow the smartphone to be blocked remotely.

The most correct independent action at this stage is to remotely block the device so that intruders cannot penetrate it. And then it's worth trying …

Call the police. When writing an application, you will need to indicate not only the model and color of the device, but also the IMEI (two, if the device has two-SIM) – to identify your device. The sticker with the required numbers can be found on the packaging of the smartphone or inside. By the way, you should also take the package with IMEI with you in order to prove that the device belongs to you. And sales receipts, if not thrown away, which is strongly discouraged.

However, practice shows that this does not always work. Often the police simply do not engage in such „unpromising“ cases, even if the prospect is actually quite emerging. The problem here is that if SORM is turned on for every household theft, there will be neither time nor resources left for bandits and terrorists.

However, mobile operators may not charge a fee for calls and transactions made after filing a report with the police, so it makes sense to contact the authorities in any case. But even if the search begins, the likelihood of returning the device is extremely small, so all that remains is to minimize losses.

Preventing smartphone loss or theft

In light of the above, it makes sense to organize the prevention of such troubles, thereby reducing the chances of your device being stolen or your personal information falling into the wrong hands. By the way, security is one of the cases when third-party firmware turns out to be more useful than „bare“ Android, since it contains additional tools for controlling the device and protecting personal data.

We set up the protection correctly (tips from Cap). We believe in your discretion, but nevertheless we consider it necessary to once again repeat the basic safety rules.

Always use a complex PIN or password that cannot be quickly guessed or guessed.
Do not use face scan unlock if your smartphone does not have special sensors for building a 3D model and / or scanning the iris of the eye.
Do not use the same PIN / password for different applications and services.
Do not disable Find My Phone and its permission to use geolocation.

And a separate tip: screen and save the IMEI of your devices – it will come in handy if you have to contact the police. Typically, this number is located in the „Settings → About device“ section. Or, due to the fact that there are a lot of Android firmwares, it is easier to dial the code * # 06 # in the „dialer“ .

Additional features of vendor firmware. One of the richest in security functionality is EMUI firmware. The latest version is installed on the editorial Honor 10, so we use it to study the security features of EMUI 8.1.

First of all, the system takes extra care to ensure that you protect your device and account, and groups all the basic settings in its own security manager.

Other security tools are summarized in the „Security and Privacy“ menu: here are both Google tools and vendor solutions.

Not new for third-party firmware, but an extremely useful feature: you can display your own text on the lock screen with all the necessary information – first of all, of course, contact information.

Within the system, selected applications or files are protected with separate passwords. You can enable or disable access to data using a fingerprint scan.

The firmware allows you to organize additional PrivateSpace. Access to it is carried out in the same way as to the main space of the system, but with a scan of another fingerprint – for example, a little finger – or with an additional graphic key.

In the same section, do not forget to check if the „Find My Device“ function is enabled, and if the location data is transmitted to the necessary applications. The vendor prudently refused to implement its own tools in the presence of a functional Google service.

To whom these functions are not enough – there are third-party services. One of the most curious is Cerberus, which detects non-standard „behavior“ of the device (incorrectly entered password, unauthorized SIM card, etc.), sending information to the specified address and a picture taken automatically by the front-end. The user is free to create his own algorithms for the application.

Sources used and useful links on the topic: https://it-tehnik.ru/gadgets/kak-zaschitit-smartfon-ot-slezhki.html https://www.ellegirl.ru/articles/kak-zaschitit-lichnyie-dannyie -v-telefone-i-pochemu-eto-vajno / https://www.izcity.com/data/security/article86.htm http://asus-zenfone.ru/kak-ha-android/zashhita-prilozhenij- na-android-zashhita-prilozhenij-parolem-na-android / http://droidtune.com/12084/android-ot-a-do-ya-5-luchshix-sposobov-zashhity-prilozhenij-ot-postoronnego-vmeshatelstva. html https://www.anyhost.ru/zashchita-prilozhenii-ot-udaleniya-na-android-blokirovka-prilozhenii.html http://www.spy-soft.net/firewall-dlya-android/ https: // tarifkin.ru/mobilnye-sovety/kak-zashhitit-telefon-ot-slezhki https://tass.ru/obschestvo/6707442 https://w3bsit3-dns.com/android-obshchee/1503-kak-zashchitit-lichnye-dannye-v-android.html https://w3bsit3-dns.com/2018/07/ 09/352254 /

Post source: lastici.ru