Hey Hexbear
Like to think I do an ok job keeping my desktop setup secure, but realized recently I don't do the same for my mobile devices.
Does anyone have any good tips how to help keep your phone more private and secure?
I have both an android and iPhone, and realize androids are superior to that sort of customization. Thought it might be useful tho if anyone had any tips for either though.
I'm not sure whether the things I do are good, but some of it(I'm on android):
- Disable background data for apps which don't need it
- Disabling unnecessary permissions for apps
- Disabling/uninstalling unwanted apps. You can try android debloater if you want to go further, but would need to be more careful about disabling some important app.
- Using apps like Firefox more than GChrome. Firefox has uBlock origin and other extensions like dark reader n rss radar.
- Not using many connected apps or being tied to a single ecosystem, so as to avoid everything being collected by one group. But if something simplifies your life very much then this may not be practical.
- Gps n mobile data off when not in use. Actually, I started doing this to save battery, but it's standard practise now. If you're a person who gets online calls a lot, turning off mobile data may not be realistic.
If you want to go further, you can try apps like Netguard, which can be used to block and analyse the internet usage of apps on the phone.
I think one can even root their phone and flash custom roms or make modifications of their own. But I've never tried that.
Less is more with app's 100%. Wiping the android device and never signing into Google is another easy move. Just use F-Droid for your app's. Anything that's not on F-Droid can be obtained through the Aurora Store, which is in F-Droid. Aurora is the play store but can be accessed anonymously.
Setting up a private DNS server and setting it as the phones DNS is a good move on android. I like NextDNS for this as it lets you add filters.
VPN's like MullVad or Proton aren't a bad thing. VPN with block connection without VPN + a private DNS is a solid one-two-punch.
Setting up two users in the android phone is great. One for banking, uber/lyft, work or school stuff and the other for personal. Helps segregate the app data.
Above all this, a private OS is the final move. Graphene OS is amazing, but only works on Pixel phones. Calyx OS, Lineage OS, /e/, and Postmarket OS are other options which will also increase your mobile privacy across many different phone models.
Privacy is a marathon and not a sprint. So good on you handling your desktop! These are some options but it'll just depend on your threat model to determine if they're bit much compared to other options.
I think one good tip for phone privacy is to get other people with phones to use libre messaging apps like Signal and Matrix for communication. There's no good point to your own phone privacy if people demand you use nonfree programs for messaging like Meta products or (gesp) Discord.
get lineageos on it and disable internet to everything that doesnt need it
On iOS: run through the security checkup, set up dns over tls and connect to an always on vpn that’s trustworthy for your needs (mullvad?). Turn on lockdown mode and never turn it off. Switch to at least a six digit passcode and disable biometrics. Set the attempt limit to on. Turn on advance data protection in your iCloud account.
Audit all email accounts or account names and metadata like credit cards that they might have associated with them. Use a password manager like last pass and change everything to unique long random strings. Use different emails for each account. No not aliases through one service, different emails.