Mobile Device Security
Mobile Device Security
Malicious software often takes advantage of security flaws in common programs and operating systems. These flaws are routinely discovered and fixed in updates. To make sure your devices stay protected, keep the programs you use and the operating systems on your devices up to date when new updates become available.
Mobile devices are more likely to be lost or stolen. To ensure any sensitive data on the device does not fall into the wrong hands, it is strongly recommended to use full disk encryption on all mobile devices (including laptops and smartphones). On some devices, encryption may be enabled by default, on others it may need to be switched on manually. If a device has built-in storage and also accepts removable storage (e.g. SD cards), both types of storage should be encrypted.
Make sure a password or some other type of authentication is required to unlock the device for use. Use a unique and complex password. For smartphones that use pins, do not use easily guessable pins such as "1234" or "0000". See Password Guidelines for more information.
To prevent unauthorized access, configure the device to lock itself automatically if it is idle for a certain period of time (e.g. 5 minutes).
Be wary of free Wi-Fi networks. Many of these use poorly configured or outdated security controls making devices on the network susceptible to eavesdropping or other attacks. An attacker could also create a malicious Wi-Fi network designed to impersonate a legitimate one. Avoid untrusted networks whenever possible. Use VPN when traveling to reduce risk associated with unknown networks.
For devices with app stores, only install applications using those app stores. The companies that manage these app stores (e.g. Google and Apple) employ at least some degree of vetting before allowing applications to be listed, and can also later remove applications that are determined to be malicious. Even when installing from a trusted app store, you should scrutinize the particular application including understanding who the developer is, and looking at its reviews and rating. The term "sideloading" refers to circumventing an app store to load an application onto a device using some other means. Application developers may use sideloading during their development process, but regular users should not need to use this process to install an application. Be wary of any instructions you receive to install a mobile app using any means other than an app store.
Do not root or jail break your device without fully understanding the security implications. On a rooted device, a malicious application can potentially do more damage. If you are using a device for official Institute business it should never be rooted.
Clear storage when changing owners
If you are selling, giving away, or otherwise transferring your device to a new owner, make sure to completely erase all attached storage to make sure no sensitive data can be retrieved by the new owner.