Time for a mobile privacy reset?

October is Cybersecurity Awareness Month.
We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips.

If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.

These new versions allow you to more easily check, and change, the personal information and phone features that individual apps can access.

So how about taking this opportunity to give your personal and work phones a mobile privacy health check?

Even if you’re running earlier OS versions – or don’t have a smartphone at all! – it’s still worth taking a few minutes to check the privacy settings in your digital life and ensure that they’re where you want them to be.

Before you start

If you have loads of apps installed, don’t worry: you can check some of the most important permissions for all of them in one go. 

Alternatively, focus on the apps you use most. (If you do forget to check up on old apps, Android 11 will reset all “sensitive” permissions automatically if an app is not used for a few months.)

Watch out for apps that are asking for access to features or information that they very clearly don’t need – a calculator that’s insisting on using your camera and knowing your location, for instance.

If you have any apps like this, then you should be asking yourself, “Do I want this app on my phone at all?”

It could be an overtly malicious app, or overly-aggressive adware that’s out to collect as much information as possible for monetization through a data broker.

If in doubt, don’t bother trying to tune up its privacy settings – get rid of it!

The top five things to check

For iOS 14 you can manage all your privacy settings through Settings > Privacy.

On Android 11, the location of the Privacy section varies from device to device, so you may need to look around for the settings pages.

However, the Android Permission manager page lets you see all app permissions in one place.

Left. iOS 14 Privacy screen.
Right. Android 11 Permission manager page.

1. Location services

This is one of the most important permissions to check and both iOS and Android offer a centralized one-click block option that covers all apps.

They have also made it easier to find out which apps already have permission to know where you are – you may be surprised how many apps ask for this permission by default.

On iOS 14 and Android 11, you can see which apps have access to location services in a single list.

The wording used varies slightly, but both give you three options for each app: always allow, never allow, and only while app is in use.

Left. iOS 14 Location Services screen.
Right.
Android 11 Location page.

With iOS 14 small arrows now appear alongside an app in the list or on the home screen when the app is in use to let you know if a location service is being or has been accessed by that app. 

This is a helpful extra indicator to remind you of the permissions you’ve granted.

2. Tracking

By tracking we don’t mean monitoring your physical location, as in (1) above, but rather keeping track of what you do and where you go online while using your phone.

Tracking is a new feature available in iOS 14 (but not in Android 11) – it’s a centralized setting that allows you to bulk-block apps from requesting permission to track you online.

Tracking information is gold dust to advertisers who want to know which apps and websites you visit before and after you use their app so they can learn more about you and better target their advertising.

If you want to keep that information to yourself, turn tracking off (although be aware that apps may still try to track you even if you say no).

iOS 14 Tracking screen. (No Android 11 equivalent.)

3. Camera

Access to your camera gives apps a deeply personal insight to your physical as well as digital world.

Images can also reveal additional information about you, for example when and where a picture was taken.

While iOS 14 adopts a binary allow/block approach, Android 11 is a little more granular with allow all the time and allow only while app is in use options as well as block all the time.

On updated Apple devices, a green spot on the home screen will alert you if an app is accessing your camera.

Left. iOS 14 Camera screen.
Right. Android 11 Camera page.

4. Microphone

Just like the camera feature, this is a critical check for both physical and digital privacy.

You don’t want third parties picking up sound and conversations without your knowledge and approval.

Check your apps and turn the microphone off wherever an app doesn’t need to access it.

Helpfully, Apple devices show an amber warning spot next to the battery indicator at the top of the home screen whenever an app is using the microphone.

iOS 14 amber warning spot on home screen when mic is in use. (Pointer icon shows location is on, too.)

5. Bluetooth

Bluetooth can be a huge convenience, but you might not want to have Bluetooth connectivity turned on for all apps all the time.

If you’re running iOS 14, it’s also worth checking the access settings for local networks.

If you have the Local Network feature enabled for an app it can connect to other devices on the LAN, such as other people’s laptops or a printer at the coffee shop, which might not be what you want.

iOS 14 Local Network screen. (No Android 11 equivalent.)

To sum up

Protecting your mobile privacy is not about disconnecting everything – obviously, some apps need access to certain features, including location, camera or microphone, in order to function as intended. 

A mapping app can’t show you how to walk back to your hotel from where you are now without knowing your location, for example; and you can’t use a messaging app to stream video footage without giving it access to the camera.

Mobile privacy is about understanding which apps have access to information or features they don’t need, and removing those permissions.

This will help you to protect your personal information better, and to defend yourself against cyberthreats that abuse legitimate-looking apps to gather intelligence about you.

Over time, you’ll probably forget which permissions you’ve given to what apps – or you may simply change your mind about how much you want an app to know about you – so it is worth doing a quick mobile privacy health check on a regular basis.

You could even set an alert on your phone to remind you!