Securing Your Phone
Look Calmly, Act Smart
Most online problems arise from haste. Most protection comes from brief, calm verification.
For Securing Your Phone, the practical route is straightforward: choosing small measures you can set up today and maintain.
The goal is not perfection, but predictably safe behavior that holds up even on busy days.
Immediate measures (15 minutes)
Why this matters
The core of Securing Your Phone is risk reduction in practice. Technical context supports the choice of measures, but implementation and embedding are central.
The device that knows more about you than your best friend
In 2021, an international consortium of journalists broke a story that sounded like a bad spy movie, but was unfortunately horrifyingly real. An Israeli company called NSO Group had developed software -- Pegasus -- that was silently installed on phones of journalists, human rights activists and politicians. Without the owner having to do anything. No clicking a suspicious link, no opening an attachment. The phone simply rang, and even if you didn't answer, it was already too late. Pegasus could read along with your messages, activate your camera, turn on your microphone and track your location. Among the victims: journalists investigating those in power, a fiancee of the murdered journalist Jamal Khashoggi, and dozens of others who were simply doing their jobs.
Now you might think: "Yes, but I'm not a journalist in a dictatorship." True. But the point is not that you're a target for Pegasus. The point is that your phone is an incredibly powerful device that contains almost your entire life -- and that most people treat it far too carelessly.
Your phone knows everything about you
Think about that for a moment. Your phone knows:
| What your phone knows | How |
|---|---|
| Where you've been | Location history, all day long |
| Who you talk to | Contacts, call history, messages |
| What you look like | Photos, selfies, facial recognition |
| What you buy | Banking apps, payment apps, online shopping |
| What your health is doing | Step counter, heart rate, sleep patterns |
| What you think | Search queries, notes, journals |
| What you love | Photos, music, browsing history |
Your phone is essentially a combined wallet, diary, photo album, bank card, route planner and private detective. If someone gets their hands on your phone -- physically or digitally -- they have access to virtually your entire life.
That's not a reason for panic. That's a reason to secure your phone just as well as your front door. Actually better, because there are more valuable things in it than in your house.
Installing updates: the most important thing you can do
If you only do one thing after reading this chapter, let it be this: install your updates. Always. Immediately. Without delay.
I know. That notification always comes at the worst moment. You're in the middle of a conversation, you're about to take a photo, or you just don't feel like it. But here's the thing: those updates aren't there to annoy you. They patch security holes discovered since the previous version.
Every day, security researchers (and criminals) search for vulnerabilities in phones. When one is found, Apple or Google releases an update as quickly as possible to patch the hole. But that update only works if you install it.
How to set up automatic updates:
- iPhone: Go to Settings, then General, then Software Update, then Automatic Updates. Turn everything on.
- Android: Go to Settings, then System, then System Update. Enable automatic updates. (The exact location varies by brand, but search for "system update" in your settings.)
Tip: Set your phone to install updates at night while it's on the charger. Then you won't be bothered by it.
And don't forget your apps. They also get regular security updates.
- App Store (iPhone): Go to Settings, then App Store, and turn on App Updates.
- Play Store (Android): Open the Play Store, tap your profile picture, then Settings, then Network Preferences, and set Auto-update apps.
App permissions: who can do what with your phone?
Have you ever installed a flashlight app that requested access to your contacts? Or a game that wanted to use your microphone? Then you're not alone. A lot of apps request permissions they absolutely don't need, and most people tap "Allow" without thinking.
Permissions are the rights an app gets to use parts of your phone. The most important ones to watch:
| Permission | When logical | When suspicious |
|---|---|---|
| Camera | Photo app, video calling | Calculator, flashlight |
| Microphone | Calling, voice messages | Weather app, games |
| Location | Navigation, weather | Flashlight, dictionary |
| Contacts | Messaging app, calling | Games, news apps |
| Storage/Photos | Photo editing, cloud | Flashlight, calculator |
How to check this:
- iPhone: Go to Settings and scroll down. You'll see a list of all apps. Tap an app to see which permissions it has. Or go to Settings, then Privacy & Security, and view per category (Camera, Microphone, etc.) which apps have access.
- Android: Go to Settings, then Apps, choose an app and tap Permissions. Or go to Settings, then Privacy, then Permission Manager to view per category.
Rule of thumb: if you can't think of why an app needs a certain permission, turn it off. The app works in most cases just fine. And if it doesn't, ask yourself if you really want that app.
Tip: For location permissions, always choose "Only While Using the App" instead of "Always." A delivery app doesn't need to know where you are when you're not using it.
Only apps from official stores
It sounds obvious, but it's astonishing how many people install apps from outside the official App Store or Play Store. Maybe because someone sends a link, or because a website says you need a "special version."
Don't do it.
The official stores aren't perfect -- malicious apps do slip through -- but they do have a review process. Apps are checked before they appear in the store. With apps from outside the store you have zero guarantees.
Three simple rules:
- Only install apps via the App Store (iPhone) or Google Play Store (Android).
- Never click on links that ask you to download an app outside the store.
- If a website says you need to install an app to proceed, close the website.
Tip: On Android you can disable the "Unknown sources" or "Install apps from unknown sources" option in your settings. Do that. On an iPhone this is blocked by default, unless you've jailbroken your phone (and you shouldn't do that).
SIM swapping: the risk you need to mitigate immediately
Imagine: you're sitting on the couch, and suddenly you have no signal. No phone signal, no texts, nothing. You think it's an outage, but in the meantime someone has called your phone provider, impersonated you, and had your phone number transferred to a new SIM card. Now that person receives all your text messages -- including the verification codes from your bank, your email and your social media.
This is called SIM swapping, and it's a growing problem. Criminals use personal data they find online (or buy on the dark web) to convince your provider that they are you.
How to protect yourself:
- Call your provider today and ask for an extra PIN or password on your account. Without that code, nobody can make changes to your subscription.
- Don't use SMS as your second step for your most important accounts. Use an authenticator app instead (see the chapter on passwords).
- Be frugal with personal data online. The less a criminal knows about you, the harder it is to convince your provider.
| Provider | How to set up a PIN |
|---|---|
| KPN | Call 0800-0402 or visit a KPN store |
| Vodafone | Call 0800-0500 or arrange it via My Vodafone |
| T-Mobile | Call 0800-7666 or visit a T-Mobile store |
| Other | Call customer service and ask about account security |
Tip: If you suddenly lose signal without a clear reason, immediately call your provider (from another phone) and check whether a SIM swap has taken place.
Locking your phone: biometrics versus PIN code
A phone without a lock screen is like a house with the front door open. You'd be amazed how many people still don't use a screen lock, or have a PIN like 0000 or 1234.
What options do you have?
| Method | Security | Convenience | Recommendation |
|---|---|---|---|
| No lock | Disastrous | Maximum | Absolutely don't |
| Swipe pattern | Weak | Easy | Preferably not |
| Four-digit PIN | Moderate | Easy | Minimum |
| Six-digit PIN | Good | Easy | Recommended |
| Fingerprint | Very good | Very easy | Recommended |
| Facial recognition | Very good | Very easy | Recommended |
| Alphanumeric password | Excellent | Less easy | For the extra cautious |
The best combination: use biometrics (fingerprint or facial recognition) combined with a strong PIN or password as a fallback option.
- Set a PIN of at least six digits, and don't use obvious combinations like your date of birth, 123456 or repeating patterns.
- Enable biometrics so you can quickly access your phone in daily use.
- Set your phone to automatically wipe after ten failed attempts. (Yes, that sounds scary, but if someone tries the wrong password ten times, they're not a friend borrowing your phone.)
Tip: Set the auto-lock to a maximum of 30 seconds to one minute. The shorter, the better.
What to do if your phone is lost or stolen
The moment you realize your phone is gone, you break into a cold sweat. Understandable. But if you're prepared, you don't need to panic.
Step 1: Make sure you're prepared (do this now)
- iPhone: Go to Settings, tap your name at the top, then Find My, and turn on Find My iPhone. Also turn on "Send Last Location."
- Android: Go to Settings, then Google, then Find My Device, and enable this feature.
Step 2: Your phone is gone -- what now?
- Try calling your phone. Maybe it's just under the couch.
- Use Find My iPhone (via icloud.com/find) or Google Find My Device (via google.com/android/find) to check the location.
- Put your phone in lost mode. This locks it and shows a message with your contact details on the screen.
- If your phone was stolen: report it to the police and provide the IMEI number. (You'll find this number on the box of your phone or on your purchase receipt.)
- If you're certain you won't get it back: remotely wipe your phone. All data will be deleted. This is painful, but better than a stranger browsing through your photos, messages and banking.
Tip: Write down your IMEI number somewhere safe, outside your phone. You can find it by dialing *#06# or in your settings under "About this phone."
Public charging stations: free power with a catch
You're at the airport, your battery is almost dead, and there you see it: a free charging point with a USB cable. Tempting. But did you know that it's technically possible to transfer not just power via a USB cable, but also data? This is called "juice jacking."
Now I have to be honest: the risk is small and there are few proven cases in the wild. But the solution is so simple that there's no reason to take the risk.
What can you do?
- Bring your own charger and cable and use a regular power outlet.
- Use a USB data blocker (a small adapter that only allows power through). Costs a few euros.
- Use a power bank. Charge it at home and take it with you.
Do this today
These are the steps you can take now to better secure your phone. You don't have to do everything at once, but try to check off at least three today.
Remember: your phone is the most personal device you own. Treat it accordingly. You don't need to be a security expert -- you just need to have the basics in order. And those basics, you have them now.
Further reading in the knowledge base
These articles in the portal provide more background and practical context:
- Passwords — a brief history of collective failure
- Recognizing phishing
- Two-step verification — locking the door and bolting it
- VPN — a tunnel through the wild internet
- The Dark Web — what it is and why it matters
You need an account to access the knowledge base. Log in or register.
Related security measures
These articles provide additional context and depth:
