Yesterday, I shared a post from Caleb Giddings where he called your cell phone “a bank vault full of PID.” PID – Personally Identifiable Data – and every other acronym that boils down to “stuff that’s specifically about you” is a hot topic right now, as technology has created more and more information about each of us, and made it possible to collect more and more of it into one place. Some of that information is very private, the kind of stuff that you don’t want anyone to know except maybe your closest friends, if even them. It might include delicate medical diagnoses, embarrassing Internet browsing habits, deep dark secrets from your past…or simply things you don’t want the world or just certain people to be privy to, like who your favorite Spice Girl is (did I just date myself?), what your food or shopping weakness is, or where you live. That’s why data privacy is starting to be viewed as a fundamental right all over the world, resulting in laws designed to limit who has access to your information and what they can do with it. As with all laws, though, they rely on people doing the right thing – and that includes you.
It’s inevitable that our cell phones contain so much of our personal information these days, what with how they’ve become the portable computers that we can run our entire lives on: social media, web browsing, banking, recording medical information, communicating with our doctors, journaling our innermost thoughts, and more. Every one of those activities aggregates more data about us, whether in actual details or in the collection of seemingly meaningless bits and pieces that together can create a portrait that is perhaps a bit more accurate than we’d like. In fact, the way in which most of us use our phones these days means that there may be no other single device in the world that collects so much information about its owner. It might be segregated into different apps, and some of it might be stored in the cloud and simply accessed from the phone, but it’s all there. Knowing that, doesn’t it seem super important to protect your phone carefully?
Physical security is the start. Leaving your phone unattended is a bad idea unless you physically lock it up. Access to the actual device increases the time and the number of tools that can be used to pry information out of it. For the same reason you don’t want a lock box or safe to be easily movable, you don’t want to make it easy for someone to walk off with your phone. It’s not only inconvenient while you try to manage your life until you can get a replacement, it means that it becomes that much more possible for a bad guy to access your personal data without the pressure of being seen with your phone. Embrace the fact that your cell phone is permanently attached to you as an extra appendage not so you never miss another alert, but so nobody else can can have hands on it. If you can maintain control over your phone but there are nosy people around you who might look at your phone while you’re using it, you can also physically make it harder to see what you’re looking at with a privacy screen protector that requires a viewer to be at a certain angle to see what’s on the screen.
Software security matters too. I know how convenient it is to leave your phone unlocked and how annoying it is to have to use an extra app for two-factor authentication to log in the app you’ve already secured with a password, but it’s absolutely worth the effort. Biometric tools such as Face ID or fingerprint readers on your phone can make logging in less of a hassle, but at the cost of decreased protection for the data on your phone because some of those can be more easily bypassed, such as when you are sleeping. The same is true of using a password manager to save passwords for the various websites you access on your phone regularly. Consider setting those tools up so that your actual core password that only you know is still required at least sometimes. Similarly, don’t be tempted to allow your phone to stay unlocked for long periods of non-activity.
Sometimes you might leave your phone on a table while you eat lunch with a friend, though, or you might live or be staying with someone who you don’t fully trust with every one of the secrets you hold (and really, that very likely should be anyone and everyone – you deserve to be able to keep certain things private, even if they’re as simple as a surprise gift for a loved one). In those cases, software security is important too. Lock screens and app-level passwords make it more difficult for someone to casually access either your entire phone or the apps that have the most sensitive information, and they aren’t restricted to apps with that support built in. Search “lock apps iOS” or “lock apps Android” to learn how to do it on your phone. Searching for “lock Android to single app” or “lock iOS to single app” can also help you figure out how to temporarily restrict access to only one particular app, so that if you need to allow someone else to use your phone, they can’t go digging through it – intentionally or not – when you aren’t looking.
At the same time, consider how much you want to be visible via notifications on your lock screen or other times someone else can see the screen. It defeats the purpose of password-protecting your phone or an app if someone can see what’s going on with it without going into it. Easy mode is simply keeping your phone screen-down when you have it out on a table, but you might want to at least see if a notification has arrived. Take the time to check the settings of your phone and of every app you use to ensure that you are limiting visible notifications appropriately, perhaps restricting your phone from showing any pop-up or lock screen alerts at all, or limiting them to only showing that a new alert has arrived without details of who the sender might be or what the message might include.
Is all of this paranoid? Maybe. But think about how much of your private and personal information is collected on or accessible through your phone and how many of the important aspects of your life can be controlled with use of your phone, then think the same about your friends. You probably can’t get into their bank accounts, but you’ve probably talked about private and personal things with at least some of them via messaging apps. There’s a reason there’s a swelling tide of data privacy laws and movements out there, and it’s because all of that information is important to keep restricted to only the people who should have it and can be trusted to do right by you if they do. At the end of the day, though, the laws are only as helpful as the people obeying them and enforcing them. As with the rest of your safety and security, it’s on you to be your own first-line, ground-level defense.