How to Hide your Smartphone from Prying Eyes

One of my favourite films of all time is Enemy of the State with Gene Hackman and Will Smith.

It's a story of how advanced technology that you might not think exists, in the right hands can help keep us all safe and secure. Sounds all good right?

But in the hands of criminals or rogue states, these advanced technologies can be abused.

There have been plenty of scandals, where similarly advanced spying technology was used for international espionage.

Just Google Crypto AG or Pegasus spyware.

On the one hand, we have GDPR which is there to protect EU citizens’ right to privacy, yet we have advanced spying technology that is sometimes used to gather and store personal data long term, sometimes with dubious legal justification.

For example, the Irish Data Protection Commissioner (DPC) issued a €110k fine to Limerick City and County Council, due to the abuse of CCTV by the Irish police.

But I guess some crimes were solved, and probably lives were saved. So all good.

But this article is not about hiding from the police. Far from it. But it could help you hide from organised crime, unfriendly foreign spy agencies, and private investigators, or just protect your right to privacy.

And don’t forget that in today's changing world, money talks.

For example, for just over $1,000 anyone can buy computer hardware that with open source software defined radio OpenBTS, can be used to set up a fake cellphone tower, tricking nearby smartphones to connect, allowing interception of calls, and internet connections.

Or for the price of a used laptop and Kali Linux, any script kiddie (teenage hacker) can set up a fake Wi-Fi access point with an SSID called "STARBUCKS" and trick your smartphone to connect, while you are on the train home.

So should you be paranoid and keep your phone in a microwave oven, as Edward Snowden once recommended?

Nope, but if you are a government minister or a senior executive in a public company, or discussing something secret, then yes, during your confidential meetings, switch off your smartphone and if you don’t have a portable Faraday cage, put your smartphone in the microwave.

But it's not just Big Brother and the mob that may be tracking you, Facebook, Apple and Google are watching you too.

Some Android apps gather vast amounts of personal data from your smartphone or tablet, without your knowledge or consent.

It is said that Android typically collects ten times as much personal data as an iPhone.

But don’t let that fool you. According to this article, researchers at Mysk claimed that Apple may be collecting personal data on customers even though they said they do not.

Who knows, it might be true, or it could be just fake news.

In any case, interestingly, Russia has just banned iPhones for all government officials.

I wonder why.

And can we trust popular messaging apps?

Well, despite claimed end-to-end encryption, it is said that everything you send and receive on WhatsApp or Messenger, may potentially be seen by Meta.

What can you do about that?

Just use Telegram.

If you have not heard of Telegram, the platform added 2.5 million new users every day so far in 2023, reaching 800 million monthly active users.

And now you don’t even need a phone number to use Telegram.

Here are 10 steps anyone can take to keep their mobile communications safe from prying eyes.

#1 Replace Your Old Android Phone

If your Android phone no longer receives security updates, factory reset it, take it to your pawn shop, and buy a new one. It's easy to check on Wikipedia, but at the time of writing Android 11, is still supported with security updates, but only until the end of 2023

#2 Update your OS Regularly

Whether you use an Apple or Android device, keep it updated. Think of smartphone updates as Cyber hygiene, just like taking a shower. Do it regularly.

And if you are lucky enough to work in an organisation that is smart enough to use Mobile Device Management (MDM) then this will be done for you.

#3 Use Separate Business and Personal Smartphones

If you must use apps like WhatsApp and Facebook in your personal life, then install these apps on a personal mobile, and only install the bare minimum of essential business apps on your business smartphone.

#4 Leave Smartphones outside Meetings

Tony Blair is said to have never allowed smartphones into a meeting at number 10. He said they were a distraction. But there is something else that's even more important, secrecy.

How many times have you been on a Zoom or Teams call only to be rudely interrupted by Siri? Let's face it, if you invite Siri into your meetings, everything you say in the meeting is potentially being recorded, converted to text, and uploaded to Apple's cloud.

#5 Switch Off Bluetooth and Wi-Fi

Switch off your Wi-Fi and Bluetooth when you don't need them. There are many ways to exploit vulnerabilities in Wi-Fi and Bluetooth, especially if your smartphone is missing a critical update.

Set all of your saved Wi-Fi network profiles to not auto-connect especially not to public Wi-Fi networks like STARBUCKS.

#6 Use a Secure Private Smartphone OS

If you happen to work in a sensitive role or organisation, then there are more secure mobile operating systems like GrapheneOS and SailfishOS, or you can install Linux versions like Ubuntu Touch on a PinePhone.

Photo of PinePhone DIP switches inside the back cover

Sailfish was once said to be the official mobile OS of the Russian government, but Jolla has since tried to cut its business relations with Russia.

#7 Use 4G-Only Mode

Force your phone settings to use only 4G networks, reducing your vulnerability to Stingray or IMSI-Catcher attacks.

Just remember that your mobile networks may not support voice over LTE, so you may not be able to make or receive voice calls, but you still should still be able to use data services on your smartphone, even if you force 4G-only mode.

Not a problem if you mostly use a fairly secure messaging app like Telegram.

Yes, Telegram can make audio and video calls too, but they remain private.

#8 Use a Privacy Browser

Uninstall or disable Chrome, and install a privacy-orientated browser like Brave. Once installed, review and modify Brave’s security and privacy settings if necessary.

And don’t forget to set Brave as your default browser.

#9 Use a Private DNS service

Companies and foundations like Cloudflare and Quad9 in Switzerland provide an encrypted DNS service, which ensures that your local Internet provider can not track which websites you are visiting by logging the URLs you type into your browser.

Just set your smartphone and tablet to use either of the following DNS resolvers

1.1.1.1 for CloudFlare

9.9.9.9 for Quad9

#10 Use the Lock Screen

Use a strong passcode or long PIN to lock your screen, and ensure it auto-activates in 2 or 3 minutes.

This next one probably sounds counter-intuitive.

Remember that if you use facial recognition or fingerprint biometrics to unlock your phone, someone else can do it too, maybe one day without your permission.