Mobile devices like smartphones and tablets are basically small portable computers. Just like your computer at home they can be hacked, infected with a virus and, if unsecured, provide access to your personal information.
Protect yourself and your mobile device
Keep your mobile device with you at all times. Remember if your mobile device is unsecured and it is lost or stolen:
- it could be used to access your money or to steal your identity using information on your device
- you may have lost irreplaceable data (if it is not backed up)
- it may provide access to your social media accounts which could enable someone to pose as you, or steal your identity using your profile information (such as your date of birth and photo)
- someone may use your phone or its Subscriber Identity Module (SIM) card and rack up telephone charges to your account.
Remember your smartphone or tablet is a mini-computer and you need to protect and secure it just as you would your home or laptop computer. Treat your smartphone like your wallet; keep it safe and with you at all times.
Secure your mobile device
- Turn on the security features of your device – all devices have them. Contact your manufacturer or service provider for instructions, or look them up online.
- Set a password or Personal Identification Number (PIN) that must be entered to unlock the device and put PINs on your SIM card and voicemail.
- Install reputable security software – your device's manufacturer can provide recommendations.
- Update your device's operating system as soon as new updates are available. Set them to update automatically when connected to wi-fi to keep data costs to a minimum.
- Leave your Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it. When connecting using Bluetooth, do it in private, uncrowded areas only.
- Use encrypted wi-fi networks that require a password and ensure your device does not automatically connect to new networks.
- Record the International Mobile Equipment Identifier (IMEI) of your handset, a 15 or 17 digit number usually printed on a label under the battery. If your device is lost or stolen, you can report this number to your provider and they can block the handset from being used.
- Use remote tracking (via GPS), enabling the locking and/or wiping functionality if your device supports it.
Secure your information
- Back up your data regularly, either when you synchronise it with a computer or on a memory card.
- Do not save passwords or PINs as contacts on your phone.
- Avoid online banking over public Wi-Fi or in busy public areas. Passers-by could be watching what you are typing (known as shoulder-surfing).
Using applications (apps) on mobile devices
Many apps have the ability to collect and transmit data from your device about your personal information, location, contacts and messages. You can control the personal information accessed by the apps by choosing permissions at the time of installation.
Be careful of downloading hoax or malicious software that could contain a virus or malware. Always source your apps from reputable providers and review the feedback other users leave. If you are unsure why an app needs access to your contacts, calls, photos or location, see if there is an alternative app available that has the same functionality that you require.
Be smart about how and where you use your mobile device
- Stick with reputable sites and applications when downloading anything from the internet.
- Do not download content, particularly applications, from unknown or unreliable sources. They could contain malicious software.
- Turn GPS settings off when not in use as this can be used to track your location.
- Log out of websites when you are finished.
- Think before you click. Do not open anything unless you are expecting it and it is from a trusted source. It could contain malicious software or take you to a malicious website.
- Change your settings so that your device asks permission to join any new wireless networks.
Protect against malicious software (malware)
Viruses, spyware, trojans and worms are all types of malware. Malware is software designed to be installed into a computer system to cause harm to the user or others.
Malware can track your movements in the real world and steal information (including passwords) for the purposes of identity theft or crime.
- Watch out for prompts or warnings asking if you want to allow software to install or run. If you do not know what it is, do not accept the prompt.
- Avoid 'rooting' or 'jailbreaking' your device. Rooting or jailbreaking involves intentionally bypassing software restrictions in the device to enable additional flexibility or functionality, but it also bypasses security restrictions exposing your device to malware threats.
- Only use legitimate app stores: avoid 'side loading' from third party app stores, as these are more likely to harbour malware (even in seemingly legitimate apps).
- Check app permissions. When an app is installed it has to ask the user for 'permission' to use specific types of functionality. Consider whether you want that app to have access to your information.
- Keep a close watch on your billing information. Some malware makes money for scammers by sending SMSs from your device to premium-rate numbers. Contact your carrier immediately if you see any unexpected activity on your account.
Symptoms of malicious software infections
Your device may have been infected with malicious software if any of the following things have happened:
- There is a sudden increase in your phone or data bill with no clear reason.
- Your device has emails and messages in the sent folder that you did not send.
- The user interface changed without you taking any action to change it.
Contact your service provider for instructions on how to identify and remove malicious software.
Using public wireless networks
Public wi-fi 'hotspots' in public places like cafés, airports, hotels and libraries are convenient but unlike your home computer, use of public hotspots involves security compromises. It is easy for other users to intercept your data, so be careful about what information you send or receive while connected. Try and limit activity when connected to a public wi-fi network to web browsing and avoid banking or any other activities that involve user password access.
Avoid using hotspots that are run by people you do not know or trust. Criminals can set up hotspots known as 'evil twins' and 'rogue hotspots' to steal users' information.
Always try and use encrypted (password protected) networks.
Choose networks with WPA2 and WPA encryption if they are available as they are more secure than other types of security encryption.
Connect using the right network type
When you connect to a wi-fi network many devices will prompt you to select or identify the network type ('home', 'work' or 'public'). Always select 'public' when you connect to a public wi-fi network as this will lock down the connection more securely.
Use a virtual private network (VPN) if possible as they encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted.
If you can not connect securely using a VPN, avoid:
- online banking or shopping
- sending confidential emails
- entering passwords or credit card details unless using a secure website
- using passwords, credit card details, emails, online documents or social networking.
If making sensitive transactions, only use secure websites and look for:
- https:// instead of http://
- a locked padlock or key in the browser website address bar.
Avoid sending or receiving valuable information when connected to public wi-fi networks
Public and unsecured
Low risk activities:
Public and unsecured
Moderate risk activities:
Public and secured with WPA
High risk activities:
Private and secure
|Unsecured or Encrypted|
Highest risk activities:
Where to get help
You believe you have been a victim of a virus or malware attack
Your device has been lost or stolen
You are looking for more information on securing your mobile device
Information on recent threats
- A full list of useful contacts can be found on the Contact Us page.
- Australian Communications and Media Authority (ACMA), mobile phone security
- The Office of the Privacy Commissioner, privacy and security of your mobile phone
- Smart behaviours to protect your personal and financial information Stay Smart Online video