Archives for August 2024

“Privacy is not something that I’m merely entitled to. It’s an absolute prerequisite.” Marlon Brando.

If you read the posts on Windows, macOS or iOS, you’ll note that I’m repeating some text I had there, appropriately modified for Android. If you don’t have a Mac, a Windows PC or an iPhone, you may have skipped those posts. Each phone manufacturer can modify the Android operating systems, so the instructions below could appear differently on your phone. That said, here we go.

Controlling access to your Android phone is a must. Set a passcode to control access to your phone. Your passcode can be a swipe, pattern, PIN, or password. I recommend you use a pattern, PIN or a password. A PIN should be 8 characters or more. Instead of a password, consider using a passphrase. It’s easier to type and you’ll be typing it a lot.

But what about a biometric? Some Android phones support authentication with a fingerprint or Face ID.

Opinions vary.

I prefer using a passcode for three reasons. First, I can change it if it’s compromised. I can’t change my fingerprints or my face in any way I wish to contemplate. Second, my face is publically available. I wear it every time I step out the door. I’ve traveled internationally and Face ID is used to board international flights and in customs and border control. It’s in pictures on the Internet. My fingerprints exist in several places. I’ve had security clearances. I’ve used CLEAR at the airport. A skilled hacker could lift my fingerprints from anything that I’ve touched. Since my fingerprints and face are stored in multiple places that could be breached, there’s a possibility that my biometrics could be compromised. Third, while the law is evolving, law enforcement generally can’t compel me to provide something I know, a password or PIN, but they can compel me to provide a fingerprint or use my face to unlock a device. Use your own judgment.

I recommend you configure your Android phone to auto lock if it’s been idle for a period of time. And make sure you require a passcode to unlock it. This varies enough by version and manufacturer that I recommend you check the documentation on your manufacturer’s website for instructions.

You should always control access to your Android phone by requiring a passcode to login and after it wakes up from sleep. This is basic computer hygiene, much like brushing your teeth.

On to user account management.

Information provided in this post is subject to the disclaimer in the first post of this series.

While it’s possible to use your Android without a Google Account, but it significantly diminishes the experience and prevents you from getting automatic software updates, which is a serious security risk. As discussed in prior posts, protect your Google account with a strong password. Use two-factor authentication to access your account in the cloud, and enable automatic updates for Android and applications you downloaded from the Google Play Store. You’re sharing data with Google, but there’s little that can practically be done to prevent it.

One other bit of computer hygiene before we address privacy permissions. And over time, you may accumulate apps you installed to try out and then stopped using. I recommend you uninstall these apps. They’re clogging up your system and may pose a security risk. Delete apps on Android by going to “Settings > Apps > See all apps.” Tap on the application you want to delete. Select “Uninstall” and confirm by hitting “OK.”

The instructions to tighten up your privacy permissions vary by manufacturer. Consider the following:

• Review which apps use your location and disable location services for those which you believe do not require it.
• Review and limit which apps use your “Contacts,” “Photos,” “Microphone,” and “Camera.” Apps that use these services for surveillance can be particularly invasive.
• Opt out of Google ad personalization and reset the advertising ID.
• Consider disabling Voice Access. It’s collecting more data about you than you know.
• Don’t jailbreak your phone. This creates significant security vulnerabilities.

Next will review how Alice and Bob manage their privacy permissions.

Information provided in this post is subject to the disclaimer in the first post of this series.

“I have been called a nun with a switchblade where my privacy is concerned. I think there’s a point where one says, that’s for family, that’s for me.” Julie Andrews.

So how did our friends Alice and Bob manage their privacy permissions?

If you remember, Alice has a Windows 10 PC to support her personal IT consulting business and a MacBook Pro for personal use. She carries an iPhone for both personal and business calls. Alice enabled strong passcodes for all three of her devices. She configured her PC and MacBook to sleep after 15 minutes of inactivity, and her iPhone after five minutes. They all require a passcode immediately after waking up from sleep. She limited access to screen widgets when the phone was locked to the first several items and enabled “Erase Data” to erase all data on the iPhone after 10 failed passcode attempts.

She found local accounts to be too restrictive, so she established a Microsoft account for her PC and an Apple account for her MacBook and iPhone. She regularly reviewed the apps on all her devices and removed those she was no longer using.

To manage privacy permissions on her PC, she downloaded O&O Shutup10++ and enabled all recommended settings and many “Limited” settings. She took care to make sure that automatic updates for the operating system and applications were not disabled, and that she did not disable app access to the camera, microphone, documents, images, videos, and the file system. Those restrictions broke applications that she relied upon. Since she intended to enable “Find my device,” she also did not disable location services. She took care to disable Cortana.

On her MacBook and iPhone, she tightly restricted app access to “Location Services”, “Contacts,” “Photos,” “Microphone,” and the “Camera.” She turned off all options under “Analytics & Improvements,” and “Apple Advertising.” She also disabled Siri.

Bob has a Windows 10 PC and an Android phone. Like Alice, he downloaded O&O Shutup10++ and enabled all recommended settings and many “Limited” settings. He followed the general strategy as Alice. He only used his Android phone for phone calls. He still took the time to restrict app access to “Location Services”, “Contacts,” “Photos,” “Microphone,” and the “Camera,” and to opt out of Google ad personalization. He completely disabled Voice Access. And even he was not crazy enough to jailbreak his phone.

Now that you’ve reviewed Alice’s and Bob’s privacy permissions strategy, it’s time for you to choose your own if you have not already done so. Take one step at a time.

Next, we’ll discuss tracking a lost or stolen device.

Information provided in this post is subject to the disclaimer in the first post of this series.

“I once was lost, but now am found.” John Newton.

Losing your phone or laptop makes for a very bad day. Perhaps you just lost it. Perhaps it was stolen. It can happen to anyone. It can happen to you.

Every year, over 70 million smartphones are lost or stolen. Only 7% are recovered. Over two million laptops are stolen every year in the U.S. and less than 3% are recovered. The thief may just be looking to pawn the hardware for cash. The thief could also be a sophisticated scammer looking to hack your accounts and steal sensitive data. One in ten victims of laptop theft experience identity theft. Laptop theft accounts for 57% of all identity theft cases.

It’s also possible your lost device was found by a good Samaritan who is trying to return it to you.
What actions might you take to protect yourself if your phone or laptop is stolen? And what can you do to facilitate finding and recovering it?

• As previously discussed, protecting your devices with a strong password or PIN may prevent a thief from accessing your applications and data. Enabling full disk encryption is also a deterrent, particularly if you power down your laptop when not in use. Sound password management practices reduce your risk of account compromise. Freezing your credit report protects against financial fraud. Current backups will permit you to rebuild your system on a new device if the old device is never found.
• Store device identifiers as secure notes in your password manager. These include model and serial numbers for laptops, and model and device identifiers for phones (e.g.: SEID/EID). Manufacturers often print model and serial numbers on the exterior of a laptop (in very tiny letters). You can find iPhone identifiers under “Settings > General > About”. Android identifiers can be found under “Settings > System > About Phone,” although this may vary by manufacturer. You’ll need these identifiers for the next step.
• Report a suspected theft to the police. To file a report, you will need the device identifiers noted above. And you may need a police report to file an insurance claim.
• Report the theft to the device manufacturer. Some, but not all, manufacturers provide this service.
• Deauthorize your device on accounts that support this, and remotely log out of apps that might have been active when the device was stolen. Apple, Google, Amazon and Facebook provide for this.
• If credit cards autofill from your browser, contact your bank and credit card companies. You may need to put a hold on or cancel the cards.

All the operating systems we are discussing in this blog provide a “Find my device” capability. If enabled, you can locate a device, and remotely lock or wipe it if you think it’s been stolen and can’t be recovered. Opinions vary on enabling this service. If you choose to do so, you are regularly sharing your location with operating system and device manufacturers: Microsoft, Apple or Google. Some view this as intrusive. On the other hand, if the service is not enabled, you have little chance of finding a lost or stolen device. If you choose to enable this capability, here are some brief instructions:

• Windows 10: From the Start menu, select “Settings > Update & Security > Find my device,” and then click Change.
• Windows 11: From the Start menu, select “Settings > Privacy & security > Find my device,” and click the toggle to enable it.
• macOS: Open “System Preferences > Apple ID” and select “iCloud” from the sidebar. Scroll down and check the box next to “Find My Mac.”
• iOS: Go to “Settings > [Your username] > Find My,” and select “Find My iPhone.”
  Android: Open “Settings > Security & location” and enable “Find My Device.

With luck, what was lost may be found.

Information provided in this post is subject to the disclaimer in the first post of this series.