my-cumbria-logo, Toggle navigation

cs_mobile, Mobile device security icon

Most students and staff use a smartphone for some or all of their online interactions. This may include social media, browsing the web, using email, using productivity software, playing games, shopping and banking. All of these activities present some risks to your device and also the services you use.

The following information describes the issues and shows you how you can reduce the risks. Please note: As of June 2019 worldwide mobile operating system market share is Android (76%), Apple (22%) and Other (2%). As such, any direct instructions will be for Android and Apple devices.

 

  • Is your phone secure and up-to-date?

    The two most important things you can do for mobile phone security are to ensure that you device is secured (locked) whenever you are not actually using it and to keep all software and apps updates.

    Screen Lock and Security

    There are a number of ways to secure modern smartphones:

    Security OptionCommentsSecurity Level
    None Leaving your device permanently unlocked is extremely insecure. If your device is ever lost or stolen, then anyone else will be able to access your data and use your device as though they are you. Remember that most of your apps will auto-login, so everything is available to anyone who has your device. Very Weak
    PIN Setting a PIN to lock your device is stronger than no lock, but if you only use four digits (or a common pattern like 12345) then your security remains very weak. For every extra digit you add, it becomes up to 10 times harder to access your device. Weak to Medium
    Swipe Pattern Swipe patterns can also be a very weak way of securing your device. if you have recently unlocked your device, then (with a simple pattern like a V, U, X or square) another person will be able to see that pattern in the fingerprints on your screen. More complex patterns provide more security. Weak to Medium
    Password Setting a password to unlock your device can be very secure, so long as you have chosen a strong password. This can cause some inconvenience when trying to use your device, if you are continually having to enter a long and complicated password to access anything.  Weak to Very Strong
    Fingerprint Fingerprint unlocking has been seen as a very strong way to secure mobile devices, but this is not necessarily the case. It is possible for hackers to fool the fingerprint scanner on most devices and gain full access to your apps and files. Whilst it would not be common for this to happen, it is possible. Medium to Strong
    Face Face unlock was also seen as being extremely secure, but it has been shown that people with similar facial shapes and features (especially siblings) can unlock your device.  Medium
    Iris Iris unlocking remains one of the strongest security options for locking your mobile devices (along with setting a strong password). It is also quick and convenient, but can struggle to unlock in poor light conditions or if you wear glasses. Very Strong
    Auto Unlock Auto-unlock (or Smart Lock) provides a lot of convenience by allowing your device to automatically unlock based on either locations or connections you have set. Examples would be to set your home address as a safe location for auto-unlock or when your device connects to your car's bluetooth then auto-lock is enabled. The device will re-lock when this location is left or if the device disconnects from the car. The weak security comes from another person having complete access to your device until it is outside of the safe zone. Weak to Medium

    System Updates

    You mobile device will always prompt you when there are software, operating system and security updates available. You should always accept these updates in order to keep your device safe and secure, particularly staying safe against new security risks.

    You can also manually check your device for any outstanding updates:

    iOS (iPhone & iPad) - go to Settings > General > Software Update

    Android - go to Settings > Software Update

    You will need to be connected to wi-fi and plugged into the mains for most system updates.

    App Updates

    You mobile device will always prompt you when there are app updates available. You should always accept these updates in order to keep your device safe and secure, particularly staying safe against new security risks.

    iOS (iPhone & iPad) - the App Store button will show a small number in red to let you know how many App updates are available. Connect to wi-fi and click through to accept the updates.

    Android - you will receive notifications whenever Apps are available for updates. This will not usually happen more than once per day. You can also manually check for available updates by going to the Play Store > Setting Menu > My Apps and Games. You will be prompted to connect to wi-fi. 

  • Let's Get Appy!

    Official apps are usually better than the web

    Official apps have usually been designed to do the best job possible and the University of Cumbria recommends that you use the official apps for our main systems including the Student Hub, email, OneDrive, Linkedin Learning and Blackboard (see Mobile Apps for the download links).

    IMPORTANT: The mobile apps will also help with your device security by only presenting official content and official links. Any genuine link to OneDrive, Facebook, your bank, Paypal, etc. will automatically redirect to the offical app that you have installed. If a link (in email or elsewhere) tries to send you to a fake login page on the web, knowing it should have opened the app, you can just close the page and open the app instead. 

    Is an app any good? 

    Even when you have downloaded an app from your official app store, you have to be a bit app savvy. Does an app, you are downloading, have good reviews? If it has good reviews - does it have lots of them?

    If an app has lots of bad reviews, do you really want to add it to your device?

    Why does an app need all those permissions?

    You also need to view and review any permissions that an app is requesting - this might be when you first download an app or when it is being updated. Why does a free calculator app need access to your files and folders? Why does that new candy game want permission to send and receive text messages?

    If you don't see why the permission is needed, then you probably don't want to install the app.

    Unofficial app stores are dangerous

    Most apps from unofficial app stores are either fake or stolen versions of official apps. These apps can contain viruses, spyware and other malicious content.

    Only ever use the official apps stores to improve your device security.  

  • Smartphones - The Risks

    There are a wide range of security risks associated with the use of mobile devices. Here we explain the common ones and show how you can reduce the risks.

    Free wi-fi

    Everybody likes free stuff and free wi-fi is everywhere, but it is very rare that free wi-fi is secure.

    If you go to a coffee shop or other location that is offering free wi-fi and you don't need to login to anything, then the wi-fi is not secure. Other people using the wi-fi have the potential to see everything you are doing and even remotely access your device.

    Risk reduction: Never use unsecured free wi-fi. Stick to using your 3g/4g/5g connection unless you can access Eduroam or secure wi-fi that is offered by your broadband or mobile phone contract provider.

    Phishing

    Phishing attacks are becoming more common on mobile devices, because they are always switched on and emails prompt you to read them as soon as they land. On mobile it is very difficult to see where a link is actually pointing to, so you are at more risk of clicking on things in "official-looking" emails.

    Risk reduction: Install the official apps for sensitive services such as banking and shopping sites (genuine links will open the app for you). Manually type in URLs that appear in emails e.g. if you have an email that looks like an important message from PayPal - go to your mobile browser and type in www.paypal.com to see if there is actually a message waiting for you.

    Madware, spyware, viruses and trojans

    There are lots of malicious programs out there that are trying to either steal your data or generate revenue (usually through advertising) for unscrupulous people. You can pick up these programs (malware) through many locations including bad apps, fake apps, websites, phishing attacks and more.

    Risk reduction: Only install apps from official app stores AND install some reputable antivirus software on your device (choose an antivirus app that you have heard of or pick one that has hundreds of thousands of good reviews).

    Lost or stolen device

    Many modern flagship smartphones cost over £1000 - this is a very tempting target for thieves. As of December 2018 there are over 1200 smartphones stolen in the UK every day - that is close to half a million during the year. Younger people are more at risk of having a smartphone stolen and that risk increases in bigger cities and at events like music festivals. 

    Risk reduction: Know where your phone is and don't leave it poking out of a back pocket. Be aware of your surroundings and those around you when using your phone in public. Ensure it is always locked when you are not using it. Make sure you have enabled phone tracking on your device (Android - Find my device | Apple - Find my iPhone) - this software allows you to locate, ring and securely wipe your phone from any location.

    Inactive apps

    Not used an app for a while? Downloaded an interesting looking app because it was on offer (or recommended by a friend), but have never used it? What are those inactive apps doing in the background? What permissions did you give them when they were first installed? It is possible that a seemingly inactive app is transmitting data to the app developer - including things like the current location of your device.

    Risk reduction: If you have not used an app for a while, then delete it from your device. If you paid for the app, then your app store will remember this and will allow you to reinstall it later if you decide you want it back.

    Mobile payments

    Mobile payments have become a very convenient way of paying small amounts without have to get out you purse or wallet, but they do present some risks. It is possible for cyberthieves to brush past you and gather your payment details directly from your device and if an unlocked device is stolen, then the thieves can make any number of £30 purchases until your bank stops your cards.

    Risk reduction: Always switch off mobile payments when you are not making a purchase - this is a little more inconvenient, but a lot safer. Always lock your phone when you are not using it. Reduce the risks of it being stolen.

    Finally - backup your device and get insured

    Your smartphone is an expensive purchase and if it gets stolen or destroyed by malicious software - you will need to replace it. Whilst good insurance will not replace all of the files you have lost, it can replace your device.

    Doing regular backups of your data (photos, messages, videos and even game progress) will help reduce the risk of losing everything if you lose access to your device. Google and Apple both provide this functionality and will safely store your files in the cloud (Google Drive and iCloud).

    It also makes sense to occassionally delete older content from your device. Why are you carrying around 3000 photos on your device when you can access them in the cloud at any time you like?

Edit page