Navigate Up
Sign In
Skip Navigation LinksHome > infosec > Smartphones


For most people, there's no device more likely to contain important, sensitive, and personal data than their smartphone - so there's no device it's more important to keep safe.

Follow these tips to protect the data on your smartphone:

​​Lock The​ Screen

You​ should set your phone to automatically lock after a short period of inactivity, so that if anyone gets hold of it they will not be able to access it. You should also set your phone to automatically erase itself after 10 or so unsuccessful attempts to unlock.

There are various unlock methods available on modern phones. The three most secure are:

·         Using a 6 digit PIN code

·         Using a passphrase

·         Using a fingerprint scanner

Using a passphrase is probably the most secure choice but it isn't very convenient to enter on a phone, so fingerprint scanner plus 6 digit PIN code is our recommendation. As always, don't use anything obvious, like your birthday, as the PIN code.

 Most other unlock methods, while better than nothing are not as secure. Pattern swiping, for example, is very easy for someone to copy by "shoulder surfing". Most facial recognition software can be fooled - Apple's FaceID seems to be the only secure version of this so far. ​


Enabling encryption on your phone means that anyone who gets hold of it will be unable to access it even if they are able to bypass the unlock. Screen locks prevents the casual thief from accessing your data; encryption prevents the determined thief.

Make sure encryption is enabled on your phone. It is by default on iPhones. Most brand new Android phones also have it turned on; older ones might not. To enable it, go to Settings, More, Security. You will want to keep the phone plugged into power while it encrypts, which can take an hour or so.

On some Android phones you can also use a removable SD memory card. You can encrypt the card as well; but be aware that if you do this you won't be able to read the card by plugging it into a PC using a card reader - to access it from a PC you'll have to keep it in the phone and connect the phone over USB.​

Enable "Find My Phone"

Turn on the "Find My Phone" (for Apple) or "Find My Device" (for Android) options.

Then, if you lose the phone, you can go to the Apple or Google website, sign in, and see on a map where the phone's last reported location was, or make it play a sound to help you find it.

These features do depend on the phone still being able to connect to a network, so they don't always work, but they are definitely worth turning on.

 If this doesn't help you get the phone back, then these services have one more trick up their sleeve; you can send a remote wipe command to the phone, ordering it to erase itself. It's always best to play safe and erase the phone if you believe it is lost or stolen. You can always restore from backup if you find the phone later. Speaking of which...


As with any device containing important data, it's essential to back it up. You can do this either manually, by connecting to a computer via a USB cable, or automatically to a cloud storage solution. Or, better still, do both - enable a cloud backup, and once a month or so make a manual backup to your computer.

There are also services like Google Photos that will specifically backup your photos and videos.

Keep Updated

Download updates to your phone's software when they become available.

Make sure to update both the phone's software (iOS or Android) and any apps you have downloaded.

 You can set most phones to download and install updates to both the phone's software and it's apps automatically.

Keep your phone safe

The great thing about a smartphone is that it is a supercomputer you can carry around in your pocket, but that also means it's easy to lose or steal. the Metropolitan police have this advice:

 If you need to call or use your phone on the street, look out for anyone on a bike or a moped near you

  • ​​Make it quick so you don’t become distracted
  • Don’t text while you’re walking – you won’t notice what’s going on around you
  • If that’s not possible, stand away from the roadside close to a building or wall so no one can come up behind you
  • Going hands free can prevent a thief from snatching your phone out of your hand

Make a note of your IMEI

 Every phone has a unique IMEI number which helps police and insurance companies to identify it if it’s stolen. UK network operators can also stop a stolen phone from working across their networks with its IMEI.

Find your IMEI number by dialing *#06# from your phone and keep a written note of it. If the phone is stolen, report the number to your mobile provider to stop it being used.

Register your phone and other property at to help police recover stolen property and combat the sale of stolen goods.  Police recover more than 2500 items on average a month registered to the website

Use safe apps on your phone

It's hard to get malware onto a smartphone using the methods that work with PCs. So cybercriminals try to sneak malware into App Stores, and to trick you into downloading it.

So, be picky about what apps you download. Stick to the main App Stores, and try to stick to well known apps. Check the reviews too.

Watch out for apps that pretend to be something else. If you search the Google Play store for "Candy Crush" you get over 200 results, many of them fake.

When you run a phone app for the first time, it will often ask for permissions, to access photos or contact information, or to know your location. Think about what the app is asking for - is it appropriate? If the app has no business accessing your contacts, don't allow it to.

​If you store work data on your phone then Data Protection laws and the Data Protection Policy apply. So we advise against doing this - keep everything in the cloud or in the appropriate university systems.

Keep your location private

The cameras in modern smartphones are very good, and include all sorts of useful features. One of these features is geotagging - where the phone embeds the current location whenever you take a photo or shoot a video.

But this raises a potential privacy issue  - when you post a photo or video onto social media or the web you may be including location data you didn's mean to share, such as your home address.

So you may want to consider setting up your phone not to include location by default.

If you have a photo or video that already has geotags you want to remove so you can put it online, you can remove them using Preview on a Mac or File Explorer on Windows – search the web for “remove geotag” for instructions.

Data protection

One question we're sometimes asked is about using your phone's camera for work.

Photos and videos where you can identify individuals are considered to be personal data under the GDPR. However, the UK Government are allowed to grant some exemptions to GDPR in their upcoming Data Protection Act, and they plan to exempt processing done for journalistic, academic, artistic, or literary purposes, where it is being carried out with a view to publication in the public interest. Their intention is more or less copy the current freedom of expression exemptions.

Useful Links from phone makers


Blackberry 10

Earlier Blackberry devices






Windows Phone