Mobile Hardening Guide: Difference between revisions

fixed lists and bolding
fixed ol and and headers
Line 9: Line 9:
Download the [[nsa-mobile-device-best-practices.pdf|NSA Mobile Device Best Practices PDF]] for a comprehensive guide. Below are some essential highlights:
Download the [[nsa-mobile-device-best-practices.pdf|NSA Mobile Device Best Practices PDF]] for a comprehensive guide. Below are some essential highlights:


= '''Keep Applications Updated''': Ensure apps are always up-to-date to mitigate vulnerabilities and benefit from the latest security patches. =
'''Keep Applications Updated''': Ensure apps are always up-to-date to mitigate vulnerabilities and benefit from the latest security patches.
= '''Disable AdTech''': Remove your Advertising ID and disable personalized ads to reduce tracking. =
'''Disable AdTech''': Remove your Advertising ID and disable personalized ads to reduce tracking.
= '''Use Screen Lock Protection''': Secure your device with passcodes, fingerprint, or facial recognition. =
'''Use Screen Lock Protection''': Secure your device with passcodes, fingerprint, or facial recognition.
= '''Lock Individual Apps''': Set additional locks for sensitive apps such as those handling communication and finance. =
'''Lock Individual Apps''': Set additional locks for sensitive apps such as those handling communication and finance.
= '''Power Cycle Your Device''': Regularly restart your phone to clear out potential vulnerabilities.
'''Power Cycle Your Device''': Regularly restart your phone to clear out potential vulnerabilities.


== Comprehensive Mobile Security Checklist ==
== Comprehensive Mobile Security Checklist ==
Line 19: Line 19:
This checklist is designed to help you harden your mobile device security:
This checklist is designed to help you harden your mobile device security:


'' '''Digital Security''':
'''Digital Security''':
☑ Disable unused wireless radios.   
☑ Disable unused wireless radios.   
☑ Use airplane mode when not needed.   
☑ Use airplane mode when not needed.   
☑ Avoid apps and settings that rely heavily on ad tracking.
☑ Avoid apps and settings that rely heavily on ad tracking.


'' '''Passwords & Authentication''':
'''Passwords & Authentication''':
☑ Use strong passwords or pins for screen locks.   
☑ Use strong passwords or pins for screen locks.   
☑ Lock your SIM card and obtain the PUK from your carrier.   
☑ Lock your SIM card and obtain the PUK from your carrier.   
Line 31: Line 31:
☑ Use a trusted password manager.   
☑ Use a trusted password manager.   


'' '''Activity & Maintenance''':
'''Activity & Maintenance''':
☑ Turn off always-on virtual assistants.   
☑ Turn off always-on virtual assistants.   
☑ Regularly update the OS and apps.   
☑ Regularly update the OS and apps.   
Line 45: Line 45:
=== Recommended Applications ===
=== Recommended Applications ===


= '''Password Managers''' =
'''Password Managers'''
# '''Bitwarden** or '''KeePass** for secure password management and generation.
* **Bitwarden** or **KeePass** for secure password management and generation.


= '''Multi-Factor Authentication (MFA)''' =
'''Multi-Factor Authentication (MFA)'''
# '''Aegis** (Android) or '''OTP Auth** (iOS) to enhance security with two-factor authentication.
* **Aegis** (Android) or **OTP Auth** (iOS) to enhance security with two-factor authentication.


= '''Anti-Malware Software''' =
'''Anti-Malware Software'''
# '''Malwarebytes** to protect against malware and other security threats.
* **Malwarebytes** to protect against malware and other security threats.


= '''Encryption Tools''' =
'''Encryption Tools'''
# '''OpenKeychain** (Android) or '''Cryptomator** for encrypted cloud storage and PGP key management.
* **OpenKeychain** (Android) or **Cryptomator** for encrypted cloud storage and PGP key management.


= '''VPN Services''' =
'''VPN Services'''
# '''MullvadVPN** or '''ProtonVPN** for secure browsing.
* **MullvadVPN** or **ProtonVPN** for secure browsing.


= '''Secure Communication''' =
'''Secure Communication'''
# '''Signal**, '''Element Messenger**, or '''ProtonMail** for encrypted messaging and emails.
* **Signal**, **Element Messenger**, or **ProtonMail** for encrypted messaging and emails.


=== Additional Applications for Security and Privacy ===
=== Additional Applications for Security and Privacy ===


==== Password Management ====
==== Password Management ====
* '''Bitwarden**: Available on [https://play.google.com/store/apps/details?id=com.x8bit.bitwarden Android] and [https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744 iOS].   
* **Bitwarden**: Available on [https://play.google.com/store/apps/details?id=com.x8bit.bitwarden Android] and [https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744 iOS].   
* '''KeePass**: Available on [https://play.google.com/store/apps/details?id=keepass2android.keepass2android Android], [https://strongboxsafe.com/ iOS], and [https://f-droid.org/en/packages/com.android.keepass/ F-Droid].
* **KeePass**: Available on [https://play.google.com/store/apps/details?id=keepass2android.keepass2android Android], [https://strongboxsafe.com/ iOS], and [https://f-droid.org/en/packages/com.android.keepass/ F-Droid].


==== Two-Factor Authentication ====
==== Two-Factor Authentication ====
* '''Aegis**: Available on [https://getaegis.app/ Android] and [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ F-Droid].   
* **Aegis**: Available on [https://getaegis.app/ Android] and [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ F-Droid].   
* '''2FAS**: More details available on the [https://wiki.irregularchat.com/en/resources/guides/dfp-guide/quick#multi-factor-authentication-mfa official MFA guide].
* **2FAS**: More details available on the [https://wiki.irregularchat.com/en/resources/guides/dfp-guide/quick#multi-factor-authentication-mfa official MFA guide].


==== Malware Protection ====
==== Malware Protection ====
* '''Malwarebytes**: Available on [https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware Android] and [https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431 iOS].
* **Malwarebytes**: Available on [https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware Android] and [https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431 iOS].


==== Encryption and Data Protection ====
==== Encryption and Data Protection ====
* '''OpenKeychain**: Manage PGP keys on [https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain Android].   
* **OpenKeychain**: Manage PGP keys on [https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain Android].   
* '''Cryptomator**: Encrypt files before cloud upload on [https://play.google.com/store/apps/details?id=org.cryptomator Android], [https://apps.apple.com/us/app/cryptomator/id953086535 iOS], and [https://f-droid.org/en/packages/org.cryptomator.lite/ F-Droid].
* **Cryptomator**: Encrypt files before cloud upload on [https://play.google.com/store/apps/details?id=org.cryptomator Android], [https://apps.apple.com/us/app/cryptomator/id953086535 iOS], and [https://f-droid.org/en/packages/org.cryptomator.lite/ F-Droid].


==== Secure Communication ====
==== Secure Communication ====
* '''Element Messenger**: Available on [https://play.google.com/store/apps/details?id=im.vector.app Android] and [https://apps.apple.com/us/app/element-messenger/id1083446067 iOS], also on [https://f-droid.org/en/packages/im.vector.app/ F-Droid].   
* **Element Messenger**: Available on [https://play.google.com/store/apps/details?id=im.vector.app Android] and [https://apps.apple.com/us/app/element-messenger/id1083446067 iOS], also on [https://f-droid.org/en/packages/im.vector.app/ F-Droid].   
* '''ProtonMail**: Encrypted email service from Switzerland, available on [https://play.google.com/store/apps/details?id=ch.protonmail.android Android] and [https://apps.apple.com/us/app/protonmail-encrypted-email/id979659905 iOS].
* **ProtonMail**: Encrypted email service from Switzerland, available on [https://play.google.com/store/apps/details?id=ch.protonmail.android Android] and [https://apps.apple.com/us/app/protonmail-encrypted-email/id979659905 iOS].


==== Specialized Tools for Security ====
==== Specialized Tools for Security ====
* '''TrackerControl** (F-Droid): Monitor and control app data collection.   
* **TrackerControl** (F-Droid): Monitor and control app data collection.   
* '''Insular**: Isolate apps or run multiple accounts on [https://f-droid.org/en/packages/com.oasisfeng.island.fdroid/ F-Droid].
* **Insular**: Isolate apps or run multiple accounts on [https://f-droid.org/en/packages/com.oasisfeng.island.fdroid/ F-Droid].


=== Side-Loading Apps: Risks and Benefits ===
=== Side-Loading Apps: Risks and Benefits ===
Line 113: Line 113:


=== How to Install F-Droid ===
=== How to Install F-Droid ===
1. Visit the [https://f-droid.org/en/ official F-Droid website].   
# Visit the [https://f-droid.org/en/ official F-Droid website].   
2. Download the F-Droid APK file.   
# Download the F-Droid APK file.   
3. Enable installation from unknown sources on your Android device.   
# Enable installation from unknown sources on your Android device.   
4. Open the APK file to install F-Droid.   
# Open the APK file to install F-Droid.   
5. Browse and install secure, open-source apps.
# Browse and install secure, open-source apps.


For those looking for a Google Play alternative, try the [https://f-droid.org/en/packages/com.aurora.store/ Aurora Store], an open-source frontend to Google Play with privacy in mind.
For those looking for a Google Play alternative, try the [https://f-droid.org/en/packages/com.aurora.store/ Aurora Store], an open-source frontend to Google Play with privacy in mind.


[[Category:Privacy]]
[[Category:Privacy]]
[[Category:Security]]
[[Category:Security]]
[[Category:Mobile Security]]
[[Category:Mobile Security]]
[[Category:DFP Guide]]
[[Category:DFP Guide]]
[[Category:Guides]]
[[Category:Guides]]