5 steps to dial up the privacy on your smartphone

No phone is completely hack-proof, but here are a few ways to kick up the security on your mobile device.

By MSN Money Partner Jul 2, 2014 11:16AM

Woman using iPhone 5s © Moment Editorial/Getty ImagesBy Geoffrey A. Fowler, The Wall Street Journal

There's no way to completely NSA-proof your phone calls and data. But you can make the spy agency -- and anyone else -- work harder to get it.

The Wall St. Journal on MSN MoneyA year after Edward Snowden made surveillance a household term, privacy and security are becoming services you can buy in your phone. This week, Blackphone, a $629 Android phone that can secure calls and messages, starts shipping. And FreedomPop, a small U.S. carrier, now offers an $8-per-month, add-on privacy service for Android handsets.

Here's a scary reality: Phone networks are insecure, and the equipment to digitally eavesdrop is getting more common. If you work with trade secrets or confidential documents, you should assess your risks. But those of us with less sensitive, but more personal, data must recognize that smartphone apps can eavesdrop too, recording your locations, contacts and photos, and possibly sharing them in ways you don't know.

For people concerned about government or corporate espionage, hackers, and apps that grab and share your data, the question is: Are these new privacy products worth switching phones?

The answer is no. There are steps you or your company's IT department could take that might protect you just as well, or even better. (I'll get to those in a minute.) You may be better off with an iPhone, as long as you pay attention to these privacy options.

Even if Blackphone and FreedomPop's privacy features aren't must-haves in their first iterations, I'm encouraged that privacy has become enough of a concern to spawn businesses.

Privacy is difficult because it involves lots of compromises. I like the convenience of using a maps app with real-time traffic data, even if I don't like Google (GOOG) knowing every time I step out for frozen yogurt. But who has the expertise to figure out a better way to stay private?

Blackphone and FreedomPop make some privacy choices for us: They encrypt the data on your phone, something few Android phone owners bother to do on their own. They provide secure, encrypted voice and text conversations (if both sides of the conversation use the services), and virtual private networks to anonymize your data if your network isn't secure.

None of the protections they offer are sufficient to stop a government that's made you a target, but they could combat general surveillance or opportunistic hackers.

Blackphone offers a few features you don't get on FreedomPop or other Android phones. There's a Security Center that lets you toggle, one at a time, the types of data each app can access. Most important, it automatically patches its version of Android, dubbed PrivateOS -- a key defense against hackers. Early assessments of the Blackphone's security have been generally positive, but the company acknowledges it will have to open up its code for further testing.

Blackphone "is geared toward people who want privacy and security and don't know where to start," said Jon Callas, a respected cryptographer who is chief technology officer of Blackphone co-creator Silent Circle.

But I found Blackphone and FreedomPop didn't make enough tough privacy decisions to truly bill themselves as both secure and friendly to folks who sometimes just want to play "Angry Birds."

Blackphone is a decent unlocked Android handset for T-Mobile (TMUS) or AT&T (T), with an 8-megapixel camera and removable battery. Its main purpose is to distribute the secure communication software of Silent Circle and its partners. But since Silent Circle sells voice and data encryption apps for other phones with a $100/year subscription, why pay $629 for a Blackphone?

Callas acknowledges that most of the Blackphone's protections could be added manually to other phones. "But many people don't," he said.

The bigger problem is that neither company's privacy phone offerings are complete. Blackphone offers no app store or anti-malware scanner, so users must download additional apps from the Web, or choose their own Android app store, such as Amazon's. Blackphone has a private Web browser and search engine, but no less-intrusive maps app. FreedomPop just uses the default Google browser, app store and maps app. It does include a malware scanner, but it doesn't offer app-level privacy controls.

Callas said Blackphone may include an app store or a maps app in the future. FreedomPop's CEO Stephen Stokols says its set of privacy services covers 90 percent of what users care about.

When I asked the American Civil Liberties Union's principal technologist Christopher Soghoian whether he'd choose Blackphone or FreedomPop, he said he'd actually choose an iPhone. "Out of the box, Apple's (AAPL) phone is more secure," Soghoian said, even though he finds Apple's closed system annoying.

Many of the features on Blackphone or FreedomPop are already standard on iPhones, including automatic encryption. Apple offers app-level privacy controls, though you still have to dig into the settings. It also encrypts many of its services, like iCloud, FaceTime and iMessage. And Apple's curated app store hasn't been plagued by malware.

Some security researchers have questioned whether Apple could still access iMessages, in the event of a government request. You can always download software like Silent Circle's Silent Text and Silent Phone, which use anonymizing technology that could protect users even from government queries.

I'm hoping for a day when companies invent a simpler way to control privacy on a smartphone. For now, if you care about privacy, you'll need to take some action. Here are five tips that can set you down the path to greater privacy and security.

1. Password-protect your phone, and use encryption

If someone gets their hands on your phone, you can prevent them from reading its stored data (or at least slow them down considerably) by putting a strong password on the phone and encrypting its contents.

Apple iPhones offer this by default once you set a passcode. Android phones require you to turn on encryption in the settings, and the process takes about an hour to activate.

2. Choose encrypted calling and chatting apps

Standard calls and text messages are easily tracked or intercepted. Instead, use encrypted conversation apps such as Silent Text and Phone, Wickr, TextSecure, ChatSecure or Apple's FaceTime and iMessage.

The challenge is that it takes two to tango: Both you and the person you are talking to need to be using the same encrypted service to be covered.

3. Update your software religiously

Hackers and spies can take advantage of newly discovered loopholes and backdoors, especially if you don't upgrade your phone's software frequently.

Apple pushes iOS updates directly to users. Google updates Android frequently, but users get updates slowly because the updates must come through the handset maker or the carrier. Google's own Nexus phones are the most easily updated Android models.

4. Turn on a VPN in unsecure locations

If your phone is getting Internet access from an unusual or unsecure location, such as hotel Wi-Fi, spies could be lurking. Mobile VPN services like Bitmask and Disconnect Secure Wireless can provide protection.

5. Get a second phone for super-sensitive work

The people who are most serious about privacy and security keep separate devices for work and play. The reason: Phones are so inherently trackable, and so many apps are designed to share data even when you don't realize it. The more apps on board, the more risk of data spillage.

If you've got top-secret documents that you need to access on a phone, especially while traveling, restrain all activity on that phone to just the necessities. Alas, that means no "Angry Birds."

More from The Wall Street Journal

Jul 2, 2014 1:47PM
How can a common person do anything to stop this when the biggest threat is your own government??
So when is the Supreme Court going to insist the NSA get warrants to legally store the data they are stealing from our phones? What they are doing now is 100% illegal and opposes The Constitution. Unless, of course, our "representatives" have written more secret laws to allow this.

If the police have to get a warrant to look into our phones, shouldn't the NSA be held to the same standards or are they still above the law and allowed to pick and choose what Constitutional Rights they will follow? 
Jul 2, 2014 2:37PM
How many of you tin foil hat wearing paranoids have a Facebook account ? Seems to me that would be your biggest worry.
Jul 2, 2014 12:57PM
Everything wireless sends a signal, enough said.
Jul 2, 2014 3:05PM
New president, new congress. End the NSA on the American people, problem solved.
Jul 2, 2014 4:09PM
the Adam & Eve computer virus: takes two bytes out of your Apple.
Jul 2, 2014 5:54PM
I find it very interesting that there is no mention of the most secure mobile phones ever created and the only one that is certified to operate on the Defense Network and carried by the President.  When it comes to security, it is Blackberry.
Jul 2, 2014 2:05PM
Do I need to be worried about my non-smart phone?  This article only talks about smart phones.  It does have apps and can access the internet, gps, etc, but it isn't a smart phone.  It came out before the big smart phone rush. 
Jul 2, 2014 3:23PM
Better yet, don't own an mobile phone if you use an VoIP service like Magic Jack (far, far cheaper than an mobile phone) or landline exclusively. We are recently retired and we never had the need for an mobile phone although we do have an old Tracfone in the glove box of our vehicle for 911 (its mandatory for cellphone companies to always have 911 available) calls that is always on charger.    
Jul 2, 2014 5:06PM
so Mr. snow den  was right they are doing  this so why is he in trouble the people who did this should be in trouble    isn't there some Wissler blower law he can fall under or something,   screw the us government they don't give a crap about anything but money for them its a joke and the nig needs to go bring in the clinton
Jul 2, 2014 4:31PM
Good thing I don't have a smartphone. That's the best way to ensure your privacy. The government can go scroll through some other technology consumer zombie's pathetic e-life. 
Jul 2, 2014 5:09PM
what do you think would happen if  the government shut down all the cell and internet sats   how do you think this world would respond  people would not know what to do    I wish that would happen **** is out of control with all this techno crap and im only 30 years old
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Start investing in technology companies with help from financial writers and experts who know the industry best. Learn what to look for in a technology company to make the right investment decisions.





Quotes delayed at least 15 min