Mobile Devices – Data, Privacy and Security

With mobile devices, it’s all about the data. If you’ve ever had an Android or iOS device, you know that there’s questions about where the pictures and other data are stored, if it’s backed up, if it’s copied to the cloud, how you get your pictures on your computer or printed out, and how you make sure your pictures, texts, contacts etc. don’t get spread around the internet to places you don’t want or released to people you don’t want. If you haven’t considered the data on your phone important, you might want to think about all the “stuff” you probably have on it, how you store it, share it, and access it from other places.

Backup

iOS is pretty good about this if you trust the iCloud service – configure backup and you can get everything back pretty easily. You also have easy access via your computer’s web browser to anything copied to iCloud. The important thing to know about iCloud backup is that your phone (or other device) must be on W-Fi, plugged in and the screen locked for this process to work automatically. No data is used from your plan with this feature as you are always on Wi-Fi for the process. You may also back up to iTunes, however this is only good for backing up your music and apps from your phone.

Android is a little more confusing. There’s a backup my device to Google, but as you may have found out, this doesn’t do what you might expect. It saves the app settings, but doesn’t by itself back up pictures, contacts, texts, videos, and on and on. To back up those you need to take some extra steps. One option is to use Google’s pictures app and turn on backup there. The downside of that is you’re sharing more data to your Google account (which can be accessed by other apps that connect to the account – see Pokémon Go issue) and more importantly, it can really eat up your mobile data. There doesn’t seem to be a way in Android 6 to make pictures back up only on Wi-Fi or the like. So if you’re out taking a lot of pictures, you’ll be using a LOT of data to back those up. I’ve seen 2GB easily used in one day of snapping pictures.

So, what’s a good option? I use a free tool called Syncthing to keep a copy of everything on my phone on my computer as well. It’s also able to keep previous versions if desired, and to keep copies on multiple computers or devices. All you do is install the app on your phone and share the folder(s) you want to back up. I select the whole device so I don’t have to decide specific things to back up, but this does use more storage space on the backups and might be backing up a lot of things you don’t really need. You then go install the program on your computer(s) and use the QR Code to connect it to the app on the phone. You approve sharing the folder(s) on both sides, and while setting up the folder(s) in Syncthing decide if you just want an exact copy or if you want to store previous versions of files. Once that is done, I recommend going to your phone, and Syncthing settings – change it to always running and sync only on Wi-Fi. This way your data use is minimized, just realize backups only happen when you’re on Wi-Fi. However, if you are on Wi-Fi the backups happen pretty much as any file is created or modified. This is great as it’s not a cloud service, the data is only on your computers and devices, and you buy the storage once (hard drives or whatever), there’s no monthly fees. If you kept previous versions, or the device just dies completely, restores are pretty easy – on the computer you set the folder to “master” and rename the previous copy, let it sync and done. Read the docs and get the programs: https://syncthing.net/

Data Transfer

Now, you can use some backups to transfer the data as well – Syncthing gets the copies to wherever you share the folder, and Google has some sharing options. However, little beats cloud apps for accessing files from any computer (usually without even needing to install a program) and sharing specific files with other people. Cornell has purchased box.com for all employees – you select “Sign in with SSO” and you can log in with your NetID credentials. You get unlimited storage and access to many Box features. The Box app lets you easily upload files from your phone, and the webapp lets you share, view, download and manage the files and folders stored at Box.

Another option can be to use an app like ESFileExplorer which lets you configure SFTP access to any CLASSE Linux computer and you can then access Samba from there.

Warning: like many other Cornell business services, access to the free Cornell Box service will go away when you retire or leave Cornell. Continuing access to CLASSE services would have to be discussed with the CLASSE IT director.

Privacy

Apple is huge on user privacy. You probably remember the huge scandal recently where the FBI couldn’t get an iPhone unlocked and Apple wouldn’t help. This is how much they value user privacy. They set up their privacy features to not allow even themselves to access someone’s phone if necessary. They use both thumbprint access as well as a security code (assuming the user has set these options up in their settings.) This makes it very difficult for anyone to access an Apple device.

Mobile apps ask for permissions. These permissions may be necessary to do what the app is designed to do, but often they’re just there to collect information from you. A flashlight app doesn’t need to figure out your location or read your contacts or have any identity information. It does need access to the camera so it can flip on the flash to use as a flashlight. In Android 6 there’s a great new feature where apps can have permissions set with granularity and as they need them. This is a vast improvement over the give the permissions asked for or don’t install the app of previous versions of Android. Of course, if you had rooted your phone there were options to do this in previous versions, but now you can do it in a stock install.

Make sure to consider what permissions an app is asking for, and whether you want the company that made the app to have access to that information. Pokémon Go was a recent “scandal” (http://toucharcade.com/2016/07/11/playing-pokemon-go-is-potentially-a-huge-security-risk-if-youre-using-your-google-account-on-ios/)  where it “accidentally” asked for full permissions to your Google account. That meant they could send e-mail AS YOU, look at all your Google Pictures, including private ones, and more. So this is important.

Security

Mobile devices have more security options than ever. Most current ones support fingerprint unlocking, as well as pin and password. Strong passwords are of course the most secure, but anything is better than no locking at all. With smart wearables like smartwatches becoming more affordable, many mobile devices can be set to only lock when away from the wearable for a certain amount of time. You can usually also use location based security like locking only when outside of your house. Putting these together with a strong password and reasonable timeouts can let you use a strong password to lock the device, without making it almost unusable because of constant prompts to type in the complicated password.

On Android, there are many options for antimalware as well. This can be a good idea because sometimes malware can make it into the play store.

There are also options for ad blocking. The Firefox mobile browser can install extensions like the desktop version and I’d recommend considering uBlock Origin there as well. This will save on data use because you’re not wasting time, battery and bandwidth downloading ads. For more comprehensive ad blocking, consider purchasing AdGuard. This app runs as a VPN and blocks ads in all apps, including the browser. This also reduces your exposure to malware embedded in these advertisements.

Skip to toolbar