Mobile Safety & Tips

Topic overview · Practical habits for phones and tablets

Phones sit in the middle of daily life: banking, messages, photos, health data, work accounts. That makes a small number of routine habits disproportionately valuable — most of them take a minute or two to set up and then quietly keep working in the background.

Keep the operating system updated

Security fixes ship in OS updates, and a phone that is two versions behind is also behind on every fix released in between. Turn on automatic updates in the system settings and let the phone install them overnight when it is plugged in.

Install apps from trusted sources

Use the official App Store or Google Play for most installations. Side-loaded apps — installed from a file or a link — can work fine, but they skip the basic checks the app stores apply, so the bar for trusting the source should be higher.

Review app permissions

Every few months, open the privacy or permissions section in your system settings and look at what each app can access. Useful questions to ask:

• Does this app really need my precise location, or would approximate location do?
• Does it need access to my contacts, microphone or camera at all?
• Can I switch a permission to "only while using the app" instead of "always"?

Lock the device properly

• Use a six-digit passcode or longer. Four digits is easy to shoulder-surf.
• Turn on biometric unlock (face or fingerprint) for convenience, with the passcode as a fallback.
• Set the automatic-lock timeout to a short interval.

Be deliberate about networks

• Turn off automatic joining of open Wi-Fi networks, so the phone does not silently connect to unknown access points.
• Prefer your mobile data for anything sensitive when you are in an unfamiliar place.
• Use a VPN on public Wi-Fi if you use it often.
• Forget networks you no longer use, especially those you joined once while travelling.

Back up regularly

Turn on the built-in cloud backup from Apple or Google, or use a local backup on a trusted computer. A lost or broken phone should be an inconvenience, not a catastrophe.

Sign-in hygiene

• Use a password manager so each app has a unique password.
• Turn on two-step verification on your main email and app-store accounts.
• Review which devices are signed in to your account and revoke any you don't recognise.

Messages, links and scams

• Treat unexpected links in SMS, WhatsApp, or social apps with the same caution as unexpected email links.
• Don't call back a number from an "urgent" message. Find the real number for the bank or service yourself.
• Be extra careful with messages that push urgency ("act now", "24 hours") — that's a standard scam signal.

Think about what happens when the phone is gone

• Turn on "Find my device" in the system settings.
• Know how to remotely lock or wipe the phone if it is lost or stolen.
• Keep an up-to-date list of the accounts that are signed in, so you know what to secure first.

None of this is exotic — most of it is one or two taps in the settings app. Combined, it takes the phone from "default" to "reasonably well looked-after" with very little ongoing effort.

Keep exploring

Dig deeper in the blog archive, or see our guide to public Wi-Fi and the phishing walkthrough.