Why is my cell phone insecure?
Your cellphone is the most vulnerable communications device you have. It is the device most often used when people aren’t in the office (and, in some cases, even when they are in the office).
Cell phones are insecure because the government can track whom you call and where you call from by pulling that information from cellphone towers. In fact, they can track your location simply by logging which cell phone towers your phone connects to as you walk down the street. They can also capture content as it moves between phones. And, they store your contacts and calendars, some of the most sensitive data that you have. If you lose your phone or have it confiscated or stolen, you may lose this important information.
So you should think about the question — do I really need to bring my phone into a space were it could be confiscated or stolen? — and think carefully about your answer. Many of us will decide that we need our phones wherever we are so the rest of this answer is that much more important.
Unlike traditional text messages and phone calls, Signal encrypts your communications from end-to-end to protect the content of your calls, text messages and video chats. This means that if someone captures the message as it is traveling between phones, that person or group can’t read it. Not even the servers running Signal are capable of tracking or otherwise knowing anything about the communications taking place.
In our opinion, there is no better option for ease of use and ease of installation than Signal.
This takes place automatically if both people are using Signal—the program installs the necessary keys and encryption software on your phone to make this happen. It is the easiest encryption software to use. Given the importance cellphones play in our lives, it is a must.
One caveat of using Signal is: You must provide a working telephone number to use it – so it’s difficult to use Signal in a completely anonymous way.
With an Android phone
It couldn’t be easier.
Download and install the Signal app.
Confirm your use of it, and make it your default when asked.
Confirm the “access to your contacts” which is Signal’s way of copying the contact list you were previously using for texting.
Then just use it for your texts, video chats and calls.
Now when you text someone who is using Signal, the text is encrypted. If that person is not using Signal, your text message is sent in plain text. You lose nothing.
With an iPhone
Download and install the Signal app.
Go through the verification procedure, which may involve entering your phone number and submitting a verification code that Apple sends you when you first intall the app.
Finally, in some versions of iOS, Signal will ask permission to send you notifications. You should accept that.
Now you’re ready to use it.
Note that with the iPhone, Signal will not send messages to phones that aren’t using the app. It also doesn’t automatically switch to SMS messaging. You have to go to your non-encrypted SMS program (Messages in iOS) to do that. If you are trying to send a message to a person who doesn’t have Signal, the program will immediately let you know that the communication is impossible and you’ll have to make that momentary switch.
Full Disk Encryption
First off, before anything else, make sure your phone is protected with a good, strong password. There are other protection protocols — drawing or face or print recognition — and some people swear by those. But you control a password and, with one, the possibility of malfunction is a lot lower.
Even if you have a strong password on your phone, your data can still be copied if someone removes the storage chip from your phone – a simple process for anyone who confiscates or steals your phone.
To protect your data, you can use full disk encryption.
Beware: If you use full disk encryption and you forget your password, there is no way to recover your data!
Newer phones have encryption on by default. To see if you have it enabled (and to enable it if you don’t) please see these useful instructions for iPhone and Android phones.
Backing up contacts and Calendar
By default, when you setup your new iPhone or Android phone, one of the first things you are expected to enter is your Apple ID and password or your Google email and password. Based on this information, your phone will begin synchronizing your contacts and calendar items to the Google and Apple servers. Eek. Don’t do that!
You can disable this synchronizing, but then you lose a valuable backup option – particularly important when you change phones.
Alternatively, see our article on cloud storage for information about Nextcloud, which can allow you to synchronize your contacts and calendar to a server run by people you trust.