X

The Data Privacy Tips Digital Security Experts Wish You Knew

We have seven pro tips to keep iPhone and Android apps from spilling your data.

Shelby Brown Editor II
Shelby Brown (she/her/hers) is an editor for CNET's services team. She covers tips and tricks for apps, operating systems and devices, as well as mobile gaming and Apple Arcade news. Shelby also oversees Tech Tips coverage. Before joining CNET, she covered app news for Download.com and served as a freelancer for Louisville.com.
Credentials
  • She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.
Shelby Brown
6 min read
Privacy and security on the internet

Keep your data safe from prying phone apps.

James Martin/CNET

Each year, digital security becomes more important. Many of us rely on iPhone or Android apps for entertainment, navigation, exercise and social networking, but these apps are notoriously tough to trust. There's no way to tell at face value if an app is tracking you (even when you say stop), and no protection is foolproof in today's world of ever-evolving technology. An app that behaves well today could turn into a bad actor tomorrow if the company behind the app is sold, changes its direction or winds up compromised because of a flaw. With that in mind, it's far past time to heighten your protection. 

how-to-tech-tips-logo-badge.png
Brett Pearce/CNET

There are ways to find and delete the data Google has saved about you, along with some new privacy settings in Android and iOS to stop apps from tracking you. But there's more you can do to protect your data privacy and improve your smartphone security. We talked to digital security experts about the data privacy and security steps they wish more people would take when using smartphone apps. Here are their suggestions. 

1. Use a password manager

The strongest passwords are random strings of characters. A series of letters, numbers and symbols in no particular order is less likely to be found in the dictionary and harder for a computer to crack with brute force. The downside is that these complex passwords are much harder to remember.

This is where a password manager app comes in handy. Password managers keep all your passwords in one encrypted and password-protected app. They also generate and remember strong passwords. While apps like Google Chrome and Samsung's proprietary phone app will offer to save passwords for you, security experts always go to the password manager.

It's also best to avoid using the same password for multiple accounts. If one account is compromised in a data breach, all the accounts are compromised. With a password manager, each one of your accounts can have a different, complex and hard-to-crack password. Some will even generate passwords for you.

We recommend one called Bitwarden, but there are many other password managers to choose from.

data-privacy-security-hackers-hacking-unlock-iphone-0992
James Martin/CNET

2. Use a VPN on public Wi-Fi

If you're going to get on a public Wi-Fi network while on your phone instead of using your mobile data, experts suggest using a VPN. A virtual private network can keep your data from being snooped on by other people lurking on the same public network. They can also mask your data transmissions, avoid filtering and censorship on the internet and allow you to access a wider variety of content around the world. Here's everything to know about VPNs.

For our purposes, it can shield you from having to get on a free public network that others can use to gain access to your phone. When looking for a provider, it's important to research the company to find out if it's well-known and trustworthy. The Apple App Store and the Google Play Store have dozens of VPN apps that are free, but some have questionable practices, so take care.

Regardless of how frequently you plan to use a VPN, it's important to read through the service agreement so you know what data might be collected and where it will be stored. See CNET's guide to the best VPNs.

3. Be mindful of app permissions

One tip that almost all of the experts mentioned was double checking which permissions the app asks for. You should also ask yourself whether it makes sense for an app to ask for certain permissions. An app asking for access to data that isn't relevant to its function is a major warning sign.

"[If] you're downloading a simple app for a pocket calculator for instance and the app is requesting access to your contact list and location," said Stephen Hart, CEO of Cardswitcher. "Why would a calculator need to see your contact list and location? Requests like that should ring some alarm bells."

facebook-logo-eye
Graphic by Pixabay/Illustration by CNET

In addition to paying attention to permissions that you grant to an app, it's also important to monitor how your phone behaves after you download it. Shlomie Liberow, a technical program manager and security guru at HackerOne, said that drastic changes in your device's battery life are another red flag, since malicious apps can constantly run in the background. 

"If after installing an app, you notice your battery life decreasing faster than usual, that may be a tell-tale sign that the app is up to no good and is likely operating in the background," Liberow said. 

Here's how you can keep your app permissions in check.

4. Research the app or company

While you can't tell at face value if an app has sinister motives, a quick Google search can supply more information. The experts suggested searching the name of the app and the phrase "data scandal" or "scam." Hart said the results should tell you if the company has experienced any recent privacy or data leaks.

zombie-apps-image

"This search should also tell you if data breaches are a common occurrence at that company and, if they have experienced any, how they have responded to them," Hart said. "If the company has been affected several times and done nothing to address the problem, steer clear of the app -- it suggests that they aren't taking the issue seriously."

Joe Baker, an IT Systems Administrator at Anderson Technologies, said it's wise to avoid an app if it's the only one a developer has produced or if the developer was responsible for any other shady apps.

5. Limit social media exposure

Facebook's Cambridge Analytica data scandal put the popular social network in hot water. But even people who've freed themselves from Facebook's siren call after the fallout (or never created a profile in the first place) might still be at risk for privacy invasion. If you appear on a friend or family member's account, you're still visible online. After those accounts are observed, companies can construct a "shadow profile" that details a person's likes, dislikes, political leanings, religious beliefs and more.

Watch this: Loads of Android apps are skirting privacy controls

It's wise to limit the amount of information you share on social media, regardless of what the site asks for on your profile. The more information you share, the more data that's available to create advertisements for you. Only fill out the absolute minimum amount of information necessary. The more information is at risk in the event of a data breach.

"Smartphone apps are generally more 'thorough' when it comes to targeted advertising. There's even concern among some about those programs accessing your phone's microphone (presumably for more targeted advertising)," Bobby Kittleberger, head of Legal Software Help, told CNET.

6. Keep software up to date

Making time to update your smartphone's operating system is critical to keeping your data safe, according to Walsh. The updates let you stay a step ahead of hackers and the latest exploits they're spreading across the internet. Hart suggested adjusting your phone's settings so it'll update automatically.

"Think of software updates like vaccinations for your smartphone," Hart said. "The methods that criminals use to hack into your phone and steal your data are constantly evolving, so the ways that we protect our smartphones need to evolve too."

galaxy-s10e-43

While you can side-load apps, it's more secure to only install them from the Google Play Store or App Store.

Angela Lang/CNET

7. Only download apps from Google and Apple's stores

Not all the apps in the App Store or the Google Play store are 100% trustworthy, but experts still say you should only download from the official stores, rather than side-load an app.

"Apps available on these platforms will have been vetted to ensure that they meet a standard quality of data protection and will also be required to produce a dedicated privacy policy for you, telling you just how they protect your data," Hart told CNET.

Downloading an app from unofficial or insecure sites increases the risk of ransomware, malware, spyware and trojan viruses infecting your device, according to Walsh. He says in the worst case scenario, the hacker can take full control of your device.

In addition to avoiding apps that are the only one a developer has produced, Baker encourages users to see how long an app has been available and take a look at the reviews before downloading.

"A natural assortment of reviews should include varied rankings," he said. "Some fraudulent apps will also display fraudulent reviews."

You should question irregular patterns of speech, high ratings with no description or explanation. Baker also said to check if an app has been written about on a third-party site.

"Long-form reviews from peers are going to be the best and most reliable source of information here," Baker said. 

For more, check out how to stop apps from tracking you in iOS, and Android 12 data and privacy features you probably didn't know about until now. Plus, here's how to keep your apps from spying on you.