How to secure your iOS and
Android devices

In an increasingly connected world, protecting your digital life starts with securing the devices you use every day. Both iOS and Android devices offer robust security features, but knowing how to configure them is key. This essential guide to securing your mobile devices provides the necessary steps to harden your smartphone and keep it updated, and outlines our recommended best practices for routine digital security.
iOS device hardening
For iOS devices, a combination of passcode settings, biometrics, and privacy configurations is essential. Access your device’s settings app to implement the following security measures:
- Create a strong passcode and set up biometrics: Use a complex alphanumeric passcode rather than a simple 4- or 6-digit PIN. Pair this with Face ID or Touch ID for a secure and convenient way to unlock your device and authenticate actions. Navigate to Settings > Face ID & Passcode.
- Set up two-factor authentication (2FA): This adds a critical layer of security when accessing your various accounts. Utilize an authenticator app whenever possible. You can also set up security keys for an even more secure form of 2FA. Select Settings > Your name (at the top) > Sign-In & Security.
- Enable “Find My” and “Stolen Device Protection”: “Find My” is a must-have for locating a lost or stolen phone. Access this by clicking on your profile at the top of the settings app. On newer devices, enable “Stolen Device Protection” to add a crucial security delay for sensitive actions when your device is in an unfamiliar location. To do this, navigate to Settings > Face ID & Passcode. Enter your passcode and then select “Stolen Device Protection.”
- Set up account recovery: Choose from a few options to add a recovery contact in case you lose access to your account. You can also add a recovery key to keep in a safe place in case you lose access to your account. Select Settings > Your name (at the top) > Sign-In & Security.
- Manage lock screen access: Prevent unauthorized access to your phone’s features from the lock screen. Disable options like Control Center, Notification Center, and Siri in Settings > Face ID & Passcode to prevent a threat actor from easily enabling Airplane mode.
- Manage location settings: In your location settings, you’ll see all of the apps that use your location. It’s recommended to choose “never”, or, at the very least, “while using”, as your location permissions for each app. Navigate to Settings > Privacy & Security > Location Services.
- Audit app permissions: Go to Settings > Privacy & Security to review which apps have access to your personal data, such as your location, contacts, and photos. Only grant permissions that are absolutely necessary for an app to function.
- Turn off personalized ads: Navigate to Settings > Privacy & Security > Apple Advertising and turn off personalized ads for enhanced privacy.
- Use mail privacy protection and limit ad tracking: Enable Privacy Protection in the ‘Mail’ app settings to hide your IP address and prevent email senders from tracking you. In the same vein, turn off “Allow Apps to Request to Track” in the “Privacy & Security” settings to limit how apps can collect your data for advertising purposes.
- Consider advanced data protection: For end-to-end encryption of your iCloud data, activate “Advanced Data Protection.” This requires you to set up a recovery key or contact, ensuring your data remains secure even if your account is compromised. Navigate to Settings > Your Name > iCloud.
Android device hardening
Android users can take several steps to enhance their device’s privacy and security. The core strategy is to limit the data shared with apps and services.
- Review app permissions: Regularly check app permissions and restrict access to sensitive data like your location, contacts, and microphone. Navigate to Security & Privacy > Privacy > Permission manager to quickly review what each app can access.
- Limit location tracking: For most apps, location access should be set to “while using” or “never.” Consider turning off location history for Google services like YouTube and Web & App Activity to prevent your movements from being tracked. An exception can be made should you decide to enable the “find my device” feature. Navigate to Settings > Location > App location permissions to review.
- Implement strong multi-factor authentication: Enable device locking with a strong PIN, pattern, or password, and use multi-factor authentication (MFA) with an authenticator app for an added layer of protection, as it is more secure than SMS-based MFA. Open the settings app and then navigate to Security or Lock Screen & Security and tap “screen lock” to select your method.
- Enable “find my device”: Ensure this feature is active, as it can help you locate a lost or stolen phone. Note you will need to have an Android 9 device or later that’s linked to your Google account. Navigate to Settings > Google > All Services > Find My Device. Ensure your device is signed into Google and that location sharing is turned on for this feature.
- Run Google Play Protect: Keep Google Play Protect active to scan for and block malware on your device. Navigate to Settings > Security > Google Play Protect.
- Disable unnecessary features: Turn off Wi-Fi and Bluetooth scanning when not in use. Similarly, disable Bluetooth and NFC when you don’t need them to prevent unauthorized connections. Navigate to Settings > Location > Location Services > WiFi & Bluetooth Scanning.
- Backup data regularly: This will ensure your files and data are encrypted in the backup. Open Settings > Google > Backup. Select the data you want to back up, such as photos, videos, or device data.
- Restrict background data: Limit which apps can use background data to reduce the amount of information they can send and receive without your knowledge. Go to Settings > Network & Internet > Data usage.
- Delete your advertising ID: Each device has its own unique advertising ID that allows apps to link data to your device, building a profile of your interests for personalized ads. Navigate to Settings > Privacy, then scroll to “Ads.” Tap “Delete advertising ID.”
Core best practices for routine device security
Regardless of whether you use an iOS or Android device, these practices are fundamental to maintaining your digital safety:
- Keep your devices updated: A fundamental rule of cybersecurity is to always keep your devices, including smartphones, tablets, and computers, updated with the latest security patches. These updates often contain critical fixes for newly discovered vulnerabilities, protecting you from emerging threats. These can be found in your settings app. On Android devices, tap “System” or “About phone” then “Software update.” On iOS, tap “Settings” then “General” and “Software update.”
- Understand when to update: The best time to install a security update is as soon as it becomes available. Timely updates are crucial for patching vulnerabilities that could be exploited by malicious actors.
- Enable device locking: You should always ensure your mobile device screen lock feature is enabled to limit who can access your device.
- Set up an authenticator app: An authenticator app, such as Google Authenticator or Authy, provides a more secure multi-factor authentication than SMS or email-based authentication. Downloading and using an authenticator app, when possible, can go a long way to keeping your various accounts secure.
- Utilize a password manager: Password managers are crucial tools to enhance your personal cybersecurity. They securely store and manage your login credentials while ensuring each password is strong and unique. And the best part is you don’t have to remember any of them.
Securing your mobile device is just one part of a comprehensive security strategy, but it’s a critical one. A holistic approach to cybersecurity, however, is the best way to ensure your entire digital footprint is protected. BlackCloak specializes in personal cybersecurity for high-net-worth individuals, executives, and their families, providing comprehensive protection across personal devices, home networks, and more to secure your digital life.
For more information, visit www.blackcloak.io or contact us to request a demo.