Serious Discussion A Habit based Guide for Mobile Security

[Divergent]

Your smartphone is a portable hub for your personal and professional life, making it a prime target for cybercriminals. This guide focuses on the simple, yet crucial, habits that will protect your mobile device and the sensitive data it holds.

1. Secure Your Device Physically​

The first line of defense is preventing unauthorized access if your phone is lost or stolen.

• Use a Strong Lock Screen: This is non-negotiable. Use a strong PIN (at least six digits), a complex password, or biometrics like a fingerprint scanner or facial recognition.
• Configure "Find My Device" Service: Both Android and iOS have built-in services to help you locate a lost device, remotely lock it, display a message on the screen, or even erase all its data. Make it a habit to ensure this feature is enabled and configured.

2. Be Skeptical of Links (Phishing and Smishing)​

This is one of the most common and dangerous ways malware is delivered. Scammers use a variety of tricks to get you to click.

• Links in Emails and Text Messages: Phishing and "smishing" attacks often create a sense of urgency. They may claim to be from your bank, a delivery service, or a government agency, and tell you there's a problem that requires immediate action. Never click on a link in an email or text message that you weren't expecting.
• The Golden Rule: If you get an email or text from a company you do business with, don't use the link they sent. Instead, open your browser and navigate to the company's official website or app yourself. Log in from there to check for any alerts or issues.
• Beware of "Free" Offers and Pop-ups: Avoid clicking on ads that promise free prizes or services. These are often a front for malicious websites that try to steal your information or download malware to your device. Close the browser tab immediately.

3. Be Smart with Apps​

Apps are the main way malware gets onto your phone. A little caution goes a long way.

• Only Download from Official App Stores: Stick to the Google Play Store and Apple App Store. They have a vetting process to catch and remove malicious apps. Sideloading apps from unofficial sources is extremely risky.
• Review App Permissions: Before you install an app, take a moment to look at the permissions it's requesting. Does a simple game really need access to your contacts, camera, or location? If the permissions seem excessive, it's a red flag.
• Delete Unused Apps: Make it a habit to regularly review and delete apps you no longer use. They can be a security liability and often collect data in the background.

4. Manage Your Connections Wisely​

Your phone's connectivity features can be a gateway for security risks if not managed properly.

• Turn Off Wi-Fi and Bluetooth When Not in Use: Leaving these on makes your phone constantly search for networks, which not only drains battery but can also expose you to malicious attacks.
• Treat Public Wi-Fi as Unsecured: Never perform sensitive activities like online banking or shopping on a public Wi-Fi network unless you are using a Virtual Private Network (VPN) to encrypt your traffic.
• Don't Auto-Connect to Open Wi-Fi: Configure your phone to ask you before connecting to new Wi-Fi networks to prevent it from automatically joining an unsecured network.

5. Stay Up-to-Date​

Operating system and app updates are critical for patching security vulnerabilities.

• Enable Automatic Updates: Configure both your mobile OS (iOS or Android) and your apps to update automatically.
• Don't Ignore Update Notifications: When an update is available, install it as soon as you can. These updates often contain critical security patches that close newly discovered security holes.

6. Back Up Your Data​

Even with the best habits, accidents and theft can happen. A backup is your ultimate safety net.

• Enable Cloud Backups: Both Android and iOS offer free, automated cloud backup services that can save your photos, contacts, and app data.
• Perform Manual Backups: For critical information, consider making a manual backup to your computer or an external drive. This provides a second, offline copy of your most important data.

By making these simple habits a regular part of your mobile routine, you can significantly reduce the risk of a security breach and keep your digital life safe and private.

 

[Sorrento]

I would add, it does seem that each & everyone wants their app on your phone - 'Just install the app' is common verbiage - There is a reason for that & its not usually for your happiness rather for them. For me I only install apps that I really need, if something can be accessed by signing in on a web site I prefer to do that as often an app running all the time for often a one off situation or rare is unnecessary, as even decent apps leak data if you look at their wants & needs they also drain your battery as they run.

 

[Digmor Crusher]

Yup, I have less then 10 apps on mine.

 

[TairikuOkami]

7. Keep a secondary smartphone at home as a backup, it can be the old one, power it up every 2-3 months to update apps and to make sure apps are still connected.
You might think, if my phone dies, I will buy a new one, sure, but in the meantime, a phone is a necessity, you will need to confirm verifications and to be updated.

DNS can prevent phishing and even installing malware apps. I would consider using a safe DNS as basics.

 

[rashmi]

DNS can prevent phishing and even installing malware apps. I would consider using a safe DNS as basics.

View attachment 289967View attachment 289968

How trustworthy and reliable is NextDNS Manager?

 

[TairikuOkami]

How trustworthy and reliable is NextDNS Manager?

It is open source, on github and on googleplay for years, regularly updated, that alone gives it some credibility.

 

[Divergent]

How trustworthy and reliable is NextDNS Manager?

It's a community-driven tool, though I personally pay the $20 yearly fee. This gives me unlimited queries and access to view analytics and logs in the web counsel, which is a great help in creating allow and deny rules. Plus, it supports the company.

 

[Trident]

It's a community-driven tool, though I personally pay the $20 yearly fee. This gives me unlimited queries and access to view analytics and logs in the web counsel, which is a great help in creating allow and deny rules. Plus, it supports the company.

I pay my fees to ControlD as well, plus the option to block newly registered domains is also very useful.

 

[TairikuOkami]

It's a community-driven tool, though I personally pay the $20 yearly fee. This gives me unlimited queries

Sadly this does not work on Windows, since DNS Cache overrules it. I wanted to subscribe just for this.

 

[Divergent]

Sadly this does not work on Windows, since DNS Cache overrules it. I wanted to subscribe just for this.

This is a well-known issue with easy solutions that don't require you to permanently disable DNS caching, a step that could negatively impact your system's performance. The quickest and most common fix is to manually flush the Windows DNS cache. This clears all the stored DNS records, forcing your computer to make fresh queries to NextDNS.

You can do this by opening Command Prompt as an administrator and typing the command "ipconfig /flushdns".

Alternatively, NextDNS provides a command-line interface (CLI) that can be installed on Windows and offers an "instant refresh" feature. When enabled, this tool rewrites the TTL (Time-to-Live) of DNS records to a very low value, meaning Windows will not cache the records for long. This ensures that changes made in the NextDNS dashboard will take effect almost immediately without needing to manually flush the cache.

You can also try bypassing caching issues by using third-party DNS clients like YogaDNS to manage your DNS settings

 

[bazang]

Your smartphone is a portable hub for your personal and professional life, making it a prime target for cybercriminals. This guide focuses on the simple, yet crucial, habits that will protect your mobile device and the sensitive data it holds.

1. Secure Your Device Physically​

The first line of defense is preventing unauthorized access if your phone is lost or stolen.

• Use a Strong Lock Screen: This is non-negotiable. Use a strong PIN (at least six digits), a complex password, or biometrics like a fingerprint scanner or facial recognition.
• Configure "Find My Device" Service: Both Android and iOS have built-in services to help you locate a lost device, remotely lock it, display a message on the screen, or even erase all its data. Make it a habit to ensure this feature is enabled and configured.

2. Be Skeptical of Links (Phishing and Smishing)​

This is one of the most common and dangerous ways malware is delivered. Scammers use a variety of tricks to get you to click.

• Links in Emails and Text Messages: Phishing and "smishing" attacks often create a sense of urgency. They may claim to be from your bank, a delivery service, or a government agency, and tell you there's a problem that requires immediate action. Never click on a link in an email or text message that you weren't expecting.
• The Golden Rule: If you get an email or text from a company you do business with, don't use the link they sent. Instead, open your browser and navigate to the company's official website or app yourself. Log in from there to check for any alerts or issues.
• Beware of "Free" Offers and Pop-ups: Avoid clicking on ads that promise free prizes or services. These are often a front for malicious websites that try to steal your information or download malware to your device. Close the browser tab immediately.

3. Be Smart with Apps​

Apps are the main way malware gets onto your phone. A little caution goes a long way.

• Only Download from Official App Stores: Stick to the Google Play Store and Apple App Store. They have a vetting process to catch and remove malicious apps. Sideloading apps from unofficial sources is extremely risky.
• Review App Permissions: Before you install an app, take a moment to look at the permissions it's requesting. Does a simple game really need access to your contacts, camera, or location? If the permissions seem excessive, it's a red flag.
• Delete Unused Apps: Make it a habit to regularly review and delete apps you no longer use. They can be a security liability and often collect data in the background.

4. Manage Your Connections Wisely​

Your phone's connectivity features can be a gateway for security risks if not managed properly.

• Turn Off Wi-Fi and Bluetooth When Not in Use: Leaving these on makes your phone constantly search for networks, which not only drains battery but can also expose you to malicious attacks.
• Treat Public Wi-Fi as Unsecured: Never perform sensitive activities like online banking or shopping on a public Wi-Fi network unless you are using a Virtual Private Network (VPN) to encrypt your traffic.
• Don't Auto-Connect to Open Wi-Fi: Configure your phone to ask you before connecting to new Wi-Fi networks to prevent it from automatically joining an unsecured network.

5. Stay Up-to-Date​

Operating system and app updates are critical for patching security vulnerabilities.

• Enable Automatic Updates: Configure both your mobile OS (iOS or Android) and your apps to update automatically.
• Don't Ignore Update Notifications: When an update is available, install it as soon as you can. These updates often contain critical security patches that close newly discovered security holes.

6. Back Up Your Data​

Even with the best habits, accidents and theft can happen. A backup is your ultimate safety net.

• Enable Cloud Backups: Both Android and iOS offer free, automated cloud backup services that can save your photos, contacts, and app data.
• Perform Manual Backups: For critical information, consider making a manual backup to your computer or an external drive. This provides a second, offline copy of your most important data.

By making these simple habits a regular part of your mobile routine, you can significantly reduce the risk of a security breach and keep your digital life safe and private.

Excellent guide for the hoomans capable of self-control and an inclination to figure it out. For everybody else there's 1 TB storage on cell phones to install 300 apps and use the devices without restraint.

So much security is provided by behaviors.

 

[rashmi]

You can also try bypassing caching issues by using third-party DNS clients like YogaDNS to manage your DNS settings

Does YogaDNS bypass the NextDNS Cache Boost feature? Currently, I have the cache boost feature disabled. I have set the YogaDNS TTL setting to min: 0 and max: 10.

 

[Divergent]

Does YogaDNS bypass the NextDNS Cache Boost feature? Currently, I have the cache boost feature disabled. I have set the YogaDNS TTL setting to min: 0 and max: 10.

Yes, YogaDNS does bypass the NextDNS Cache Boost feature in this specific scenario. Your YogaDNS settings of a minimum TTL of 0 and a maximum of 10 seconds would conflict with NextDNS's Cache Boost, which enforces a minimum TTL of 300 seconds (5 minutes) on the server side. However, by disabling the NextDNS Cache Boost feature, you have ensured that your client-side YogaDNS settings take precedence.

This setup correctly bypasses the server-side TTL override, allowing changes made in NextDNS to be reflected on the your system almost immediately, though it will result in more frequent DNS queries.

 

[TairikuOkami]

Yes, YogaDNS does bypass the NextDNS Cache Boost feature in this specific scenario.

I myself hate DNS cache, it is vulnerable to DNS poisoning, but it allows DoT without 3rd party software.

 

[Divergent]

I myself hate DNS cache, it is vulnerable to DNS poisoning, but it allows DoT without 3rd party software.

That's an insightful point you've raised, and you're spot on about the first part. The DNS cache is indeed vulnerable to DNS poisoning attacks, where an attacker can inject false information to redirect your browser to a malicious site. That's why manually flushing the cache is a standard practice for security.

However, the second part of your statement, about the cache allowing DoT without third-party software, is a misconception. The ability to use DNS over TLS (DoT) natively is a feature of the operating system itself, not the DNS cache. While modern versions of Windows 11 now support this natively, it's a recent development, and it's a function of the OS's built-in networking stack. The existence of a DNS cache on your computer doesn't influence whether your system can use DoT on its own, that's entirely dependent on the operating system's capabilities.

While modern Windows 11 systems now have native support for DoT, older operating systems like Windows 10 do not. For these older systems or for users who want more advanced management features, third-party clients like YogaDNS are still required to implement DoT effectively.