A Playbook for Mobile Data Safety

Working to develop privacy enforcement applications for many years has made me aware that human behavior is maybe the biggest threat to our online security, and most of the data safety fails are due to our own lack of consistency to follow through with the most basic security guardrails.

In recent articles, I shared some of my personal tips on how to have a balanced approach in securing your online data, and how to level up your online security at minimal cost.

But now I realize that any serious approach to protecting your digital life would be incomplete without addressing mobile data safety. After all, our phones have become all-in-one devices – serving as credit/debit cards, cameras, video recorders, and even home theaters. That’s why it’s essential to take specific steps to secure your mobile device as well.

In the following I want to share with you three types of security actions that I have in mind in order to protect my mobile data:

I. Limit Data Exposure

In this category my focus is to reduce the amount of personal information that I make accessible online (to apps, devices, trackers):

Don’t install too many apps – Only install apps you truly need. Every new app installed increases the risk of data leakage.
Limit what data Google (and others) can collect – Keep location history, YouTube history, voice activity, and web tracking paused. Opt out of personalized ads wherever possible.
Don’t give apps unnecessary permissions (contacts, camera, mic, etc.)– Never grant unnecessary permissions like contact access, location, microphone, camera, or storage unless absolutely essential to the app’s function. Revisit and revoke permissions regularly in your settings.
Avoid storing sensitive documents or photos on your phone – Don’t keep photos of IDs, passports, or sensitive documents on your phone. Use secure cloud storage with strong encryption if necessary. If you need to send this type of documents, send them in a archived, password protected attachment. Another option is to blur your National Security Number (CNP) and send it separately as a password protected file.
Turn off ad ID personalization – In both Android and iOS, disable ad personalization settings to prevent apps from tracking you across services.
Disable automatic backups to cloud services you don’t control – Review what’s being backed up (e.g., photos, app data) and to which service. Disable unnecessary ones
Use encrypted messaging apps – Use apps like Signal or WhatsApp (end-to-end encrypted) instead of standard SMS (and, out of recently acquired popular wisdom, take care who you add on your Signal group chats 😊).

II. Strengthen Device Security

The objective of this category is to make my phone harder to access or exploit if lost, stolen, or compromised:

Use a strong lock screen – Use a complex password or PIN (avoid patterns or simple 4-digit codes). I prefer biometric authentication in addition to a strong backup passcode.
Enable remote wipe & tracking – Use “Find My Device” (Android) or “Find My iPhone” (iOS) to locate, lock, or wipe your phone if lost or stolen.
Update your phone and apps regularly – Keep your OS and apps up to date to patch vulnerabilities.
Limit notification previews on lock screen – Turn off message previews or sensitive content from appearing on the lock screen.
Avoid granting apps device admin or accessibility access without need – These permissions can be used to control your device or monitor usage.

III. Stay Safe on Networks

And last but not least, a series of actions that are focused on preventing threats via internet access, networks, and external connections:

Avoid public Wi-Fi when performing sensitive activities – Use a VPN when on public Wi-Fi, or avoid accessing sensitive accounts (e.g., banking).
Don’t click on suspicious links or download apps from outside official stores – Avoid clicking on links in SMS messages or unofficial sources. Only download apps from the official Play Store or App Store.
Turn off Bluetooth and NFC when not in use – Prevent unauthorized connections or “bluejacking.”
Monitor app activity and battery/data usage for signs of malware – Strange spikes in battery usage or data can indicate malicious behavior.

This is my personal mobile data safety cocktail. Feel free to use it, personalize it, and make it your own. Cheers, and stay safe on mobile!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.