Mobile security basics - how to secure tablets and smartphones

In this guide

Go back a decade and to most of us mobile phones were simply a communication tool for keeping in touch with friends and family. Now our portable devices are so much more, often the first thing we turn to for online banking and shopping rather than booting up a computer.

But with this change in behaviour comes new risks. Tablets and smartphones can contain a huge amount of personal information and losing one to a thief can have dangerous implications. It’s therefore essential that we all take steps to protect our devices and minimise the impact of a loss.

Lock screens and passcodes

The simplest form of security you can have on a mobile device is a lock password, or passcode as it’s known on Apple devices. This means that in order to unlock or power on a device the code must be entered.

As it’s a free measure which doesn’t get in the way or require any technical know-how it is something everyone should be using. Lock screen codes will hinder casual snoopers and may prevent less knowledgeable thieves getting to your personal data. And they are required if you use device encryption (see below).

On Android you may have several choices depending on your OS version, manufacturer and hardware. Password, PIN and pattern are the standard options, though some models may also offer face recognition unlocking and fingerprint ID as well as other more exotic features. For iPhone and iPad passcodes there is the choice of password, PIN, fingerprint and face recognition (it varies depending on the specification of your device).

We’d recommend either fingerprint, PIN or password. These offer a good balance of security and ease of use. But make sure that the PIN or password is not too simple or easy to guess.

Pattern unlocking is quick but has the disadvantage that someone could work out your code by looking at smears on the screen. Gimmicks like face unlock are fun, but may still be fairly unreliable and can often be defeated with some spy movie-style tricks.

To access the lock controls on Android navigate to Settings > Security. The exact steps may differ depending on your particular model and OS version.

For iPhone and iPad these options are found under either Settings > Passcode or Settings > Touch ID & Passcode.

When setting up your lock screen password you can also choose how long the phone will sit idle before automatically locking. Some devices may also offer extra options, such as instantly locking when the screen is switched off manually.

Android Smart Lock

If you get fed up of having to constantly unlock your phone Android 5.0 ‘Lollipop’ introduced a neat feature which eliminates some of the hassle.

With Smart Lock an Android tablet or smartphone can be configured to disable the lock password when certain conditions are met. At present that includes having a trusted location, trusted Bluetooth device, trusted face, trusted voice or ‘on body detection’.

This means you can setup a tablet or phone to disable the password when you’re at home, or when a Bluetooth device like a smartwatch or in-car audio is connected, then automatically re-enable the password if it detects a change in location or loses connection to a device.

There are some security risks with this however, so think carefully before using it. If someone gets hold of your phone while you’re nearby they could snoop around and you’d be none the wiser, though changing key security settings would not be permitted as the password is still needed. The lock password will also still be requested occasionally as it will re-enable the lock automatically if the device has not been used for some time.

Smart Lock controls are found in Settings > Security in Android 5.0 and later.

SIM card lock

Not to be confused with the lock screen password, a SIM lock prevents your SIM being used without passing a PIN check. This will stop thieves racking up charges on your SIM, and as it only needs to be entered when rebooting the device or swapping SIM cards it shouldn't prove too inconvenient.

Just make sure you don’t forget that PIN! If this happens you’ll need to ask your network for a PUK code, and entering that incorrectly one too many times will result in the SIM being permanently disabled.

Device encryption

Encrypting your portable devices is a more advanced method of protecting personal information. It scrambles the data until the correct password is supplied, and in the event your hardware goes missing files will remain inaccessible unless the new owner is able to break the password. It also means that if you need to wipe the data the deleted files will not be recoverable, and that’s useful when selling a used device as well as remotely wiping a stolen handset or tablet.

All new Apple iPad and iPhone models use encryption by default and so long as you have a strong passcode it’s a very secure system. Not even Apple can decrypt the data. And there’s an option to automatically wipe the storage after ten failed attempts.

In order to use it though you must have a passcode enabled, so if you don’t use one already head into the settings for your iPhone or iPad and configure it.

Some newer Android models also feature encryption as standard, otherwise Android owners can encrypt a smartphones or tablet at any time using the option in Settings > Security > Encryption.

You must setup a lock screen code, and it will only permit the use of a PIN or password. Follow the instructions carefully, allow some time for the encryption process and make sure your battery is charged. If you later decide to remove encryption it may force a factory reset so all personal data will be lost.

Remote tracking and wiping

A powerful tool in your security arsenal is the ability to remotely control a smartphone or tablet from a web browser. In the event it is lost you can use this capability to locate it or, if you’re concerned about data falling into the wrong hands, issue a wipe command.

Both Android and Apple iOS have built in remote control functions.

For Android go to Settings > Location and ensure Location Tracking is enabled (you have the choice of three options including a battery saving mode). You can then use the Android Device Manager to view the location on a map and issue commands to ring the phone, remotely lock or remotely wipe it.

For iPad and iPhone there is Apple’s ‘Find My’ tool. To enable this go to Settings > iCloud and flick the slider for Find My iPhone/Pad. You will need to create an iCloud account if you don’t already have one. And to use it, either visit or install the Find My app.

The tools Apple provides are more comprehensive than those on Android. As well as setting off a sound, remotely wiping and tracking location you can also display a custom message which will persist through factory resets and view a history of locations.

Do you need a mobile anti-virus app?

Anti-virus apps are available for mobile devices, but do you actually need one?

For Apple iPhone and iPad the answer is most likely to be a no. The App Store is tightly controlled and the devices themselves reasonably secure, so viruses are rare. The exception to this is if your device has been jailbroken.

Jailbreaking involves removing the restrictions put in place by Apple, often in order to install pirated apps or run third party app stores. But your chances of catching something nasty are greatly increased with jailbreaking so you should take additional protective measures and be extremely careful about what you install. We would recommend avoiding jailbreaking altogether unless you know what you’re doing.

On Android it’s not quite so clear cut. By default a typical Android device has similar restrictions to Apple devices, only allowing software to be downloaded from Google Play, but it is much simpler to bypass this by enabling the Unknown Sources setting in the Security menu. And the equivalent of jailbreaking - called rooting on Android - can be much easier to accomplish.

Plus, the immense popularity of the platform and the ease of writing and distributing Android apps has also led to it being a prime target for hackers.

If you’re an Android user who only gets apps from Google Play, does not root and does not allow third party software installations you’re at a fairly low risk of being hit by a virus and you can safely skip anti-virus. 

But anyone who installs Android apps outside the Google Play store or has a rooted device should use anti-virus and be very wary when obtaining apps from unofficial sources.