COLORADO SPRINGS, Colo. — Opening up a new phone can be an exciting moment. Sometimes when rushing to set it up you may overlook some major security concerns.
Dr. J. Michael Skiba, also known as "Dr. Fraud," is the program director with CSU Global. He recommends phone sweeping, which can be as advanced as taking your device to an expert who runs over the security measures of your entire phone, or as basic as reviewing your own settings and permissions installed. Even if you don't have a new phone, doing a sweep on a regular basis can help improve your security and safety.
Always consider the process of phone sweeping after you get a new phone, Dr. Fraud said, whether that be straight from the store, one you bought used or even a hand-me-down phone.
"It's so often overlooked," Dr. Fraud explained. "Our phones are our comfort spot... We pretty much do everything on our phones, and we have a degree of comfort level there. I think that's actually a huge risk, because what happens is, a lot of devices, they will default back to the lowest security setting."
Some people may have just a few apps transferred over to a new phone. Others may have dozens. When setting up a new phone, each of those apps gets re-installed.
"What I would suggest is go through as soon as you get it set up, go through your apps one by one," Dr. Fraud added. "So I have 25 apps that use location services... So what I do is, if you scroll down, you can see which ones are actually using your location."
The process is similar for both iPhone (iOS) and Android users. To access your "Location Settings" for each device, try the steps below:
APPLE (iOS)
1. Settings
2. Privacy & Security
3. Location Services.
Once in "Location Services," you can toggle access on or off globally and control which apps can access your location and to what degree. Some apps require your location to be on 24/7 such as insurance apps and could benefit your bill, but they can still come with a privacy risk.
ANDROID
1. Settings
2. Location
3. Select "App location permissions" (Different versions may have a different layout)
Once in "App Location Permissions," you can scroll through each app to toggle the type of access you want to allow.
WHAT TYPE OF ACCESS SHOULD I ALLOW?
The language varies from each operating system, but Dr. Fraud recommends not allowing apps to "always" have access. You can have the option of asking permission each time, which can be cumbersome, but Dr. Fraud said it's better to be safe than sorry.
"It's very, very dangerous from a fraud perspective," Dr. Fraud said. "So what you want to do is just start there with location services, but then go through all the other settings in that privacy and security setting, but then also go in the apps itself."
Enable multi-factor authentication, as well, especially for apps that may have sensitive information such as a banking app or an app that has your address, email and credit card information stored.
"I use biometric screening, the face scan, on almost everything," Dr. Fraud said. "It's not foolproof... I know it's a pain. I know it can be troublesome. You're in line at Starbucks getting a coffee. You're trying to get in an app, and you're doing this face scan. I mean, it can be very troublesome, but the risks are massive because what happens is, if these apps get in the wrong hands, if the data gets in the wrong hands, it can be sold on the dark web."
The University of Tennessee Health Center has provided security tips in the past when it comes to "Location Services" and pointed to the following potential risks:
- Privacy Concerns: Constantly sharing your location can expose sensitive information about your daily habits and routines, potentially leading to unwanted tracking or surveillance.
- Data Exposure: Applications that access your location data may share this information with third parties, increasing the risk of data breaches or misuse.
- Battery Drain: Continuous use of GPS and other location-tracking features can significantly drain your device’s battery life.
- Targeted Attacks: Cyber criminals can exploit location data to tailor phishing attacks or physical threats based on your whereabouts.
