Phone Antivirus Software Is, At Best, False Security

Image: iStock

One of the surprisingly common questions I'm asked in my day job is "do I need to buy antivirus software for my phone or tablet?" The short answer is no -- anti-virus software for sale in the Google Play store or the App Store are at best pointless, at worst, outright scams. But that's not to say you shouldn't take steps to protect the very personal information on your phone. This story first appeared on Sydney Morning Herald

One of the best security measures is to keep your phone software up to date. Android and iOS are regularly updated for security purposes, so if your phone prompts you to update its software, do it. As my Livewire colleague Tim Biggs has pointed out, sometimes these updates bring bugs, but the bugs are usually found quickly, and squashed. And it's better to live with the odd bug than security vulnerabilities.

As long as you're downloading apps from official sources, then you've really got nothing to worry about in terms of malicious software. For Android, that means you should only download apps from the Google Play store, and for iOS, that's the App Store.

Apple makes it nearly impossible for the average user to download apps from anywhere else unless you jailbreak your phone. So it should go without saying, don't jailbreak your iOS device.

For Android devices, it's a little too easy to turn off protection againsts dodgy apps. Within the settings of Android is an innocent-looking switch, "Install Apps from Unknown Sources". It's off by default and Android will warn you of the dangers if you decide to enable it, so don't! Don't be tempted by random software found on the internet, only trust apps from the Google Play store.

What should be of more concern is the security of your main email address, as it holds the keys to your phone, and might just provide access to the backups of your device, your photos, and other personal information. Create a unique, strong password for your email and turn on two factor authentication.

Google, Microsoft and Apple all provide two-factor authentication on their email services, and if you haven't switched it on yet, you should. Two factor authentication is such a small inconvenience, you'll only be asked for your code when signing in on a device you've never used before, but that slight delay is worth the security it brings.

Use a Virtual Private Network (VPN) when connecting to public Wi-Fi. A VPN will send network traffic from your device through a secure, protected "tunnel", so that no one else on the Wi-Fi network can sniff your traffic, or capture the login details of the websites you visit.

If you rely on a VPN provided by your employer, check with your IT department to see whether you're really getting any protection from it. Most corporate VPNs use "split tunneling", where traffic to their corporate sites is protected, but traffic to personal sites, like your bank website or your Facebook account, is not.

Your best bet is to get a personal VPN account. If you only use Wi-Fi every now and then, you can probably get by with a free service like Tunnelbear, which gives you 500mb a month on their free plan.

If you spend weeks at a time on hotel or airport Wi-Fi, it could be worth paying for a dedicated VPN plan. Most VPNs have dedicated mobile apps to make joining easier, and something like Norton Wi-Fi Privacy lets you try before you buy, offering seven days free access (before a yearly subscription of $46).

And finally, make sure your device is protected with a strong lockscreen. Phones with fingerprint readers provide the best combination of security and convenience, and I personally wouldn't recommend buying a new phone if it doesn't have a fingerprint reader to unlock. Fingerprint readers have made their way into the mid-range phones, so security won't break the bank.