How to Secure Your Mobile Apps


When it comes to your phone, the information you store is only as secure as the apps you have installed.

As already mentioned, only download apps from their official sources. Ideally, those are the Google and Apple app stores, but some manufacturers may have their own less reputable software repositories.

Alternatively, advanced users can build the applications themselves if the code is open source, or you can find and verify installation packages from the developers directly.

App Permissions

Both iOS and the latest version of Android give you the opportunity to selectively give apps permission to use your camera, microphone, location, etc.

Make good use of that! Be skeptical with what permissions the application needs, and only give apps permissions that you think are necessary and non-invasive. A messaging app does not always need to know your location, and a payment app does not always need access to your pictures. A flashlight app should not need to ask for access to anything to properly function.

Acquiring your location through an application is far more accurate and easy than triangulating SIM cards or physically following you around. Uploading your photos and contact list through an application is also far cheaper than hacking your phone.

Keep in mind that most startups and investors are incredibly data hungry, and monetizing user data might be the only or most promising monetization strategy for a free app or service. So be careful with what data you share with what service!

It’s in your best interest to occasionally go through the settings of your phone to review what apps you have installed and what permissions they request. You can then withdraw these permissions, or delete the app entirely.

Warning Signals Your Apps Might Be Spying on You

Major warning signals that something is going wrong usually include excessive battery, network, or memory usage. While these are not necessarily warnings that indicate you are being spied on, these are certainly side effects of spy applications.

Use your intuition and the built-in features of your phone’s operating system to monitor these indicators. Applications that promise to help you optimize your battery, network or memory usage are rarely reliable and add an increased risk of data theft to your system. They may even be spying apps themselves.

Does Your App Encrypt Your Data

It can be difficult to assess how an app handles your data in the background without access to advanced analytical tools. Even if you handle permissions well and keep your phone up to date you still need to be cautious of what information you give an application.

There is the risk that the application does not properly store your data in the cloud. Search for providers that promise to encrypt your information online, and find out how this information is encrypted. Choose a good password, ideally through a password manager.

It’s extremely important to make sure that your password is stored in hashed form on the server. A good indicator for an app that does not follow this basic procedure is if you are limited in the length of your password, or limited in whether you can include special characters or not.

All data in transit needs to be encrypted with HTTPS. Unlike in your browser, it might not be possible for you to manually verify if the connection is encrypted, or for you to verify whether certificates are being properly checked. Instead, we have to rely on the promises of the app developers, the policies of their platforms (the Apple app store, for example, requires new apps to use HTTPS by default), and the competency of their developers.

While not reliable in theory, it is at least  to some degree possible to judge an application from its looks. If it gets regular updates, has a detailed changelog, and appears generally devoid of bugs, it is far more likely that the application is also well developed “under the hood.”

Two-Factor Authentication

In addition to your password, you can also use two-factor authentication. This is a second password that is only valid for a short time. It can be generated on your phone, an external device, or sent to you via text message or email.

It is safest when the code is generated on your phone or an external device, although this can create headaches when this device is lost.

When the code is sent to you via text message, it is important to note that this information could be intercepted, possibly by someone nearby or another application on your phone.

Further Reading

Learn more about the dangers of mobile Wi-Fi with these articles: