8 tips from America's top spy agency on how to keep your phone safe

Person using a phone in one hand at an airport with passport and plane ticket in the other hand
(Image credit: Getty Images/miniseries)

Our smartphones are prized possessions. They cost a lot and, more importantly, contain a plethora of sensitive, private information, like passwords, credit card numbers, addresses, and potentially pictures of important documents.

With so much precious information on your smartphone, it's important to do everything you can to protect it. If you're not sure where to start, check out the NSA's 8 helpful tips in its new Mobile Device Best Practices list.

1. Update software and apps

iPhone 13 Pro Max

(Image credit: Future)

According to the NSA, you should "Update the device software and applications as soon as possible." Updates for your phone's native OS and downloaded apps can often contain crucial security updates or bug fixes that keep your phone secure.

If you're not sure how to update your phone's software and apps, check out these helpful guides: 

2. Only install apps from official stores

UC Browser listing in Google Play displayed on a OnePlus 9 Pro

(Image credit: Laptop Mag)

In addition to keeping your downloaded apps updated, the NSA recommends installing "a minimal number of applications and only ones from official application stores." 

For Android phones, the biggest official app store is Google Play. For iPhones, it's the App Store.

When you download apps directly from an official app store, there's an extra layer of protection because Google or Apple has vetted the app. This official vetting process often prevents malicious apps from getting on the app store, but you won't have that same protection when sideloading apps

3. Do not connect to public wifi

Connecting to a public Wi-Fi network puts you at risk because you could share the same network with a hacker. The NSA writes, "DO NOT connect to public Wi-Fi networks," in bold text to emphasize the importance of this tip. 

Furthermore, the NSA recommends disabling your phone's Wi-Fi when it's not needed and deleting unused Wi-Fi networks from your phone. If your phone is set to connect to available networks automatically, these last two tips can prevent unknowingly connecting to a public network.

If you frequently need to connect to public Wi-Fi, consider investing in one of the best phone VPN services to boost your protection.

iPhone screen focused on iMessage icon

(Image credit: DEPOSIT PHOTOS)

This tip may be the most obvious, but it's still crucial to mention. If you receive a link or an attachment in an email or a message on your phone that you weren't expecting or looks suspicious, don't open it. 

The NSA points out that " even legitimate senders can pass on malicious content accidentally or as the result of being compromised or impersonated by a malicious actor." So, even if you're used to receiving random article links from your mom or friend, it's important to look at the link before clicking on it. 

If you spot a typo in a well-known website name, a random string of characters before the address's .com ending, or anything suspicious, don't open the link. 

5. Turn device off and on weekly

Samsung Galaxy S23 Ultra

(Image credit: Laptop Mag/Sean Riley)

One of the most interesting (and potentially most unknown) tips for keeping your phone safe is simply turning it off and back on every week.

USA Today writes that turning your device off and back on "can thwart hackers from stealing information from smartphones." Bill Marczak, a senior researcher at Citizen Lab, says that it's possible that hackers "could simply send another zero-click" after rebooting your phone. Still, it's a quick security trick that could make some hackers leave your phone alone.

6. Lock device with PIN

apple iphone security settings

(Image credit: Apple)

Most people I know have a PIN on their phones, but it's worth setting up if you don't. Entering a PIN only takes a few seconds, and the security boost you get in exchange is worth it.

The NSA advises: "A 6-digit PIN is sufficient if the device wipes itself after ten incorrect password attempts." 

And before you default to using your birthday as an easy 6-digit PIN to remember, think twice. Guessing your birthday would be a hacker's first instinct, so come up with a unique 6-digit PIN. If you're worried you won't remember it right away, write it down or share it with a close friend or partner to whom you'll give it anyway. 

You should also "Set the device to lock automatically after 5 minutes," according to the NSA. 

7. Maintain physical control of device

This tip is about more than just physically holding onto your device and being careful not to lose it. While that is important, the NSA also writes, "Avoid connecting to unknown removable media."

Connecting your phone to your laptop to transfer photos, videos, and other files is one thing. But connecting your phone to an external hard drive you found on the street? Don't do that. Other "removable media" examples include memory cards and USB flash drives.

8. Use trusted accessories

Charging phone at airport

(Image credit: Getty Images/Grace Cary)

According to the NSA, "Only use original charging cords or charging accessories purchased from a trusted manufacturer."

This means you should stay away from connecting to public charging stations. Through a compromised USB port, a malicious actor could potentially lock you out of your phone, export your data, or see your passwords and other sensitive data.

Outlook

Sometimes, life happens. It's impossible to predict someone stealing your phone on a random Tuesday or any other unfortunate situation that could compromise your data. However, you can do everything to safeguard your phone and all its sensitive data.

In addition to the 8 top tips above, the NSA also recommends the following: 

  • Disabling Bluetooth when you're not using it
  • Investing in a protective case that "drowns the microphone to block room audio (hot-miking attack)" 
  • Covering your camera when you're not using it
  • Not having "sensitive conversations in the vicinity of mobile devices not configured to handle secure voice" 
  • Using Biometrics authentication, like fingerprint or face authentication 
  • Disabling location services when they're not needed
  • Not jailbreaking or rooting your device

Luckily, built-in protections for iPhones and Android phones are improving, but they're not always perfect. New malware still pops up every few months, so it's important to enact these security tips to keep your phone as protected as possible.