7 tips on how to protect your phone from being hacked

Smartphones are now our everything. It’s true! They hold precious memories, vital work documents, financial details, and intimate conversations in a palm-sized metal brick—essentially, our entire digital existence.

Yet, while we don't think twice when it comes to downloading the latest security patches and software for our computers, many of us overlook the equally, if not more, critical need to secure our mobile devices.

As the usage of mobile devices continues to rise, hackers are now turning their attention to attacking smartphones and tablets with malicious software and malware. More than 750 cases of Android malware-related scams were reported in the first half of 2023 alone with losses exceeding S$10 million. This could be due to malicious links, downloading unofficial apps, or falling prey to phishing attempts – and yes, you could be at risk too.

Come to think of it: what have you done to secure your smartphone? 

If you’re now feeling nervous, that’s a good first step to knowing how to prevent your phone from being hacked. From digital natives to seasoned smartphone seniors, GovTech’s tips will help you guard against cyber threats and protect your personal and sensitive information.

Here are some simple guidelines to keep these cyber-attackers away.

Why regular software updates are crucial for smartphone security

Hackers continually develop new methods to bypass security which is why software developers are constantly identifying and patching weak points in the code that malicious actors could exploit. These patches are then sent out in regular software updates.

Think of regular software updates as a flu shot for your device. They plug up holes in your phone’s security and shore up defenses against newly identified threats, just like how yearly vaccines protect you from new flu variants.

Not installing an update leaves your device exposed to easily preventable exploits, making it easier for hackers to gain access to personal information.

How to know if your phone has been hacked

Unusual activity

• Unexplained data usage: If you notice a sudden spike in your data usage that you can’t account for, it could be a sign of unauthorised activity or malware.

• Strange pop-ups: Be wary of unusual pop-up messages or ads that appear on your screen, especially if they are aggressive or difficult to close.

• Suspicious apps: Check for any apps you don’t recognise, especially those with permissions to access your microphone, camera, or location. These could be spyware.

Performance issues

• Battery drain: If your phone’s battery is draining faster than usual, even when not in heavy use, it could be due to malicious software running secretly in the background.

• Slow performance: If your phone is running significantly slower than usual, frequently freezes, or crashes without warning, it could be a sign that malware is consuming its resources.

Security and account issues

• Unauthorised purchases: Diligently check your bank statements and credit card transactions for any purchases you didn’t make. Set up mobile alerts from your bank so you’re alerted if unauthorised transactions take place.

• Account lockouts: If you’re suddenly locked out of your online accounts (email, social media, banking), it could be a sign that someone has accessed your credentials and changed your passwords.

• Strange messages: Look out for any unusual text messages or emails sent from your device to your contacts, as hackers often use compromised phones to spread malware or phishing attempts.

How to protect your phone from hackers

Protecting your phone from hacking can seem daunting, but these are some of the easy-to-follow, practical steps you can take to enhance its security. By being proactive, you can significantly reduce your security risk and master how to prevent phone hacking.

1. Only install and run apps from official app stores

In 2016, a Singaporean man received a mysterious prompt for a system update on his android smartphone. The consequences were painful. Hackers got hold of his credit card details and made six flight tickets purchases in his name – totalling up to a whopping $12,327.

If this episode teaches us anything, it’s the reason why Google Play and the Apple App Store exist – quality control.

Apps and ‘updates’ from non-official app stores do not go through stringent malware checks and thus pose greater security risks. By bypassing the app stores, you’re forgoing a crucial level of security screening. Not advisable.

2. Enable anti-malware software

In 2019, there were hundreds of malicious apps on the Google Play store containing ‘DressCode’, a malware which infected over 400 apps there.

What this tells us is that even if apps are indeed on the app store, you can’t count on them to be completely safe – even the most stringent of checks can sometimes be slipped past.

To avoid such situations, it’s recommended to install trusted anti-malware software from the Google Play or Apple Store. Anti-malware software is designed to detect, prevent, and remove malicious software, such as viruses, spyware, and ransomware, from your device. 

For Android users a good starting point is Google Play Protect. It actively scans apps before downloading, as well as new updates before they are installed. Many Samsung Android phones also include built-in features such as “Device Care,” which integrates security features like Samsung Knox and a security scanner powered by McAfee.

While these provide basic malware detection, dedicated third-party anti-malware apps like Malwarebytes Mobile Security or McAfee Mobile Security can offer more comprehensive protection.

For iPhone users, the situation’s a little different.

The iOS operating system uses a sandboxed app environment and has strict App Store review policies, which reduces the risk of malware. However, Apple does not provide a built-in malware scanner or antivirus app for iPhones or iPads. Instead, iOS focuses on hacking prevention through its robust system architecture and consistent security updates.

Nevertheless, iPhone users should still be mindful of suspicious links and practice good cyber hygiene.

3. Update your apps and operating system (OS) regularly

It’s annoying to give your phone some downtime, but trust us, they need it to protect your phone from being hacked.

Smartphone OS updates carry security patches to defend against newly discovered vulnerabilities, so do keep your OS version updated in a timely manner. If you delay these updates, your phone remains exposed to known exploits that hackers could use to gain unauthorised access. 

Most smartphones offer the option for automatic updates to your OS and apps. Enabling this ensures your device is always running the most secure versions available, without you having to remember to do it manually.

4. Avoid “rooting” or “jailbreaking” your device

Jailbreaking (for iOS) or rooting (for Android) phones seems like a great idea to gain more control over your device. You can bypass strict security settings and install apps from unofficial sources, transforming your phone exactly as you wish.

On the flip side, removing those strict security settings…well is removing those strict security settings – and increasing the risk of attackers gaining control of your device. When you root or jailbreak, you bypass the manufacturer's security protocols and app store vetting processes.

Official security updates may also no longer apply, leaving you exposed to new threats. It's a significant risk to your digital safety and goes against the core principles of protecting your phone from being hacked.

5. Use trusted USB charging points only

It might seem a little paranoid, but yes, please don’t go around plugging your phone into public USB charging stations or wires indiscriminately – you might be compromising your security.

Experts call this ‘juice hacking’ where hackers can secretly copy files or install malicious software in your phone. And lest you think this will take a while, 60 seconds and a compromised charging port is all they need.

If necessary, consider plugging a USB Data Blocker between your device and the charging port. This small device allows power to flow through but blocks data transfer, protecting against the risk of infecting your device with malware. 

Otherwise, just carry a good old power bank around.

6. Avoid public or untrusted WiFi networks and connections

Tempted to join that password free public WiFi at a café or airport? Stop right there. This might be bait for someone trying to hack you.

Because traffic on public WiFi connections can be easily intercepted, attackers can modify the data sent and install malware on your device. Additionally, as these networks are often unsecured, your data, from login credentials to personal messages, could be intercepted by malicious actors performing "man-in-the-middle" attacks.

The solution here? Use a trusted Public WiFi network (such as Wireless@SG) or create a hotspot via your smartphone's mobile data.

If you absolutely must use an untrusted public WiFi network, consider using a Virtual Private Network (VPN). A VPN encrypts your internet traffic, creating a secure tunnel that protects your data from snoopers and making it much harder for hackers to compromise your device. Learn how VPNs work.

7. Be cautious about clicking links in unknown emails or messages

Sending an email or message with a malicious link is one of the oldest tricks in the hacker’s book. They’ll get you to click in by using attention-grabbing email subjects or even impersonate people you might know. This is a common method for phishing attacks, which are unfortunately on the rise in Singapore.

With one click, malware can find its way into your device or you could be led to a fake website designed to steal your credentials. Some of these websites look super convincing too. So do not open that email or click that link if you think the source of the message is dodgy! Always verify the sender, look for spelling errors, and hover over links (if possible) to see the true destination before clicking.

To help protect your phone from hackers, GovTech has developed solutions like Scam Analytics and Tactical Intervention System (SATIS) and ScamShield. The ScamShield app, available for both iOS and Android, helps to block scam calls and filter out scam SMSes. Initiatives like ‘Digital for Life’ also equip you with the knowledge to identify and avoid suspicious online content. 

What to Do if Your Phone Has Been Hacked

If you suspect your phone has been hacked, you need to act fast to prevent any further damage:

1. Disconnect from the internet immediately: Turn off WiFi and mobile data. This prevents further data leakage and stops malware from communicating with its command and control server.

2. Run a full anti-malware scan: Use a reputable anti-malware application like Malwarebytes or Avast for Android. While iOS doesn't have traditional anti-malware, review app permissions and uninstall suspicious apps.

3. Change all your passwords: Especially for critical accounts like email, banking, social media, and online shopping. Do this from a different, secure device if possible.

4. Notify your bank and credit card companies: If you notice any suspicious transactions, alert the respective companies or organisations immediately.

5. Inform your contacts: Let friends, family, and colleagues know that your phone might be compromised as hackers may try to impersonate you to spread scams in Singapore.

6. Backup essential data (if possible and safe): If you can, backup critical data (like photos and contacts) that isn't already synced but avoid backing up suspicious apps.

7. Factory reset your phone: This is often the most effective way to remove persistent malware but keep in mind it will erase all data. Ensure important data is backed up first.

8. Report to relevant authorities: In Singapore, you can report cyber incidents to the Singapore Police Force or through the Cyber Security Agency of Singapore's (CSA) SingCERT. You can also report suspicious calls and messages via the ScamShield app.

Additional Advanced Security Tips

Beyond the essential tips on how to prevent your phone from being hacked, consider these advanced measures to further strengthen your phone's security:

• Enable Two-Factor Authentication (2FA): Enable 2FA on all accounts that support it, especially your Apple ID or Google account as well as banking and social media. This adds an extra layer of security requiring a second form of verification.

• Use unique passwords: Avoid reusing passwords. You can also store your passwords securely using a reputable password manager that can also generate strong, unique passwords for each account.

• Set up a SIM card PIN: This requires a PIN to be entered when the phone is restarted or the SIM card is inserted into another device. It helps prevent unauthourised access if your phone is stolen.

• Enable remote wipe: Ensure you can remotely wipe your phone if it gets lost or stolen. Both iOS (Find My iPhone) and Android (Find My Device) offer this feature, allowing you to erase all data from your device and prevent sensitive information from falling into the wrong hands.

Key Summary

Just like in real life, cyber hygiene is important

Knowing how to protect your phone from being hacked often comes down to cyber hygiene. These tips might seem almost too easy to be of any use, but the truth is that keeping safe from hackers is a lot like maintaining good habits. You don’t need complex or complicated ways to ward off most hackers – what you need is consistency.

Here’s a quick recap of essential steps to prevent phone hacking:

• Keep your phone’s software and apps updated to patch vulnerabilities and ensure you have the latest security features.

• Use strong authentication including robust screen locks and Multi-Factor Authentication (MFA), on all your accounts.

• Avoid risky behaviours like rooting or jailbreaking your device, using public USB chargers (unless with a data blocker), or connecting to untrusted Wi-Fi networks.

• Be cautious with links in emails and messages to avoid phishing attempts and always verify senders. Remember to use scam prevention tools like ScamShield.

• Act quickly if you suspect your phone is hacked to prevent further damage.

• Practice ongoing cyber hygiene to stay protected in the evolving digital landscape. It is also best practice to back up data of your phone in case of loss or theft, ensuring your precious memories and important documents are safe.

By consistently applying these straightforward measures, you can significantly reduce your risk and keep your digital life secure.

Connect with us!

• Subscribe to the TechNews email newsletter

• Join the Tech Kaki user-testing community