Hardening Mobile Phone Devices – iOS/Android

Mobile Hardening

A question I often get asked by a lot of mobile users is regarding how they can secure “harden” their mobile devices. What can they do to add some layers of protection to secure their mobile devices?

There aren’t a whole lot of software tools that are out there which actually harden mobile devices. And, it’s a bit unfortunate that mobile security has a lower priority these days.

Kaspersky Threats 2015

Kaspersky Threats 2015

Courtesy of (

For most Android and iOS devices there are a few steps and actions that you can take in order to harden your mobile device.

The following steps should give you some basic hardening techniques for personal use.

Steps to Secure Your Mobile Devices

1. Prevent and/or Detect jailbreaking for (iOS devices) or Rooting for (Android devices). Once you begin granting and giving any application root access. Then, expect that all regards to any privacy of all of your applications is now non existent.

2. Download apps only from reputable sources such as “The Apple Store” or “The Google Play Store“. Stores such as the Apple Store or Google Play Store usually will test out the apps before allowing them to be publicly released out to everyone.

3. Make use of your browser for sensitive operations. Avoid using apps to managing banking information, credit cards etc.  The main issue at hand is that many apps may not make use of certificate verification. This is a type of check that can verify if the app is actually created and modified by the actual owners. In terms of which browsers are the safe ones to use. Well, Firefox and Chrome on Android devices are both a great choice. And, for Apple devices obviously Safari is the best choice.

4. Starting making use of Encryption! There is no cost to encryption and the speed difference is unnoticeable for the average user.

5. Unlock your mobile device by choosing good passcodes or use biometrics such as a fingerprint scan for your device. Don’t use pattern swipe, as I personally have seen people break it fairly easily.


Android Devices

Android Devices

Additional Security for Android Devices Only:

1. Use quality security apps! No Root Firewall  is a good option to try out. ( Use it to monitor network traffic. Sophos Free Antivirus and security is a good anti-virus solution to take for a test drive. It’s great for checking applications,  and has the ability to remote wipe/locate your device.

2. Don’t leave USB debugging enabled. A lot of developers forget to turn this feature off and expose their device.

3. If running Marshmallow change USB configuration (under developer options) to Charging.

I hope some of the above tips help with hardening your mobile device.

I am hoping to find or develop a mobile hardening app for future posts.

If you know of other options please feel free to leave your suggestions in the comment box below.

4 Responses to “Hardening Mobile Phone Devices – iOS/Android”

  1. M206711 says:

    Very nice post. I just stumbled upon your blog
    and wanted to say that I’ve really enjoyed surfing around your
    blog posts. After all I will be subscribing to your rss feed
    and I hope you write again very soon!

  2. Golden Goose Slide Mujer Baratas says:

    Hey there this is kinda of off topic but I was wondering if
    blogs use WYSIWYG editors or if you have to manually code with
    HTML. I’m starting a blog soon but have no coding know-how so I wanted to get
    guidance from someone with experience. Any help would be enormously appreciated!

    • Harry says:

      Blogs can use both methods. I’d say they are getting to a point now where you don’t really need to know much HTML. CMS platforms like Drupal, Joomla, WordPress etc.. all now no longer need HTML knowledge.


  1. Cellebrite Systems Breeched - StealthBay - […] They have created a well known product that is called Universal Forensic Extraction Device (UFED). This tool basically can…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.