Ask HN: How to Harden Your Phone? | Not Hacker News!

Q&A highlight

7 points

17 comments

Posted4 months agoActive4 months ago

Ask HN: How to Harden Your Phone?

mobile securityprivacycybersecurity

Ask HN: How to Harden Your Phone?

No synthesized answer yet. Check the discussion below.

Discussion (17 comments)

Showing 17 comments

4 months ago

1 reply

How about this idea?

Since a great deal of mobile usage is at home, how about a firewall of the home network as an 80/20 kind of solution? (YMMV) You might include a VPN.

This does not help away from home.

I have asked friends to use Signal for its many features, but I'm in low-tech company lately. They need a kick. Signal might address your messaging needs, and TBH, is better than imessage or FaceTime in mixed company. "Green people". Mainly because it is entirely crosds-platform.

4 months ago

1 reply

Can you please expand on 80/20 rule? 20% of traffic on mobile device or 20% might be suspicious?

I believe Signal is compromised! There are many such articles online https://www.truesec.com/hub/blog/russian-intelligence-compro...

4 months ago

1 reply

They suggest you might be at home 80% of the time, thus firewall on the home network would protect during that time.

4 months ago

That was my intent. Simply that you might be protected 80% of the time, if you spend 80% of your usage at home, and of course, YMMV.

But the 80/20 rule as written about is quite different. Simplified, it states that some 20% of effort or cases can give 80% of the results, whereas the other 20% can take 80% of your time/effort to nail.

Please query Signal about any security concerns. There was a clone of it being used by government officials that had flaws.

4 months ago

1 reply

At the bare minimum, ditch the iPhone.

Get a pixel

Install grapheneOS

4 months ago

2 replies

Ordered a Pixel 10 pro XL a couple days ago :-)

You believe GrapheneOS is more secure than Android?

4 months ago

moving from iphone to stock android is arguably a downgrade in regards to security & privacy. a rough rule of thumb is grapheneOS on a pixel (security & privacy) > stock ios (security, and at least their business model isn't openly selling your data) > stock pixel (security only, bad privacy) > stock android (not great on both fronts)

4 months ago

Stock Android & iOS are literally spyware.

GrapheneOS is very private.

4 months ago

1 reply

If you're really worried, when you sign up for service, create a separate email that you only use for things related to your phone. Don't surf the web on it, or do anything other that making phone calls or sending texts. Don't use it as a general purpose computer.

Computers at home, behind a router, running something like Cubes to further partition activities are far more secure than something persistently exposed to all the side channel attacks present on a phone.

4 months ago

1 reply

> do anything other that making phone calls or sending texts

That's all they need to send you a zero-day, zero-click exploit

4 months ago

1 reply

A zero day attack on an email you don't use for anything important, not your real email or your real computer.

4 months ago

Appreciate you engaging. It could still reveal my location or even DOX me or my customers if I turn the idea into a product.

4 months ago

Who and what are you trying to protect from? ICE/NSA will hack your phone, and all you can do as an amateur is to make their life harder (and raise their suspicion even more)

4 months ago

This guide for iPhone and Android is a good start. Not all their recommendations are obvious.

https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

For a deeper guide, check out the CISecurity benchmarks for your smartphone. They go a bit deeper. But the CISA guide will get you most of the way there.

https://www.cisecurity.org/cis-benchmarks

4 months ago

1. Disable Face ID/fingerprint unlocks and go back to using a alphanumeric pass code (letters and numbers). It's fine once you're actually in the phone, but you absolutely don't want to unlock your phone from the lock screen with biometrics.

2. Watch what kind of app permissions you grant to what apps. This is way easier to do on iPhones vs Android phones.

3. Understand that Google Apps (gApps) on Android phones are essentially a rootkit anymore. Especially with that recent news that Google is going to try to end sideloading APKs. Apple isn't that much better but they're more "out of the way" when you try to work.

4. Apple's SDK for its devices is more private than Android in certain ways. The IceBlock app's explainer is really good about this: https://www.iceblock.app/android

4 months ago

I alway found that dipping it in some araldite epoxy resin works great

Basically, squeeze both tubes, part A and part B, into a bowl, mix well.

lay your phone on a flat surface and pour the mixed araldite over the phone.

smooth and level the araldite with a plastic tool.

let dry.

sorted!

4 months ago

Im still using an iphone 6s, ios 15.8.3

Not afraid of getting “hacked” tbh. I visit normal websites, and have less than 10 standard apps.