Skip to content
Breachroad
Back to the blog
Guide

Smartphone security: 12 settings worth changing

Your phone knows more about you than your computer. Twelve practical settings and habits that genuinely protect your data, accounts and privacy.

KR
Karol Rapacz
14 May 2026 · 10 min read
Smartphone security: 12 settings worth changing

The smartphone is the most personal device we own today — it knows more about us than a computer. It holds email, banking, photos, location, contacts and the keys to dozens of accounts. And yet most people give its security a fraction of the attention they give a computer. The good news is that a dozen simple settings and habits dramatically raise your protection — without giving up convenience. Here are twelve things worth changing today.

Basics: access to the device

1. A strong lock code, not 4 digits. Set at least a 6-digit PIN or a password. A short, simple code (1234, a birthday) can be guessed or shoulder-surfed. It’s the first and most important barrier if the phone is stolen.

2. Biometrics + a short lock timeout. Fingerprint or face are convenient and secure, but always as an addition to the code (the system requires it periodically anyway). Set the screen to auto-lock after 30 seconds.

3. Encryption (usually default). Modern phones encrypt data by default — make sure it’s on. Then a lost phone is a hardware loss, not a data leak.

Apps and permissions

4. Install only from official stores. Google Play and the App Store aren’t perfect, but apps from outside them (APK files from random sites) are the most common route for malware onto a phone. Don’t install “modded” versions of apps or games from links.

5. Review app permissions. A flashlight doesn’t need access to your contacts, and a simple game doesn’t need your microphone and location. In privacy settings, check what has access to location, microphone, camera and contacts, and revoke the unnecessary ones.

6. Delete apps you don’t use. Every installed app is a potential risk and a data access point. Regularly remove ones you haven’t opened in months.

Accounts and authentication

7. MFA on key accounts — ideally an app, not SMS. Email, bank and social media should have a second factor. An authenticator app or passkey is immune to SIM swapping, unlike SMS codes.

8. A password manager instead of saving in the browser. On a phone it’s easy to be tempted by “remember password”. A password manager with autofill is better — convenient and far more secure.

9. Set up “find my phone”. The location and remote-wipe feature (Find My iPhone / Find My Device) lets you locate a lost phone or erase its data remotely.

Network, updates and vigilance

10. Update the OS and apps. Vendors patch security flaws in updates — putting them off leaves the door open. Enable automatic updates.

11. Be careful with public Wi-Fi. On open networks avoid logging into your bank; if you must — use a VPN or a hotspot from your own phone. Turn off auto-connect to unknown networks.

12. Watch out for texts and links. The phone is the main channel for smishing and vishing. Don’t click links in texts about parcels, fines and payments, and don’t give any codes to “consultants” calling from the bank — hang up and call back the official number.

What to do when your phone is lost or stolen

Act fast: remotely lock and locate the device (“find my phone”), and if there’s no hope of recovery — wipe the data remotely. Then call your operator to block the SIM (protection against SIM swap), change passwords for key accounts from another device and sign out sessions. For a stolen phone, report it to the police and inform your bank.

Frequently asked questions (FAQ)

Is an iPhone safer than Android? Both systems are well secured today and the differences are smaller than many people think. What matters is how you use the phone: installing only from official stores, updates, a strong lock code and MFA count more than the platform choice. Android gives more freedom (and more ways to harm yourself via off-store apps).

Do I need antivirus on my phone? For most users the most important thing is installing apps only from official stores and keeping the OS updated — that protects better than an extra antivirus. Reputable security apps can be useful, but they won’t replace basic hygiene.

An app asks for lots of permissions — what do I do? Consider whether the feature really needs them. A flashlight doesn’t need contacts, a calculator doesn’t need location. Excessive permissions are a warning sign — deny the unnecessary ones or look for an alternative, less greedy app.

Is public Wi-Fi really dangerous? Modern apps encrypt traffic (HTTPS), so the risk is lower than it used to be, but open networks can still be used for eavesdropping and page injection. For sensitive operations (banking) use a VPN or your own hotspot, and don’t log in over a network you don’t know.

I run a company and employees use phones for work — what do you recommend? Phones with access to company email and data should have an enforced lock code, updates, MFA and remote-wipe capability (MDM/work profile). We cover this more in our secure remote work article. We’ll help set it up.

Summary

Your smartphone is a treasure trove of data and the key to your accounts, so it deserves as much attention as your computer. It doesn’t require sacrifices: a strong lock code, apps only from official stores, a permissions review, app-based MFA (not SMS), a password manager, updates and vigilance against text links. These twelve habits close the most common attack routes and ensure that even a lost phone doesn’t become a disaster.


Sources and further reading: CISA, NCSC.

Share this article

Services Book a consultation