Best practices for modest smartphone security?
October 27, 2017 10:35 AM Subscribe
Until now, I've avoided running Google Calendar and email (I'm using Fastmail) on my phone - I prefer to keep these functions "in the office". However, this is becoming a necessity for business meetings. I have a Motorola Moto E running Android 5.1. Besides a four-digit lockout code or other common security measures, how can I maintain a modest amount of security around Google Calendar and email? Special snowflake detail: I have a separate Gmail account for my phone that is not tied to other Google functions; and I don't want to buy a new phone.
I like using the (paid) Nine app to split out work accounts on my phone.
posted by Nonsteroidal Anti-Inflammatory Drug at 11:11 AM on October 27, 2017
posted by Nonsteroidal Anti-Inflammatory Drug at 11:11 AM on October 27, 2017
Best way I know to redirect all of a Gmail account's incoming traffic to a Fastmail account is to set up a filter rule in the Gmail account that matches on "Doesn't have to:LklZYK9cmUsMidfBL8DH" (get your own random string from the link, don't use this one) and forwards matching messages to your Fastmail account.
The reason this works better than using their official forwarding facility is that Gmail's user-created filters get run ahead of its spam filter, while plain old forwarding happens after it. By using a filter rule that's absolutely guaranteed to match every incoming message, the occasional spam false positive will end up in your Fastmail spam folder rather than inconveniently sequestered inside your Gmail account.
The downside is that Fastmail's spam filter is not quite as competent as Google's, and having your Fastmail account spammed from two different directions will mean that you see a bit more of it. Even so, it works quite well enough for me.
My own filter rule also marks forwarded mails as read and deletes them; since cutting over to Fastmail I have no interest at all in ever interacting with my Gmail account in any way, and can think of no reason why my legacy mail corpus needs to stick around on their servers being endlessly scrutinized by their adbots.
posted by flabdablet at 11:47 AM on October 27, 2017 [1 favorite]
The reason this works better than using their official forwarding facility is that Gmail's user-created filters get run ahead of its spam filter, while plain old forwarding happens after it. By using a filter rule that's absolutely guaranteed to match every incoming message, the occasional spam false positive will end up in your Fastmail spam folder rather than inconveniently sequestered inside your Gmail account.
The downside is that Fastmail's spam filter is not quite as competent as Google's, and having your Fastmail account spammed from two different directions will mean that you see a bit more of it. Even so, it works quite well enough for me.
My own filter rule also marks forwarded mails as read and deletes them; since cutting over to Fastmail I have no interest at all in ever interacting with my Gmail account in any way, and can think of no reason why my legacy mail corpus needs to stick around on their servers being endlessly scrutinized by their adbots.
posted by flabdablet at 11:47 AM on October 27, 2017 [1 favorite]
Best answer: Set up two-step verification for everything, especially your email and Google accounts. Go into your calendar settings and make sure it's private (it should be this way but it's worth checking if you're concerned).
posted by AppleTurnover at 11:47 AM on October 27, 2017 [1 favorite]
posted by AppleTurnover at 11:47 AM on October 27, 2017 [1 favorite]
Best answer: Set up two-step verification
This. Super important. Best change you can make, IMO.
Use a local password manager with a strong pass-phrase, like 20+ characters. Pick it by somethign proven to be robust like diceware or similar. Otherwise, don't store any passwords or identifying information (especially cc #s) with anyone or anything, in a browser cache, apps, whatever. Everything stored, encrypted in the manager. Use it to generate the maximum length and entropy (as many symbols as allowed) passwords any particular log-in will allow you to use. Don't use the same username across many services (again in the password manager).
Also, get away from simple 4-digit lock codes. There are many better options on android.
posted by bonehead at 12:07 PM on October 27, 2017
This. Super important. Best change you can make, IMO.
Use a local password manager with a strong pass-phrase, like 20+ characters. Pick it by somethign proven to be robust like diceware or similar. Otherwise, don't store any passwords or identifying information (especially cc #s) with anyone or anything, in a browser cache, apps, whatever. Everything stored, encrypted in the manager. Use it to generate the maximum length and entropy (as many symbols as allowed) passwords any particular log-in will allow you to use. Don't use the same username across many services (again in the password manager).
Also, get away from simple 4-digit lock codes. There are many better options on android.
posted by bonehead at 12:07 PM on October 27, 2017
According to Motorola's web site neither the first nor second gen Moto E phones are receiving any more security or OS updates. As such, you might want to consider installing something like LineageOS.
posted by Poldo at 1:05 PM on October 27, 2017 [1 favorite]
posted by Poldo at 1:05 PM on October 27, 2017 [1 favorite]
What sort of threats do you want to protect against? If the physical security of your device is a concern, you should also encrypt your phone, so that it's much harder for someone who has your phone to get at any data stored on it if they don't know your PIN.
posted by Aleyn at 1:52 PM on October 27, 2017
posted by Aleyn at 1:52 PM on October 27, 2017
Best answer: Unfortunately, your Android 5.1 phone almost certainly does not have the latest Android security updates. Anything else you do in terms of security is unlikely to overcome that issue. I'd install a different ROM or purchase another phone if security was important.
posted by cnc at 8:09 AM on October 28, 2017
posted by cnc at 8:09 AM on October 28, 2017
« Older How do I shake up my bookmarks? | Advanced Mac troubleshooting Anything else to try... Newer »
This thread is closed to new comments.
posted by notorious medium at 10:49 AM on October 27, 2017 [1 favorite]