How to Keep the Government Out of Your Smartphone
We use smartphones for just about everything, and while that may be beneficial to us in our day-to-day lives, it can also be used against us in the court of law.
Law enforcement officials can seize smartphones and give warrants to Apple, Google, your cellular provider—whoever they need to—in order to gain access to the device. This means that your text messages, phone calls, emails, etc. can be used as incriminating evidence against you.
The police may be able to confiscate your phone easily, but who says you shouldn't make it difficult for them to look through?
For any Android-based phone, there are three ways methods of unlocking your phone—a swiping unlock pattern, a PIN number, and an alphanumeric password.
The swiping unlock pattern is the most popular choice for users and is a great deterrent for lurking friends and family. After five incorrect attempts, the phone will provide an option to enter the phone by using your Google account email address and password.
What this means is that if law enforcement is able to obtain the email and password from Google, they can easily gain access to any Android phone with a swiping unlock pattern.
If law enforcement does indeed ask Google for this information, and if Google complies, Google will create two new passwords—one given to law enforcement that allows them to enter the phone and another that is only given to the owner of the phone that can be used after law enforcement has finished using the phone. This prevents law enforcement from having ongoing access to the device's data.
This past March, the FBI served Google a warrant in order to access an Android phone owned by a pimp. Google refused to unlock the phone because the proper warrant was not used by the FBI, and they've since made it clear that they want anticipatory warrants, which are based on affidavits that show probable cause that evidence of a particular crime will happen at a specified location at some point in the future.
Smartphones constantly receive new information because of their always-connected nature, so regular warrants that would work to seize computers would not work on smartphones. Anticipatory warrants are the only way Google will unlock the phone because of possible information that may be sent to the phone. Google refuses to give assistance to any law enforcement agency that uses a wrong warrant and then tries again with the anticipatory warrant.
If the FBI has a few trained hackers, they might actually be able to gain access by bypassing the Android's lock screen. In fact, you don't even need to be a hacker to bypass the lock screen—anyone can do it—even you. It can also be as simple as...
Google does their share to keep your phone private, but what can you do to keep prying eyes away from your mobile device?
- Don't use the swiping unlock pattern. This is the only method of the three for Android phones that gives you the option of logging in with your Google email and password. Instead, use the PIN or alphanumeric password.
- Just because you use a PIN or alphanumeric password DOES NOT mean that your information is totally safe. Forensic analysis tools can be used to directly copy all the information in your phone onto an external drive.
- To combat data thieves, encrypt the data stored on your device. On an Android phone, you can add encryption by going to Settings > Personal > Security > Encryption > Encrypt phone. To learn more, check out Google's own step-by-step guide to encrypting your Android phone.
- Android currently uses the same PIN or password for both the screen unlock and to decrypt the disk. Since users have to unlock their phones dozens of times a day, the password will most likely be short.
- If your Android phone is rooted, you can use the Cryptfs Password app to use two different passwords, one for the screen unlock and one to decrypt the disk.
- Choose a much longer password. This presentation from Thomas Cannon at Defcon 2012 shows how someone can easily hack into a 4-6 digit numeric pin in seconds.
It is not directly clear how Apple retrieves information from their phones, but they are willing to cooperate with law enforcement. Using the cloud with Apple or Dropbox provides law enforcement agencies access to stored data.
If you want to be better safe than sorry, then change your simple passcode on your iPhone to a more secure alphanumeric. You can do this by going to Settings > General > Passcode Lock and turning off the "Simple Passcode" option. This will let you create a longer passcode with letters and numbers.
From the same menu, you can also enable the "Erase Data" option, which will erase all of the data on the iPhone after 10 failed passcode attempts.
Another way to make sure your information stays private when in the hands of the law—remote wipe it. Just download the Find My iPhone app onto all of your Apple devices, that way if one of them is confiscated by the police, you can remote wipe it from your remaining device. You can also easily do this from a computer by accessing your iCloud account and going to the Find My iPhone web app, which will most likely be your method if you only have (or did have) one Apple device.