In this modern era of paranoia suffered by Australian authorities and their deliberate erosion of our long-held rights to privacy, I believe that citizens have the inherent right to protect their sensitive information and data from intrusion. Nothing is sacred these days and there are even laws that allegedly force citizens to divulge passcodes to their devices, so that police and others can pillage through their sensitive and sometimes embarrassing private data. I consider that this is completely intolerable and unacceptable. Therefore I will do whatever it takes to keep all my data out of the hands of those whom I feel have no business intruding on my privacy. I advise everybody to read this article and take my advice about cop-proofing their smartphones.
I have to say that I am a Windows PC user and I would probably never go to the Apple ecosystem for a computer. Apple Macs are nice, but as a computer builder of over 40 years duration, I'm firmly in the Windows camp, as I was in the good old DOS days. But when it comes to smartphones, I have to say that for the forseeable future, the only one that I will ever use is the Apple iPhone, for a number of excellent reasons.
The iPhone Operating System (iOS) is completely locked down by Apple and unless you "jailbreak" your iPhone and install dodgy apps from a strange source, the only way you can acquire apps is from the Apple App Store. The beauty of this is that so far, Apple has been meticulous in checking every app thoroughly before it is permitted to be available for download from the App Store. So there is virtually no chance of downloading an app that contains malware, viruses or anything detrimental.
On the other hand, the Google Android operating system is completely open source, meaning that there are a myriad of versions available for free and this is why Android smartphones are cheaper than iPhones. Being open source, Android is very vulnerable to malware and it is most unfortunate that the Google Play Store is riddled with Android apps that contain malware, viruses, Trojan Horse spyware, keyloggers and all sorts of nasty apps. Put it this way - I feel totally secure doing everyday banking on my iPhone, but I wouldn't dare do this or anything else that is sensitive on an Android phone.
The other big issue with Android phones is that they are fairly easy to crack - get past the lock screen and access everything on those phones. Police do it all the time with seized Android phones, but because iPhones are so thoroughly protected, police and other authorities tear their collective hair out when they are tasked with accessing a locked iPhone, especially if it has the latest security updates.
The only issue with some apps that have been found in the App Store and Google Play Store is that they are what is known as 'Fleeceware'. These apps are tricky, because there's typically nothing malicious in their code. They don't steal your data or try to take over your device, meaning that there's nothing malware-like for Apple's or Google's vetting process to catch. Instead, these scams hinge on apps that work as advertised, but come with hidden excessive subscription fees. A flashlight app that costs $9 per week or a basic photo filters app that's $30 per month would both be fleeceware, because you can get the same types of tools for free, or much cheaper, from other apps. With all apps, it is up to the users to never sign up to subscriptions until they are checked out and found to be worthwhile.
There have been a few famous cases of American authorities being totally stymied by being unable to unlock iPhones seized from criminals and terrorists. For example, in 2015, the FBI seized the iPhone 5C of Islamic terrorist Syed Rizwan Farook and could not unlock it. Knowing that ten wrong attempts would totally destroy everything on the iPhone, the FBI demanded that Apple help unlock the phone.
A court order was granted that required the FBI and Apple to work in tandem to develop software that preserved the data on Farook’s phone while allowing an app devised by the FBI to input an unlimited number of passcodes until it guessed the right one. Apple point-blank refused to do this or modify its operating system to allow a backdoor, so that the FBI could circumvent the passcode on an encrypted iPhone.
And that is the situation to this day. There have been rumours that devices have been developed that can bypass the iPhone passcode, but so far there seems to be no evidence of this. Apple has always refused to unlock a locked phone for police and other authorities, despite being threatened with dire consequences. So if you want to ensure that nobody is going to get at your sensitive data, use an iPhone and keep away from Android phones.
While things like fingerprint and face recognition might functionally seem like the same thing as a PIN or password when it comes to unlocking your phone, depending on your location or jurisdiction, the law may treat those two login methods very differently.
The big thing that separates biometric login methods from a PIN or password is that courts typically view the latter as information protected by law, which gives people the right to protect themselves against self-incrimination. That means if the police ask you for your PIN to unlock your phone, even if they have a warrant, you can simply refuse. You should always automatically refuse to allow police any access to your phone under any circumstances, no matter what threats they level at you. Just don't do it.
However, when it comes to face or fingerprint login, the same rules do not necessarily apply and in some cases, law enforcement personnel could forcefully press your finger to your phone or merely point its camera at your face, thereby unlocking it and gaining access to its contents against your will.
This was actually done by corrupt Queensland cops to an ex-federal policeman who was video recording them committing an illegal act. The thuggish cops grabbed the ex-Federal cop and forced his finger onto the fingerprint sensor of his iPhone, unlocked it and illegally deleted the incriminating video. It was fortunate that the whole incident was captured by a CCTV camera.Here is the news report of this incident.
The law isn't entirely settled and to be safe it's better to remove biometrics from your phone's lock screen, so that even if rogue cops or other authorities try to unlock your phone, they won't be able to do it without the passcode. The iPhone is particularly good at protecting itself against any attempts to crack into it. Ten wrong passcode attempts will immediately trash everything on the iPhone, completely beyond the reach of those people. But the iPhone can be completely restored by the owner from the iTunes encrypted backup in a couple of minutes, provided that the owner has been diligent and backed up the iPhone very regularly to a computer.
Enabling a strong PIN or password instead of face or fingerprint login is the only safe course of action. On iPhone, navigate to Settings then scroll down and choose Face ID and Passcode to deactivate Face ID. Different versions of Android will have the settings for biometrics located in different areas, so you'll want to check with your specific phone and version of Android. Look for Face Unlock or Fingerprint Unlock under Settings.
You will also probably want to remove access from the lock screen to any digital assistants on your phone, as you do not want a cop to call up Siri, Alexa, or the Google Assistant and getting data from your smartphone and thus bypassing the lock screen. So if your phone is secured with a PIN or password, you can set those digital assistants to not be accessible from the lock screen and in that way, police and others cannot use them to gain access to your phone.
On iPhone, go to Settings and then choose Siri and Search and then deactivate "Allow Siri When Locked." On Android, navigate to Settings and look for Google Assistant to deactivate it from the lock screen. For other voice assistants like Alexa and Cortana, only allow access to them after your phone has been unlocked with your PIN or password.
Most people have their phones set to require a PIN or password after five or 10 minutes of inactivity, which leaves the phone vulnerable to be unlocked by police within the inactivity time. You do not want someone to be able to grab and access your phone without a password because you just had it unlocked. To change that on iPhone, navigate to Settings and then Face ID and Passcode and change Require Passcode to Immediately. It's more difficult to do on Android, but can usually be found in Settings under Security or Passcode. it is slightly more inconvenient to keep unlocking your phone every time it is taken out of standby, but believe me, it is worthwhile because you will know that no matter what, there's no chance of somebody unlocking your phone without your permission.
If you're in a situation where your phone could potentially get confiscated and you haven't already changed the passcode requirements, it's important to know how to force your phone to require a PIN or password the next time anyone tries to unlock it. The first way is to simply restart your phone, as on both Android and iPhone, as long as you have a PIN/password set, the operating system will require a PIN/password upon restart.
But in a pinch, there are even faster ways. On modern iPhones, you can quickly press the lock button five times and the Power Off button will appear. Even if that button is not used and the Cancel button is pressed, the PIN/passcode will be required to open the iPhone.
On Android, there's a special Lockdown setting that can appear anytime you hold the phone's power button down, but before you can use it, you first need to enable the option in your device's settings. On most versions of Android, it's found by going to Settings and then choosing Security and Location. Next, choose Lock Screen Preferences and Show Lockdown Options.
The best procedure is to only enable the camera to be accessed from the lock screen. In that way, you can record whatever you want without leaving your phone vulnerable to be seized by cops while it is unlocked. The videos and photos that you take will remain intact, as they cannot be deleted from the lock screen.
As we've seen in China, governments have started getting more sophisticated when it comes to using technology to monitor people, including the use of tracking devices that connect to nearby cell or WiFi nodes. In Australia in 1994, Sydney businessman Phuong Ngo was convicted for killing politician John Newman, when police produced his cellphone metadata that proved that Ngo was at Newman's premises at the time of the murder, thus destroying his false alibi completely. The Australian government is retaining cellphone metadata of all users for at least two years.
So if you really do not wish to be tracked if you are going to do something that you wish to keep secret, or you want to hide your digital footprint, you should turn on your phone's Aeroplane Mode to help hide your digital footprint. Incidentally, you should understand that when you switch your smartphone off, it is not really off, but on standby and is still pinging nearby cells and registering your location at a particular time. The only way to stop the phone doing this is to put it in Aeroplane Mode or switch it off completely by holding down the Off button for some seconds.
Unfortunately, switching off your phone or turning on Aeroplane Mode comes with the downside of your phone not being able to communicate with others. But if you do temporarily enable Aeroplane Mode, it's important to know how to quickly turn it off again. On Android, open the notifications tray with a swipe from the top of the screen and choose Aeroplane Mode. On newer iPhones, swipe from the top right of the screen and press the Aeroplane button. On older iPhones, swipe up from the bottom and press the Aeroplane button.
Always be aware that if your phone is confiscated, you could lose all the data on your phone. So if you're serious about making sure that this doesn't happen, you should back up your phone before you leave home. In fact it is a very good policy to back up your phone every day, especially in the morning, so you will always have the latest backup from which to restore your phone if it is taken from you, or you have to replace your phone and restore the data to the new one.
On Android, you can back up your phone's data to your Google account, so that later you can restore the back on your phone, or even an entirely different Android device. On iOS, there are simple ways to back up your device to iCloud or a local Apple computer, so you can safely restore everything in case your iPhone gets lost or damaged. It is preferable to back up your iPhone to your computer with an encrypted backup and keep a copy of that backup on an external device that is well concealed, so that even if your computer is seized as well, your iPhone data can be restored from another computer. Backing your iPhone to iCloud is not a good idea, as Apple will supply that data to police on subpoena.
Another important thing to configure is your personal medical information and emergency contacts. In Android, Google's Personal Health feature has a dedicated place to list emergency contacts, along with place to list pertinent medical details such as allergies, blood type and more. On iPhone, Apple provides a similar system as part of Apple Health that lets you create a Medical ID and health profile, with the option to add emergency contacts under the Emergency SOS settings.
While these features may only be useful in niche situations, it's important to know that both Android and iPhone have a way of displaying one app while locking everything else behind your PIN or password. This can be useful in case you need to hand over your phone to show a digital driver licence, virtual insurance or ID card, but don't want the police to have full access to your phone.
In Android, this feature is called Screen Pinning, while on iPhone it is called Guided Access. While the setup varies slightly between platforms, both versions allow you to configure a way to provide limited access to an app or a file on your phone without giving someone free rein over the entire device.
Customs services in all countries have very formidable powers. They can demand that you unlock your smartphone or computer and trawl through its contents and you can be arrested and jailed if you refuse to do so. If they find anything untoward, like pornography, dog fighting or anything that may be illegal in their country, even if it is completely legal in your country, they can confiscate and destroy your smartphone or computer and hit you with a large fine or even arrest and jail you.
There is one very simple remedy that will keep you and your equipment safe. Before you embark on your trip and you are taking a notebook computer and your smartphone, check the entire contents and make sure that anything that could remotely be construed by any nation's Customs as being offensive, illegal or even obnoxious is removed. Not just deleted, but wiped from the computer's recycle bin, so that it cannot be recovered. Don't have any content that could cause you the slightest problem.
This doesn't mean that you cannot access such sensitive files. All you need to do is to set up a Cloud storage account or a Network Addressed Storage (NAS) device that is connected to the Internet. Put your sensitive files on it and when you need them, download them to your computer and smartphone, once you have passed through Customs and are in that foreign nation.
Of course you should never put a reference or the web address and log-on details for that remote storage on any of your equipment and never disclose this to foreign Customs or anybody else. You are not required to tell anybody about files or data that are not in your physical possession. If it is not written anywhere, then they would have to be clairvoyants to find out about it - and of course they are not. That way, no Customs officials will be any the wiser, even if they thoroughly examine your computer or smartphone.
But this is how crazy it is. Customs can arrest you for having illegal content on your smartphone or computer when entering a nation, yet if you wipe that content from your devices, all that content can still be instantly retrieved from your Internet Cloud storage or NAS device in an instant, once you have crossed the border. When it comes to data these days, there is no such thing as border control, so a savvy traveller can access literally anything whenever he can get onto the Internet.
If you prefer to have your data at your disposal at all times and you feel confident, you can keep your sensitive files on a microSD card. These memory cards are very tiny, literally the size of a thumbnail and not much thicker. They can be concealed almost anywhere and they would not trigger a metal detector. For higher security, you should encrypt the entire contents of the microSD card.
These microSD cards are available with capacities up to 1 terabyte, literally the same capacity as the average computer hard disk drive. A well concealed microSD card would be extremely difficult to find. So if you want to keep your sensitive data handy at all times, especially if you know that you are going somewhere without Internet access, just find a really good hiding place for your data-laden microSD card and chances are that foreign Customs officers won't find it, even with a comprehensive frisk search. And just make sure that the microSD card is in a place where x-rays won't see it.
If your computer has a mechanical hard disk drive, even though you delete sensitive files from the Recycle Bin and you think that they are gone, the files still leave their traces in the magnetic residue on the hard disk platters. Using the right equipment such as a Spinstand Tester, some of those files that might be very incriminating can be recovered. So if you really want to ensure that sensitive files are well and truly gone forever, you need to delete them with a military grade eraser program and there are plenty of such free apps out there.
But none of this applies to solid state drives (SSD). These days, just about every modern notebook or ultrabook computer uses SSD for storage, so the idea is to delete anything sensitive from the SSD and delete the contents of the Recycle Bin before going through foreign or Australian Customs, making sure that those files are first backed up in your remote Cloud or NAS storage. Once files are deleted from the Recycle Bin, they are gone forever. That way, you won't get caught with your pants down, figuratively speaking. One of the best computer upgrades is to replace the old mechanical hard disk drive with a SSD. It's a hell of a lot faster and far more secure.
It is amazing how many people have incriminating or illegal information on their smartphones and computers. For example, people try to enter a country on a tourist visa that does not allow them to work, yet they have messages and files on their computers and smartphones that indicate that they have arranged jobs in that country. This is height of stupidity and carelessness. Many people are caught out by immigration officers who find such messages and files on their devices and in most cases, those people are instantly deported.
So when travelling, the safest thing to do is to delete all text messages and delete the "Recent Calls" register on your smartphone, so that the authorities cannot see who you have been phoning or who has phoned you. Delete all but the most innocent emails. Delete all chats and texts from encrypted message apps. It's one thing to use those apps and know that you can't be eavesdropped, but it's very foolish to have to unlock your smartphone and give border authorities access to the communications that would have been totally confidential.
Most people who have an ultrabook computer do not realise that when they press the OFF button, it does not actually switch the ultrabook off. The computer essentially goes into a standby sleep mode. So Customs could demand that you switch on your ultrabook and see what is sitting in the memory. You can actually switch off your ultrabook completely by holding down the OFF button for about 10 seconds. This will actually switch the computer right off, also flushing the memory completely. The same applies to a smartphone. Hitting the OFF button only puts it on standby, so the idea is to hold the OFF button down for about 5 to 10 seconds until the phone switches right off. Then you can feel confident when you hit the Customs and Immigration hall that nothing incriminating can be recovered from your devices.
Even when I am re-entering Australia from an overseas trip, I make sure that there is nothing sensitive on my SSD-equipped ultrabook computer or iPhone. If I am pulled aside by Customs for an inspection, I immediately state that there is absolutely nothing of any interest or anything remotely illegal on my devices. I state that I have deleted everything except essential software and files and have flushed the contents of the Recycle Bin, so that nothing that was deleted can be recovered. Therefore Customs can look all they like and they will find nothing incriminating. But I can reload all those missing files from my backup as soon as I am back home or anywhere else in transit from the Internet. It's always better to be safe than sorry.
Finally, the other main thing you should do before going into a situation where police or other authorities might try and access your phone is to make sure that your device is charged up and has lots of available storage. Almost every phone nowadays has a way to access its camera without fully unlocking the phone, so you can capture photos or videos more securely. Furthermore, the built-in voice recorders on most phones will continue to record audio even when locked, so if anything goes down, you'll want to make sure you have room to record everything you can. Nothing beats hard indisputable evidence in court.
It is abundantly clear that the public can't trust the cops or other authorities, so it's important for anyone who values their security and privacy to do everything they can to protect themselves and their devices and data. Passcodes and encryption will keep snoops at bay, but only if you employ these measures and never ever divulge those passcodes or decryption keys to anybody.