The basic tips are probably just the tip of the agency’s cyber-warfare-arsenal iceberg, but state-sponsored actors are equal-opportunity champions too

When a spy agency tells smartphone owners to be more cautious about certain insecure practices, it is time to take action.

The US National Security Agency’s Mobile Device Best Practices report issued this month has rounded up many useful tips for avoiding phone hacking, scams and other harmful internet crimes.

Confirming that “threats to mobile devices are more prevalent and increasing in scope and complexity”, and that users of such expensive mobile devices “desire to take full advantage of the features available on those devices”, the report states that “the features provide convenience and capability but sacrifice security.”

Users can take to better protect personal devices and information through the most common measures such as keeping their phone’s security updates current, using biometrics and multi-factor authentication features, and practicing strong password hygiene.

Some of the lesser-known (or less-preferred) tips include:

  • Disable location services when not needed [and] do not take the device with you to sensitive locations
  • Never connect a personal device to government computers via Wi-Fi or Bluetooth, or to public/free Wi-Fi networks
  • Only use your phone’s original charging cords and avoid public USB charging stations
  • Consider using a protective smartphone case that drowns the microphone to block room audio (hot-miking attack). Install a suitable camera lens cover for selfie and main cameras
  • Install a minimal number of applications, and install only those from official application stores. Be cautious of the personal data entered into applications. Close applications when not using
  • Power the device off and on weekly
  • Disable Bluetooth when you are not using it. Airplane mode does not always disable Bluetooth on some devices or user settings

When it comes to phone hacking tactics, the NSA should know best — the agency is said to be capable of spying on millions of smartphones and intercepting internet communications around the world per day! Whatever privacy/security-compromising tactics not addressed by the spy agency are even more alarming — such as their clandestine use of zero day exploit information, or falling victim to their own zero-click surveillance malware (as reported in Fast Company).