Your checklist for maximum smartphone security

We may earn revenue from the products available on this page and participate in affiliate programs. Learn more ›

Everyone wants the data on their phone to stay private, and Android and iOS come with a variety of security features that will prevent other people from sneaking a peek.

If you suspect someone is snooping on you, there are some simple steps you can follow to secure your information, as well as a few warning signs to look out for to make sure it doesn’t happen in the future.

How to keep your lock screen secure

Whether you use a PIN code or a biometric feature (like your face or fingerprint) your phone’s lock screen is the first barrier against unauthorized access.

You can customize lock screen security on Android by going to Settings, Security & privacy, Device lock, and then Screen lock. Meanwhile, from the Settings app on iOS, choose either Touch ID & Passcode or Face ID & Password depending on which biometric security method is built into your iPhone.

[Related: 7 secure messaging apps you should be using]

You should also make sure the screen on your device locks as soon as possible after you’ve stopped using it—otherwise, someone could surreptitiously swipe it while you’re not looking before the locking mechanism kicks in. On Android, open Settings, then go to Display and Screen timeout to set how quickly the screen should turn off—your options go from 15 seconds to 30 minutes. Over in iOS settings, pick Display & Brightness, then Auto-Lock. The shorter the time period you set here, the more secure your data is.

If you need to lend your phone to someone, but still worry about their unfettered access to your handset, know that you can lock people inside one particular app or prevent them from installing anything while you’re not looking. We’ve gone deeper into these features and other similar security options, for both Android and iOS.

How to avoid spyware on your phone

Thanks to the security protocols in place on Android and iOS, it’s actually quite difficult for spying software to get on your phone without your knowledge. To succeed, someone would need to physically access your phone and install a monitoring app, or trick you into clicking on a link, opening a dodgy email attachment, or downloading something from outside your operating system’s official app store. You should see a warning if you do any of these things by mistake, but because it’s easy to disregard those notifications, you should always be careful what you click on.

Android and iOS don’t allow apps to hide, so even if someone has gained access to your handset to install an app that’s keeping tabs on you, you’ll be able to see it. On Android, go to Settings, Apps, and then See all apps. If you see something you don’t recognize, tap the item on the list and choose Uninstall. Within iOS, just check the main apps list in Settings. As the device’s owner, you can uninstall anything you don’t recognize or trust—you won’t break your phone by removing apps, so don’t hesitate if there’s something you’re unsure about.

If you want to do a bit more detective work, you can check the permissions of any suspicious apps. These will show up when you tap through on the apps list from the screens just mentioned—on Android, tap on an app and go to Permissions; on iOS tap an app name from the main Settings page and check what it’s allowed to access. In terms of notifications, system settings, device monitoring, and other special permissions, Android gives apps slightly more leeway than iOS—you can check up on these by going to Settings and choosing Apps and Special app access.

If you think your phone might have been compromised in some way, make sure you back up all of your data and perform a full reset. This should remove shady apps, block unauthorized access, and put you back in control. From Android’s settings page, choose System, Reset options, and Erase all data (factory reset). On iOS, open Settings, then pick General, Transfer or Reset iPhone, and Reset.

Watch what you’re sharing

Apple and Google make it easy for you to share your location, photos, and calendars with other people. But this sort of sharing might have been enabled without your knowledge, or you may have switched it on in the past and now want to deactivate it.

If you’re on an iPhone, open the Settings app, tap your Apple ID or name at the top of the screen, open Find My, and see who can view your location at all times. You can revoke access for everyone by turning off the toggle switch next to Share My Location or remove individuals by touching their name followed by Stop Sharing My Location. You can audit shared photo albums from the Shared Albums section of the Albums tab in Photos, and shared calendars from the Calendars screen in the Calendar app. If you’re in a Family Sharing group that you no longer want to be a part of, open Settings, tap your Apple ID or name, and choose Leave Family.

[Related: How to securely store and share sensitive files]

Android handles location sharing with other people through Google Maps. Tap your avatar (top right), then Location sharing to check who can see your location and to stop them, if necessary. You can check your shared photo albums in Google Photos by tapping the Sharing tab at the bottom of the screen, but you’ll need to open up Google Calendar on the web to edit shared calendars. Hover over the name of a calendar on the left sidebar and click the three dots that appear, and on the emerging menu, select Settings and sharing to see who can view your schedule.

Google Families works in a similar way to Apple Family Sharing, with certain notes and calendars marked as accessible by everyone, though no one will be able to see any personal files unless the owner specifically shares them. If you want to leave a family group, open the Play Store app on Android, and tap your avatar (top left). Once you’re there, go to Settings, Family, and Manage family members. Then, in the top right, tap the three dots and Leave family group.

Protect your accounts

With so much of our digital lives now stored in the cloud, hacking these services is arguably an easier route into your data than physically accessing your phone. If your Apple or Google account gets compromised, your emails, photos, notes, calendars, and messages could all be vulnerable, and you wouldn’t necessarily know it.

The usual password rules apply: Don’t repeat credentials across multiple accounts and make sure they’re easy for you to remember while remaining impossible for anyone else to guess. This includes even those closest to you, so avoid names, birthdays, and pet names.

Two-step authentication (2FA) is available on most digital accounts, so switch it on wherever you can. For Apple accounts, visit this page and click Account Security; for Google accounts, click your avatar on any of the company’s services, go to Manage account, Security, and click on 2-Step Verification.

It’s a good idea to regularly check how many devices are logging in using your Google or Apple account credentials as well. On Android, open Settings and pick Google, Manage your Google account, and Security. Scroll down and under Your devices you’ll see a list of all the gadgets linked to your Google account. You can remove any of them by tapping on their name, followed by Sign out. On an iPhone, open Settings and tap your name at the top to see devices linked to your account—you can tap on one and then choose Remove from Account to revoke its access to your Apple account.

As long as you have 2FA set up, any unwelcome visitor should be blocked from signing straight back into your account, even if they know your password. But to be safe, if you discover some sort of unauthorized access, we’d still recommend changing your password. It’s also a good idea to do this regularly to make sure that only your devices have access to your data.

This story has been updated. It was originally published on January 21, 2021.