Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


9 top mobile security threats and how you can avoid them

No matter what mobile device you use -- iPhone or Android -- your handset is a daily target to all bad actors. Don't become a victim! Here are the top phone securities today -- and your best defenses.
Written by Charlie Osborne, Contributing Writer
Hand holding hacked phone
Tero Vesalainen/Getty Images

Today's smartphones hold all the keys to our communications, finances, data, and social lives, which makes these ubiquitous devices lucrative targets for cybercriminals.   

Whatever smartphone you use -- whether it's an Android device from Google, Samsung, or Motorola, or an Apple iOS-based iPhone -- threat actors are ever busy evolving their tactics to break into these handsets. 

There are billions of smartphone users worldwide, and none of them can completely avoid cyberattacks. Spam, phishing, malicious apps, and ransomware are only some of the threats that mobile device users face today -- and the attack techniques get more sophisticated every year. 

To stay protected, we need to understand and recognize the most common threats to smartphone security in 2023. This is our guide to what those threats are, the best defenses for avoiding those threats, and what to do if you suspect your device has been compromised. 

Here they are: the top threats to Android and iOS smartphone security in 2023.

1. Phishing, smishing, and vishing

Phishing occurs when attackers send you fake and fraudulent messages. Cybercriminals attempt to lure you into sharing personal information, clicking malicious links, downloading and unwittingly executing malware on your device, or handing over your account details -- for a bank, shopping site, social network, email, and more. 

Phishing also can be used to install malware or surveillance software on your handset. 

Also: What is phishing? Everything you need to know

Mobile devices are vulnerable to phishing through all the same avenues that PCs are -- including email and social network messages. However, mobile devices are also vulnerable to smishing, which are phishing attempts sent over SMS texts.

Spear phishing is a step up in the cybercriminal game, with attackers conducting surveillance first to gather information on their intended victim. Typically, spear phishing -- aka targeted pishing --  occurs against high-value individuals, and the motives can be financial or political gain. 

Vishing -- that's short for voice phishing -- is another attack vector gaining in popularity. Attackers employing this method will use voice services to try and defraud their victim. This can include leaving voicemails, using automated robocalls, voice-altering systems, and more to trick individuals into providing sensitive information. 

Your best defense: Don't click on links in emails or text messages unless you are completely sure they are legitimate. Be wary of unexpected calls or voicemails, and treat them as suspicious unless proven otherwise. 

2. Physical security 

Many of us forget an essential security measure: physically securing our mobile devices. If you don't use a PIN code, pattern, or biometric check such as a fingerprint or retina scan, your handset could be vulnerable to tampering. In addition, if you leave your phone unattended, it may be at risk of theft. 

Your best defense: At a minimum, lock down your phone with a strong password or PIN number; that way, if it ends up in the wrong hands, your data and accounts can't be accessed. 

You also should consider enabling security features provided by Apple and Google to help you recover your device in theft cases. Apple's Find My service tracks down devices including iPhones, iPads, and AirPods, whereas Google can also track your smartphone and tablet.

3. SIM hijacking 

SIM hijacking, also known as SIM swapping or SIM porting, is the abuse of a legitimate service offered by telecom firms when customers need to switch their SIM and telephone numbers between operators or handsets. 

Also: Here's how I survived a SIM swap attack after T-Mobile failed me - twice

Typically, a customer will call their telecom provider, prove their identity as an account holder, and then request a switch. An attacker, however, will use social engineering and the personal details they discover about you -- including your name, physical address, and contact details -- to assume your identity, instead, and dupe customer service representatives into giving them control of your number. 

In successful attacks, a cybercriminal can redirect your phone calls and texts to a handset they own. Importantly, this also means any two-factor authentication (2FA) codes used to protect your email, social media, and banking accounts, among others, will also end up in their hands. 

SIM hijacking is often a targeted attack as it takes data collection and physical effort to pull off. However, when successful, such an attack can be disastrous for your privacy and the security of your online accounts. 

Your best defense: Protect your data through an array of cybersecurity best practices so that it can't be used against you via social engineering. Try not to overshare online. Consider asking your telecom provider to add a "Do not port" note to your file (unless you visit in person), especially if you know your information has been leaked due to a data breach. You can use Have I Been Pwned to check on the current status of possible breaches. 

4. Apps: Nuisanceware, premium service dialers, and cryptocurrency miners

Your mobile device is also at risk of nuisanceware and malicious software that will force the device to either make calls or send messages to premium numbers without your consent. 

Nuisanceware is malware found in apps (more commonly in the Android ecosystem than iOS) that makes your handset behave in annoying ways. Nuisanceware is not typically dangerous, but can still be very irritating and a drain on your power. You may be bombarded with pop-up ads, for example, or be shown promotions and survey requests. In addition, nuisanceware can launch ad-laden web pages and videos in your mobile browser. 

Also: This sneaky malware hides on your PC for a month before going to work

Nuisanceware is often developed to generate income for its makers fraudulently, such as through clicks and ad impressions.

Premium service dialers, however, are worse. 

Apps can contain malicious, hidden functions that will covertly sign you up for paid, premium services. Texts can be sent and calls to premium numbers made, with victims required to pay for these services -- and attackers pocketing the cash.

Some apps can also quietly steal your device's computing resources to mine for cryptocurrency. These apps sometimes slip through an app store's security net and, in the past, have been found in official app repositories including Google Play. The problem is that cryptocurrency mining code can be found in seemingly legitimate apps such as mobile VPNs, games, and streaming software. 

Your best defense: Only download apps from legitimate app stores. Be careful and don't just gloss over the permissions requested by new mobile apps. If you encounter overheating and battery drain after downloading new software, this could be a sign of malicious activity -- so you should run an antivirus scan and consider uninstalling suspicious apps.

5. Open Wi-Fi 

Open and unsecured Wi-Fi hotspots are everywhere, from hotel rooms to coffee shops. They are intended to be a customer service, but their open nature also opens them up to attack.

Specifically, your handset or PC could become susceptible to Man-in-The-Middle (MiTM) attacks through open Wi-Fi connections. An attacker will intercept the communication flow between your handset and browser, stealing your information, pushing malware payloads, and potentially allowing your device to be hijacked.

Every so often, you also can encounter "honeypot" Wi-Fi hotspots. These are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free spots, for the sole purpose of performing MiTM attacks. 

Your best defense: Avoid using public Wi-Fi altogether and use mobile networks instead. If you must connect to them, consider using a virtual private network (VPN). If you are using sensitive services, such as a banking app, always switch over to a cellular connection for added security. 

6. Surveillance, spying, and stalkerware

Surveillanceware, spyware, and stalkerware come in various forms. Spyware is often generic and will be used by cyberattackers to steal personally identifiable information and financial details. 

However, surveillanceware and stalkerware are typically more personal and targeted. For example, in the case of domestic abuse, a partner (or ex-partner) may install surveillance software on your phone to keep track of your contacts, phone calls, and GPS location.

Sometimes, apps marketed as parental control software or employee monitoring solutions can be abused to invade your privacy. 

Also: How to find and remove spyware from your phone

Symptoms of infection may include higher-than-normal power usage and the presence of unfamiliar apps. On Android devices, you may notice that the setting, "allow/install unknown apps" has been enabled. You should also watch out for unexpected behavior and increased mobile data usage. 

Your best defense: An antivirus scan should take care of generic spyware. While there's no magic bullet for surveillanceware or stalkerware, you should watch out for any suspicious or unusual behavior on your device. If you think you are being monitored, put your physical safety above all else. 

7. Ransomware 

Ransomware can impact mobile devices as well as PCs. Ransomware will encrypt files and directories, locking you out of your phone, and will demand payment in cryptocurrency in return for a decryption key. 

Examples of ransomware detected over the last few years include Cryptolocker, WannaCry, BadRabbit, and Ruk.  

Also: What is ransomware? Everything you need to know

Ransomware is often found in third-party apps or deployed as a payload on malicious websites. For example, you may see a pop-up request to download an app -- disguised as anything from a software cracker to a betting app -- and your handset can then be encrypted in minutes. However, ransomware is less common on mobile platforms than on PCs. 

Alternatively, if cyberattacks can steal your Google or Apple ID credentials, they may abuse remote locking features and demand payment. 

Your best defense: Keep your phone up-to-date with the latest firmware, and your Android or iOS handset's fundamental security protections enabled. Don't download apps from sources outside official repositories and run frequent antivirus scans. If you encounter ransomware, you might need to restore your phone from a backup or bring it back to factory settings.

8. Trojans and financial malware

There are countless mobile malware variants, but Google and Apple's fundamental protections stop many in their tracks. However, of all the malware families you should be familiar with, trojans top the list. 

Trojans are forms of malware that are developed specifically with data theft and financial gains in mind. Mobile variants include Zeus, TickBot, EventBot, MaliBot, and Drinik.

Most of the time, users download the malware themselves, which may be packaged up as an innocent and legitimate app or service. However, once they have landed on your handset they overlay legitimate banking app windows and steal the credentials you submit, such as a password or PIN code. 

Also: A simple idea that could make Android more secure

This information is then sent to an attacker and can be used to pillage your bank account. Some variants may also intercept 2FA verification codes sent to your mobile device.

The majority of financial trojans target Android handsets. iOS variants are rarer, but strains still exist.

Your best defense: Keep your phone up-to-date with the latest firmware and enable your Android or iOS handset's fundamental security protections. Ensure you only download apps from sources outside official repositories. If you suspect your phone has been compromised, stop using financial apps, cut off your internet connection, and run an antivirus scan. You may also wish to contact your bank and check your credit report if you suspect fraudulent transactions have been made. 

9. Mobile device management exploits

Mobile Device Management (MDM) solutions are enterprise-grade tools suited for the workforce. MDM features can include secure channels for employees to access corporate resources and software, spreading a company's network security solutions and scans to each endpoint device, and blocking malicious links and websites. 

However, if the central MDM solution is infiltrated or otherwise compromised, each mobile endpoint device is also at risk of data left, surveillance, or hijacking.

Your best defense: The nature of MDM solutions takes control out of the hands of end users. Therefore, you can't protect against MDM compromise. What you can do, however, is maintain basic security hygiene on your device, make sure it is up-to-date, and keep your personal apps and information off your work devices.  

How can I physically protect my device?

Your lock screen is the gateway to your device, data, photos, private documents, and apps. As such, keeping it secure is paramount. 

On Android, consider these settings:

  • Screen lock type: Swipe, pattern, PIN, password, and biometric checks using fingerprints or your face.
  • Smart lock: Keeps your phone unlocked when it is with you, and you can decide what situations are considered safe.
  • Auto factory resets: Automatically wipes your phone after 15 incorrect attempts to unlock.
  • Notifications: Select what notifications show up and what content is displayed, even when your phone is locked.
  • Find My Device: Find, lock, or erase your lost device.

On iOS devices, look for these settings:

  • Passcode: Set a passcode to unlock your device.
  • Face ID or Touch ID: Biometrics can be used to unlock your device, use apps, and make payments.
  • Find my iPhone: Find, track, and -- if necessary -- lock your lost iPhone.
  • Lockdown Mode: Dubbed "extreme" protection for a small pool of users considered most at risk of targeted attacks, this feature provides additional security for malicious links, content, and connections. You can enable Lockdown Mode in iOS 16 or later.

What should I look out for as symptoms of malware infection?

If you notice your Android or iOS device is not behaving normally, you may have been infected by malware or be otherwise compromised. 

Here are things to watch out for:

  • Battery life drain: Batteries degrade over time, especially if you don't let your handset run flat every so often or you are constantly running high-power mobile apps. However, if your handset is suddenly hot and losing power exceptionally quickly, this could signify malicious apps and software burning up your resources. 
  • Unexpected behavior: If your smartphone behaves differently and you've recently installed new apps or services, this could indicate that all is not well. 
  • Unknown apps: Software that suddenly appears on your device, especially if you have allowed the installation of apps from unidentified developers or have a jailbroken smartphone, could be malware or surveillance apps that have been installed without your knowledge or consent. 
  • Browser changes: Browser hijacking, changes to a different search engine, web page pop-ups, and ending up on pages you didn't mean to could all be a sign of malicious software tampering with your device and data.
  • Unexpected bills: Premium number scams and services are operated by threat actors to generate fraudulent income. If you have unexpected charges, calls, or texts to premium numbers, this could mean you are a victim of these threats. 
  • Service disruption: SIM hijacking is a severe threat. This is normally a targeted attack with a particular goal, such as stealing your cryptocurrency or accessing your online bank account. The first sign of attack is that your phone service suddenly cuts off, which indicates your telephone number has been transferred elsewhere. A lack of signal, no ability to call, or a warning that you are limited to emergency calls only can indicate a SIM swap has taken place. Furthermore, you may see account reset notifications on email or alerts that a new device has been added to your existing services.

What about government-grade mobile malware?

On occasion, enterprise and government-grade malware hit the headlines. Known variants include Pegasus and Hermit, used by law enforcement and governments to spy on everyone from journalists to lawyers and activists. 

In June 2022, Google Threat Analysis Group researchers warned that Hermit, a sophisticated form of iOS and Android spyware, was exploiting zero-day vulnerabilities and was now in active circulation. US government employees abroad have been targeted with government-grade mobile malware.

The malware tries to root devices and capture every detail of a victim's digital life, including their calls, messages, logs, photos, and GPS location. 

However, the likelihood of you being targeted by these expensive, paid-for malware packages is low unless you are a high-profile individual of interest to a government or other organization that's willing to go to these lengths. You are far more likely to be targeted by phishing, generic malware, or, unfortunately, friends and family members using stalkerware against you.

What should I do if I think my Android or iOS phone is compromised?

If you suspect your Android or IOS device has been infected with malware or otherwise compromised, you should take urgent action to protect your privacy and security. Consider these steps below:

  • Run a malware scan: You should ensure your handset is up-to-date with the latest operating system and firmware, as updates usually include patches for security vulnerabilities that can be exploited in attacks or malware distribution. Google and Apple offer security protection for users, but it wouldn't hurt to download a dedicated antivirus app. Options include Avast, Bitdefender, and Norton. Even if you stick to the free versions of these apps, it's better than nothing. 
  • Delete suspicious apps: Deleting strange apps isn't foolproof, but any apps you don't recognize or use should be removed. In the cases of nuisanceware, for example, deleting the app can be enough to restore your handset to normal. You should also avoid downloading apps from third-party developers outside of Google Play and the Apple Store that you do not trust.
  • Revisit permissions: From time to time, you should check the permission levels of apps on your mobile device. If they appear to be far too extensive for the app's functions or utilities, consider revoking them or deleting the app entirely. Keep in mind that some developers, especially in the Android ecosystem, will offer helpful utilities and apps in Google Play only to turn them malicious down the line.
  • In other words, legitimate apps don't always stay that way, and these changes can come out of the blue. For example, in 2021, a popular barcode scanner developer pushed out a malicious update and hijacked millions of devices in one stroke. 

  • Tighten up communication channels: You should never use open, public Wi-Fi networks unless it is essential. Instead, stick to mobile networks; if you don't need them, turn off Bluetooth, GPS, and any other features that could broadcast your data. 
  • Premium service dialers: If you've had unexpected bills, go through your apps and delete anything suspicious. You can also call your telecom provider and ask them to block premium numbers and SMS messages. 
  • Ransomware: There are several options if you have unfortunately become the victim of mobile ransomware and cannot access your device. 
    If you were alerted to the ransomware before your device is encrypted and a ransom note is displayed, cut off the internet and any other connections -- including any wired links to other devices -- and boot up your smartphone in Safe Mode. You might be able to delete the offending app, run an antivirus scan, and clean up before any significant damage occurs. 
    However, if your handset is locked, your next steps are more limited, as removing the malware only deals with part of the problem. 
    If you know what ransomware variant is on your handset, you can try using a decryption tool such as those listed by the No More Ransom project. You can also provide information to Crypto Sheriff, and researchers will try to find out what type of malware you're dealing with for free. 
    In the worst-case scenario, you might need to perform a factory reset. Removing ransomware stops it from spreading further but will not restore files that have been encrypted. You can restore your device following a reset if you've consistently backed up your data. 
    Remember, paying a ransom does not guarantee that your phone will be unlocked or your files will be decrypted. 
  • Stalkerware, surveillanceware: When you know or suspect you've been targeted by stalkerware or surveillanceware, this can be extremely difficult to handle. If it's the case that basic, generic spyware has landed on your device, Google, Apple, or a dedicated antivirus app should pick this up for you and remove it. 
    However, suppose a partner or other close contact is monitoring you, and you try to remove a stalkerware app from your phone. In that case, they will be alerted directly, or they will become aware because they are no longer receiving your information. 
    You shouldn't try to remove these apps if this risks your physical safety. Indeed, some commercially available forms of spyware damage a handset so severely that the operator can remotely reinstall them, anyway, and the only real option is to throw the device away (or keep it for law enforcement purposes). 
    Reach out to an organization that can help you, consider using a burner phone, and keep yourself as physically safe as possible. 
  • SIM hijacking: If you suspect you have been SIM-swapped, you have a very short window for damage control. The first thing you should do is call your telecom provider and try to have your service restored as quickly as possible -- but as we all know, you can be left on hold for an infuriatingly long time. If you can, go and visit your carrier in person, in-store. 
    No one is exempt from the risk of SIM swaps, customer service representatives may not have been trained to recognize SIM hijacking, and cybercriminals may have enough of your personal information to pass as you without challenge. 
    To mitigate the risk in the first place, consider linking your crucial 'hub' accounts, financial services, and cryptocurrency wallets to a number that isn't publicly connected to you. A simple pay-as-you-go number will do, and so if your personal or work numbers are compromised, the potential opportunities for theft are limited. 
Editorial standards