Mobile Security: Smartphones

Sections:

Summary and General Information

The main concern when using smartphones is their potential ability to freely access your University email account. Without a PIN access code, your phone could provide open-access to anyone who should obtain it without your permission.

You must use some form of passcode (PIN, screenlock, password) locking on your phone if you are using it for University email, or University-related work.

If you are using your smartphone for University-related work or email, you must also ensure that your smartphone’s backup process uses encryption, to ensure that no data, transferred from your phone to your PC during a sync/backup, is available to someone who has gained access to your PC without your permission.

Using VPN may be necessary to access, securely, various University-supplied systems. VPN technology is commonly found on most smartphones.

You should always access the internet via a secure wifi access point when using your smartphone. Edinburgh University, and most other UK-based universities, provide the eduroam system for secure wifi, and you should configure your phone to access the internet using eduroam whenever it is available.

Enabling PIN or Passcode Locking

You must enable a PIN or passcode on your phone if you are using it with your University email system, or if you have used it to store passwords for any University system, or are using it to store or access any work-related material using tools such as Dropbox.

iPhone passcode locking

Android passcode locking

Encrypting your Backups

When you sync your smartphone with your PC, a backup of the phone’s contents are transferred to your PC. If you are using your smartphone with your University email system, or if you have used it to store passwords for any University system, or are using it to store or access any work-related material using tools such as Dropbox, you must encrypt your backup to ensure its contents are protected from unauthorised access to your PC.

iOS encrypt backup

Enable VPN on your Smartphone

VPN is a secure technology used to access various University systems when outwith the University network. Normally, you will have been told that VPN is needed for your application, and these instructions are intended for those who know they require VPN and wish to know how to enable it on their smartphones. VPN does not provide any general security enhancements and should only be used when you have been instructed to do so.

Before using VPN, you must first sign up for a VPN account. This is part of the wifi signup process, so please note that in signing up for a VPN account, you may also be changing your wifi password.

Sign up for a WiFi/VPN Account

Enable VPN iPhone

Enable VPN Android 2.3

Enable VPN Android 4.2

Use Eduroam WiFi

Eduroam is managed by a consortia of Higher Education institutions, and can be found in most Universities in the UK. Before you can use Eduroam, you must sign up for an account. Unlike most of your University IT access accounts, you do not receive an Eduroam account by default.

Sign up for a WiFi/VPN Account

iPhone eduroam

Configure Android for use with Eduroam