Best practices:
* Enable Device & cloud backup encryption (Search for ‘encrypt’ in device settings)
* Use strong passwords or a password manager (1Password or LastPass)
* Use 6 digit long PIN (Enable ‘Erase data on too many wrong attempts’)
* Disable WiFi, GPS and BT (when not used)
* Always use 2nd factor authentication for all your accounts (Authy, andOTP, etc)
* Get a backup for your 2FA (recovery codes) or an USB security token (Yubikey, Nitrokey etc)
* Try to keep up with (reasonable) updates and reboot your phone often.
* Install a Firefwall app (Netguard for Android or Lockdown Apps for iOS)
* Do not install random, cracked or unkown apps; be a minimalist; revoke unnecesasry perm-s.
* Use only verified app sources, disable the option “Install from unofficial sources”
* Do not use public Wi-Fi networks (or use Tor or a good VPN (vpntierlist.com) while on public)
* Don’t use ilegal and shady websites / free or pirated apps / google or facebook
* Use a secure browser Brave of Firefox (use protection against data trackers)
* Use PayPal or other pay systems instead of credit cards
* Use mini farraday cage pouches when you are not using your phone to block all signals
* Browsers/tools: Brave, Bromite, Firefox Focus, Duckduckgo Privacy, TorBrowser;
* Browser addons: HTTPS everywhere (Enable block all unencrypted traffic), uBlock Origin...
* Say no to asian phones, facebook, google (and other user data harvesting services)
* Privacy: ios - options -> ‘Limit ad tracking’; android - ‘Opt out of interest based ads’ (also tap
‘reset adviertising ID’)
* Check your phone for stalkerware (i.e. by someone who has phisical access to your device), perform a factory/hard-reset of device if suspicious)
* Encrypt your DNS
Android: (Latest android)Settings -> Network and Internet -> Advanced -> Private DNS => (dns.google)
iOS: DNSCloack
* Enhance privacy:
disable personalized advertising
disable location services
better to use google maps in a browser than to give the app permission to store & record your location always...
disable telemetry


Resources & articles:
https://techcrunch.com/2020/06/29/india-bans-tiktok-dozens-of-other-chinese-apps/
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x08-Testing-Tools.md
https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06a-platform-overview
https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05a-platform-overview
https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x04a-mobile-app-taxonomy
https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x04b-mobile-app-security-testing
https://twitter.com/fs0c131y/status/1051204370543648770

https://github.com/OWASP/owasp-mstg
https://thehackernews.com/2019/07/android-permission-bypass.html
https://thehackernews.com/2019/07/whatsapp-android-malware.html
https://thehackernews.com/2020/04/cronavirus-hackers.html
https://thehackernews.com/2020/03/iphone-iOS-spyware.html
https://nickfishman.com/post/50557873036/reverse-engineering-native-apps-by-intercepting-network

https://palone.blog/#post-your-android-might-be-the-most-secure-device-you-own-4
https://thehackernews.com/2020/07/windows-security-update.html
https://edps.europa.eu/sites/edp/files/publication/20-07-02_edps_euis_microsoft_contract_investigation_en.html


https://techcrunch.com/2019/08/29/google-iphone-secretly-hacked/
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
https://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-attacks/102610/
https://arstechnica.com/information-technology/2013/09/worlds-most-secure-smartphone-looks-like-snake-oil-experts-say/
https://www.youtube.com/watch?v=uT7BXusDgDM
https://www.youtube.com/watch?v=XbbLtYSiElA
https://www.youtube.com/watch?v=you_sIoUGG8
https://www.youtube.com/watch?v=5f68_T2ahmE

https://youtu.be/nzDj0u1HhvE
https://youtu.be/AOgQscjr7EM
https://youtu.be/VFns39RXPrU
https://www.youtube.com/watch?v=dR58Bo6Mi28
https://www.bitchute.com/video/WRalTWAFBY4/