• Use phone models that support the latest OS version and keep them updated. 
  • Maintain physical control of the device, and if necessary store it securely.  
  • Never root or jailbreak devices. 
  • Do not allow applications from untrusted sources. Do not use 3rd party app stores, cydia, etc. 
  • Be wary of public WiFi networks, and use a VPN if forced to use one. 
  • Be especially wary of unsolicited SMS, messages, emails, etc. This includes known contacts, as their device could be compromised or the message sender spoofed. This is the most common way devices are exploited, either through a combination of social engineering and phishing to trick the user, or by means of exploits. 
  • Going through customs or any kind of a checkpoint where you have to give up your device is a big risk, especially in China where there are plenty of reported cases of authorities physically confiscating devices to install malware. I would assume that if a phone has been out of physical control in these instances, it has a large risk of being compromised. 
  • Avoid using the device to visit websites that may be targeted by the government due to ideological standpoint, political standpoint, association with targeted groups, etc. See Project Zero and Volexity’s reporting on PoisonCarp and EvilEye to get an idea.

Powered by BetterDocs