(i have no experience with iOS devices other than a manky old iPhone 5S, so for you who use iOS, you may safely leave.)

you lug your smartphone around with you all day (except for those who don't). it contains most, if not all of your private data. your identity, your bank account, your contacts, your super secret evidence, everything. now, you don't want anyone looking into that, do you? everyone doesn't. but believe me, a lot of people don't secure their phones properly, if at all! i've seen pattern unlocks (which are quite interesting, i'll get to that in a bit) that even a five year old can crack, pin codes with the same number repeated four times, the same thing but as a password with one number substituted with a letter, and the like.

to those who do this, i write this to you.

keeping your phone safe for dummies

how to make a better pass

the modern android phone comes baked with file based encryption, which encrypts the files on your phone. this should keep your files safe from attackers (at least from attackers who aren't motivated enough and have supercomputer-leveled hardware or something). but like how your fridge won't cool your food if you don't plug it in, your phone will not keep your files safe if you don't give it a way to do that. which you should. by applying a screen lock.

once you've done that, your files should be safe. not. if you don't put in an actually good passkey. like i've said, many people choose stupid ways of securing their phone. if you have a terrible pass, attackers will be looking at your data within five minutes of getting your phone. and it would be more susceptible to shoulder-surfing, which is a better way of describing "yo dude i just peeked at mate's password, i have full access to his money now. just need to steal his phone". so, to avoid this, here's some things to avoid:

• using public info about yourself (using your name, with one extra number)
• using a pattern unlock (this can be a viable method, i'll get to that, i promise)
• using a pattern of numbers (going around shoulder surfing on some unsuspecting students in school, they all consisted of passes like '6969', '1111'. and the like)

so create an actually good pass. a PIN should be convenient enough, though passwords would be the most effective (it's not as effective on android, it's limited to 16 characters or so. pretty stupid). use a random string of numbers, one that's memorable, but still random. i actually used a solved sudoku grid to make my current PIN, so you might want to try that.

biometrics

but let's go onto shoulder-surfing again. you should always look around you before entering your pass. but, in many cases, this can't be achieved. this is where biometrics come in. which turns you into the pass. you. it should make unlocking quicker and easier, and without the risk of shoulder-surfing.

out there, we have fingerprint unlocking, facial recognition, and iris scanners (on samsung nuggets). now, you don't want to be using facial recognition. all it is, is just a camera that compares the face of whoever is opening your phone with an image of yourself. this is stupid. lookalikes exist, pictures of you exist. of course this does not apply to iOS users, which uses funky 3D tech stuff to get a deep image of your face, but still, probably shouldn't use it. then there are fingerprint and iris scanners, which scans your eyes and/or fingerprints, then uses those as your pass. this is very secure, since fingerprints and irises are unique from person to person.

but let's look at the risks of biometrics as well. which is yourself. your friend steals your phone while you're unaware, slips the fingerprint sensor across your finger or points the phone directly at your face, and boom, unlocked. i lost so much because of this. sure, the iris and face recognition would probably not be a problem when you're, say, asleep, but fingerprints would. but you can defend against this! on the cooler versions of android (regular android, samsung's android, not those chinese versions like xiaomi's, you just restart the phone to get the 'effect'), you have this lockdown mode you can enable somewhere. this locks your phone, and turns off biometrics. do it before you sleep.

and that should cover the basics! now..

funky techniques

bear in mind, these only work on custom ROMs (custom versions of android) like LineageOS, on rooted phones (or at least phones with Xposed, which I heard can be done without root, with a tool on F-Droid) or on some OEMs' phones, like LG's.

to prevent (or make it harder) shoulder surfing without relying on biometrics, you could just scramble the keypad buttons on the PIN input screen! see, shoulder surfing on PINs merely relies on memorising where your fingers land, and assumes all PIN keypads are the same T9 layout they all are. it can even be done from an angle, beyond the screen's visible viewing angles. so by changing the position of the numbers every time you want to unlock your phone, this can be prevented.

remember how i said pattern unlocks can be viable? well. pattern unlocks are normally terrible, with only a 3x3 grid of dots to connect a line. the possibilities of potentially secure patterns are low. but if you simply make the grid bigger, you can make more secure patterns, and increasing the amount of possible patterns one can make! it can even rival your super secret password!

and hopefully, you, mate, will actually keep your phone safe now.