As 2024 draws to a close, is the mobile cybersecurity advice we have been getting from the likes of the Federal Bureau of Investigation and National Security Agency worth listening to in 2025? The answer, as you can imagine, is complicated. Here’s what all smartphone users, Android and iOS, need to know about FBI and NSA smartphone threat mitigation recommendations.
Using The FBI And NSA As Your Smartphone Cybersecurity Advisors
If I were asked to hashtag my relationship with the likes of the FBI and NSA when it comes to cybersecurity advice, in particular when it comes to Android and iOS smartphones, I guess it would have to be #mixed. On the one hand, both these agencies are long-established collectors of threat intelligence and distributors of data that enables them to produce in-depth mitigation analysis. On the other, they are both somewhat slow to update that advice and some of it can be quite poor as a result. So, an FBI recommendation that users should still be checking spelling and grammatical errors to combat phishing in today’s threatscape is something I find almost unforgivable. Equally, the 2020 advice from the NSA to reboot your smartphone on a weekly basis to counter the spyware threat is not only outdated but also dangerous given how most current malware would exploit persistence despite this so-called mitigation. Does this mean that you should, therefore, write off all advice coming from these two agencies? Heck no, of course not. And where’s why: 99% of the mitigation advice from the FBI and NSA is, in my never humble opinion, spot on.
The FBI And NSA Smartphone, And Other Threats, Advice You Should Definitely Follow In 2025
As far as that NSA turn it off and on again, and again and again, advice was actually just a small part of a wide-ranging infographic that addressed multiple ways to keep your smartphone safe from attack. While there is, of course, still some truth in suggesting that turning your device off and on weekly can prevent or mitigate spear-phishing and highly targeted phishing attacks from installing malware, it’s not the best advice ever today. Most smartphones now have their own protections against malware retained in memory, making it much more likely that such a threat would survive a reboot. Advice not to connect to public Wi-Fi networks is equally dated and relatively meaningless today, ditto disabling Bluetooth when “not using it” and don’t use public Wi-Fi USB charging stations, as these hugely impact usability with very little, if any, security benefits for the vast majority of users.
However, some of the remaining advice is still good to go for 2025:
- Use strong lock-screen pins/passwords: a 6-digit PIN is sufficient if the device wipes itself after 10 incorrect password attempts.
- Set the device to lock automatically after 5 minutes or sooner.
- Update the device software and applications as soon as possible.
- Use biometrics such as fingerprint or face authentication for to protect data of minimal sensitivity.
- Don’t open unknown email attachments and links, as even legitimate senders can pass on malicious content accidentally or as a result of being compromised or impersonated by a malicious actor.
When it comes to the FBI, there are even more mitigations that I would heartily recommend you consider as part of your smartphone security posture:
My advice, therefore, is to do your own due diligence here, research the advice that is being offered by either agency, check how old it is and see what other security experts and media reports are saying. Don’t rely purely on the FBI or NSA for your smartphone security advice, but please don’t reject it out of hand either!