E. MOBILE PHONES AND SECURITY Journalists in SADC use mobile phones to conduct their work. The popularity of mobile phone communication has resulted in most journalists being vulnerable with compromised security when using phones. Mobile phone surveillance has been a topic of conversation since news broke of Pegasus spyware and its use against journalists, activists and heads of State. As mobile phones have become smarter, more involved in our daily lives and more connected, the avenues for exploitation have also increased significantly. Mobile phone spyware is effective because it circumvents any other forms of protection provided by phone apps. Encrypted messages are intercepted after your device decrypts them, meaning even normally encrypted messaging apps and emails are also compromised. It can gain access to your contact list and phone call logs, gallery files and your phone’s geolocation coordinates. It can also use the phone’s camera and microphone to listen and watch in. As a slight consolation, such sophisticated spyware is extremely rare and expensive to deploy. The vast majority of journalists won’t encounter such sophisticated attacks. HOW TO KEEP YOUR MOBILE ACTIVITY AND DATA SAFE • Keep your phone up to date. Mobile phone developers frequently identify and patch vulnerabilities in their smartphone operating systems, closing the doors usually left open for attack. Keeping your phone up to date means it has the latest security possible, and known vulnerabilities have been addressed. • Don’t disable security features. Smartphones have built-in security features that can limit the impact of malware. Disabling these features are not recommended. • Don’t click unknown links. Pegasus was unique in that it could compromise a phone with no user input. The vast majority of malware will however require some form of user input, either through clicking a link or installing a suspicious app. Never click on unknown links, and only install apps from a source you trust. • Guard physical access. Another way of compromising a mobile device is through installing the malware manually. This requires physical access to the device. Make sure you don’t leave your phone in the possession of strangers, and ensure you have a passcode or biometric lock enabled on your mobile device. • Scrutinize the apps you use. Every app you install on your device requests certain permissions. For example, your messaging app might request access to your camera or gallery in order to send pictures to your contacts, or to your microphone to record voice notes. Some seemingly innocuous apps will abuse this and sneak in permissions that are excessive and intrusive. There is no reason for a flashlight app to require access to your contact list for example, so before agreeing to the app permission, scrutinise these for the permissions they request. But what happens when internet access is lost? Some government have throttled or even blocked access to the internet during periods of unrest, and during natural disasters internet connectivity might be non-existent. Offline messaging apps, such as Bridgefy and Briar allows users to communicate even when the internet is down. These apps create a digital chain between various devices using their Bluetooth and Wifi connections, in essence creating a small network where each person using the app can be used to “hop” the message to the recipient. The drawback is of course range: the sender and receiver need to be linked by a network of these devices, with each device having a range of around 100m. The more people that use it, the more effective it becomes. A SURVIVAL TOOLKIT FOR JOURNALISTS Page 15