Privacy settings on our favorite apps aren’t always intuitive. In fact, they can be downright head-scratching to users who trust that their apps are keeping their private information under wraps.
Many app makers, relying on access to user data for marketing purposes and desiring strong insight into how people are using their technology, logically would prefer that you ignore your privacy settings. Scammers and phishers, likewise, are always looking for openings to capture your personal information.
We asked security experts how they keep their apps from revealing too much about them. Here’s their advice.
Get off to a safe start
When ready to download an app to your phone, stick with vetted app stores such as Google Play for Android or the App Store for iOS, says Andrew Blaich, security researcher for Lookout.
“This helps avoid downloading malicious malware,” he says.
Consider the amount of data and access apps have on your phone, Blaich adds.
“On iOS, you can control the privacy settings of apps and how much data they can access on your device,” he says. “On newer Android devices, you can restrict the [data] apps have access to by turning on and off permissions.”
Set up two-factor authentication
Don’t sleep on this extra step, suggests Ryan O’Leary, vice president of the Threat Research Center for WhiteHat Security. This security measure simply adds a check beyond entering a username and password to ensure that you are who you say you are.
READ MORE: How to set up two-factor authentication
“This is typically done via text message or email sent to a separate account you control which contains a one-time token (string of numbers or letters) to enter into the site when you’re logging in,” he says. “This way, if a bad guy has your username and password, [he] must also have your cell phone to get the token.”
Many sites, ranging from those of banks and credit cards to those of Google, Facebook, Twitter, and even the Playstation Network, have “two factor” or “multifactor” authentication options.
Guard your Google accounts
O’Leary recommends taking advantage of Google’s “easy to use” Security Checkup tool to keep your account safe. If you see any devices you don’t own, you can follow simple prompts to secure your account.
“The other great thing about this tool is, you can see [which] mobile apps have permission to your account,” he says. “You’d be amazed at all the different apps you’ve downloaded that have access to your Google account.”
READ MORE: 4 ways to boost your Google privacy
Want to search without creating a search log? Go Incognito, advises Kevin Lee, trust and safety architect at Sift Science. Google’s Incognito setting, found under “File” in Chrome, will pop up a separate window that lets you search and navigate Google without recording tracks on your phone or computer.
“Use the most current version of the browser,” Lee adds. “Outdated ones may be vulnerable to malware.”
Fend off Facebook intrusions
Facebook’s new checkup feature shuttles you through a quick three-step process to review your settings and change them.
“You may think you know what your settings are, but it doesn’t hurt to go over them one more time, especially considering those disconcerting photo search findings,” says Spencer Coursen, security expert and threat assessment adviser at Coursen Security Group.
READ MORE: How to recover from a Facebook hack
Lee recommends that you update your settings so that you must approve any piece of content posted to your timeline or in which you are tagged. You can also ensure that your own posts are seen by only “Friends” or “Friends of Friends,” rather than the general “Public.” And you can take advantage of log-in alerts and approvals, which can warn you early on of unauthorized attempts to access your account.
Not a regular Facebook user? “It’s worth periodically checking your timeline to see what you have been tagged in or liked,” Lee says.
Another tip: If you don’t want Facebook to glean phone numbers from all your contacts, disable sync on your phone app, says August Brice, CEO of SaferTech.
Here’s how you do it: Launch the Facebook app on your phone. Click the three horizontal bars on the lower-right corner. Scroll down to Settings. Click on Account Settings and then General, and then turn off Upload Contacts.
Using the Facebook Messenger app? Launch the app from your home screen. Tap the blue-and-white icon on the top-left corner. Click on People, and then then turn off Sync Contacts.
Iron out your Instagram tags
Whether you’re having a bad hair year or don’t want the world to know that you attended a furry convention, you probably have an interest in the photos in which you’ve been tagged.
Go to Photos of You on your Instagram profile, and tap the three dots in the top-right corner. You can then choose photos to hide from your timeline, or manage tags of you.
Choose Tagging Options, and Add Manually, to keep images of you from automatically popping up on your timeline. But be warned: Hiding your colleague’s bathroom selfie that you accidentally photobombed from your timeline doesn’t remove the image from your friend’s timeline—only yours.
To hide photos from your timeline, choose Hide Photos, then select the offending shots.
It may sound tedious to go through and adjust each app’s settings, but security experts say it’s worth the time it takes.
“The privacy options are often unique to each phone and application,” Coursen says, “but a few minutes spent on learning the features of each application could help save you (maybe even from yourself) later in life.”