New Phone Security Setup
Got a new phone? Follow this checklist to set it up securely from the start. These steps apply to both Android and iPhone.
Before You Start
Section titled “Before You Start”You’ll need:
- Your new phone fully charged
- WiFi connection
- 30-45 minutes of time
- Access to your email for verification codes
Phase 1: Initial Setup (First 10 minutes)
Section titled “Phase 1: Initial Setup (First 10 minutes)”Screen Lock
Section titled “Screen Lock”- Set up fingerprint/face unlock
- Create a 6-digit PIN (minimum) as backup
- Set screen timeout to 30 seconds
- Disable “Show notifications on lock screen” for sensitive apps
PIN Tips
Avoid: 123456, your birth year, repeated digits (111111) Good: Random 6+ digits you can remember
Find My Device
Section titled “Find My Device”- Android: Enable Find My Device (Settings > Security > Find My Device)
- iPhone: Enable Find My iPhone (Settings > [Your Name] > Find My)
- Verify you can locate your phone from another device
Software Updates
Section titled “Software Updates”- Check for system updates (Settings > Software Update)
- Install all available updates
- Enable automatic updates
Phase 2: Account Security (15 minutes)
Section titled “Phase 2: Account Security (15 minutes)”Primary Account (Google/Apple ID)
Section titled “Primary Account (Google/Apple ID)”- Sign in with your existing account (or create new)
- Enable two-factor authentication
- Add a recovery phone number
- Add a recovery email
- Review recent account activity for suspicious logins
Password Manager
Section titled “Password Manager”- Install your password manager (Bitwarden recommended)
- Sign in and verify passwords sync
- Enable biometric unlock for the password manager
- Set vault timeout to 5 minutes
Note
If you don’t have a password manager yet, see our Password Managers guide.
Phase 3: Privacy Settings (10 minutes)
Section titled “Phase 3: Privacy Settings (10 minutes)”Location Services
Section titled “Location Services”- Review which apps can access location
- Set to “While Using” for maps and delivery apps
- Disable for apps that don’t need it
- Disable location history if you don’t need it
App Permissions (General)
Section titled “App Permissions (General)”- Camera: Only apps that need it (video calls, banking)
- Microphone: Only apps that need it (calls, voice messages)
- Contacts: Only essential apps (WhatsApp, calling app)
- SMS: Only banking apps
Advertising & Tracking
Section titled “Advertising & Tracking”Android:
- Settings > Privacy > Ads > Delete advertising ID
- Disable “Opt out of Ads Personalization”
iPhone:
- Settings > Privacy > Tracking > Disable “Allow Apps to Request to Track”
- Settings > Privacy > Apple Advertising > Disable “Personalized Ads”
Phase 4: Essential Apps (10 minutes)
Section titled “Phase 4: Essential Apps (10 minutes)”Install Only From Official Stores
Section titled “Install Only From Official Stores”- Google Play Store (Android) or App Store (iPhone) only
- Never install APK files from websites or WhatsApp
Must-Have Security Apps
Section titled “Must-Have Security Apps”- Password Manager (Bitwarden, 1Password)
- Authenticator App (Google Authenticator, Authy)
- Your bank’s official app (verify it’s the real one)
Verify App Authenticity
Section titled “Verify App Authenticity”Before installing any app, check:
- Developer name matches the official company
- High number of downloads
- Recent updates
- Good reviews (not generic/fake looking)
Phase 5: Communication Apps (5 minutes)
Section titled “Phase 5: Communication Apps (5 minutes)”WhatsApp Setup
Section titled “WhatsApp Setup”- Install from official app store
- Enable two-step verification
- Set privacy settings (see WhatsApp Security Guide)
- Review linked devices
Email Setup
Section titled “Email Setup”- Sign in to your email app
- Verify 2FA is enabled
- Check connected apps and revoke unknown ones
Phase 6: Financial Apps (5 minutes)
Section titled “Phase 6: Financial Apps (5 minutes)”Banking Apps
Section titled “Banking Apps”- Install your bank’s official app only
- Enable all security features offered
- Set transaction alerts (SMS and email)
- Enable biometric login
UPI Apps (Google Pay, PhonePe, etc.)
Section titled “UPI Apps (Google Pay, PhonePe, etc.)”- Install from official app store
- Set up UPI PIN (different from phone PIN!)
- Enable transaction notifications
- Set daily transaction limits if available
UPI PIN Security
Never share your UPI PIN with anyone. Bank employees will NEVER ask for it. You only enter it when YOU initiate a payment.
Phase 7: Backup Configuration
Section titled “Phase 7: Backup Configuration”Enable Automatic Backups
Section titled “Enable Automatic Backups”Android:
- Settings > System > Backup
- Enable “Back up to Google Drive”
- Verify what’s being backed up
iPhone:
- Settings > [Your Name] > iCloud > iCloud Backup
- Enable iCloud Backup
- Tap “Back Up Now” to create first backup
What Gets Backed Up:
Section titled “What Gets Backed Up:”- App data
- Call history
- Device settings
- Photos (if enabled)
- SMS messages
Final Verification
Section titled “Final Verification”Before you consider setup complete:
- Can you unlock with fingerprint/face?
- Is your password manager working?
- Are all important accounts using 2FA?
- Can you locate your phone using Find My Device?
- Are automatic updates enabled?
- Is backup configured and working?
Moving Data from Old Phone
Section titled “Moving Data from Old Phone”Safe Transfer Methods:
Section titled “Safe Transfer Methods:”- Use official phone transfer tools (Samsung Smart Switch, Apple Quick Start)
- Transfer via backup restore
- Sign into apps rather than transferring app data when possible
After Transfer:
Section titled “After Transfer:”- Sign out of accounts on old phone
- Factory reset old phone before selling/disposing
- Remove SIM card from old phone
What NOT to Do
Section titled “What NOT to Do”- ❌ Don’t install “cleaner” or “booster” apps
- ❌ Don’t download apps from links in messages
- ❌ Don’t give unnecessary permissions “just in case”
- ❌ Don’t use simple PINs like 1234 or birth dates
- ❌ Don’t skip the software updates