By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

7 phone apps you need to secure right away – if you value your privacy

Whether you're using an iPhone or an Android model, it's worth adding an extra layer of security to your most-used apps
Tom MorganSenior content writer
WhatsApp voice note

The apps you use on your smartphone every day likely hold data you'd rather keep private – payment information, emails, contact lists, documents and more.

With two-factor authentication (2FA) enabled, you instantly make your online accounts harder to access without permission. Attempting to access an account from a new device prompts the service to send a unique code to your phone, so you have the power to approve or deny logins.

Below, we explain how to lock up your data. You might not want to work through the whole list in one go, so bookmark this page and revisit another time if needed.

Which? Tech Support package

Get tech confident for less

Get 12 months of tech support and buying advice for only £34.30, that's a 30% saving. Together we’ll show your tech who’s boss.

Join Which? Tech Support

Offer ends 16 Jun 25. Cancel anytime.

Already a Tech Support member? If you need more help and 1-2-1 technical advice, you can book an appointment with our friendly Tech Support team.

1. WhatsApp – protect messages and attachments

If WhatsApp is your go-to messaging app, it's probably crammed with private conversations – including written messages, voice notes and attachments.

Adding 2FA to your WhatsApp account means you'll regularly be asked to enter a Pin to continue using the app. If your phone gets stolen and ends up in the wrong hands, that means your messages (and attachments) will remain locked.

When setting up 2FA, WhatsApp will also request an email address – this will be used as a backup in case you forget or misplace your Pin. (see also: what is 2FA?)

Setting up 2FA on WhatsApp

Follow these steps:

  1. Open WhatsApp and head to Settings (three dots in top-right on Android, or bottom-right on iPhone).
  2. Choose Account > Two-step verification > Turn on or Set up PIN.
  3. Add a six-digit Pin.
  4. Type in an email address if you need to reset 2FA in the future, or choose Skip.
  5. Follow the on-screen instructions until you reach Save or Done.

You can revisit the Settings page at any time if you need to turn off 2FA or change your Pin. We also recommend backing up your data – explore Settings > Chats > Chat backup.

2. Gmail – hide emails containing personal data

Enabling 2FA for your Google account only takes a couple of minutes and is an effective way to keep prying eyes away from your inbox.

Once you've activated the feature, you'll need to complete a second step to verify it’s you if you choose to sign in with a password. If you're attempting to access your messages from a new PC, for example, you'll need to input the code sent to your mobile.

On the subject of keeping emails secure, you might also want to explore Gmail's Confidential Mode – it helps to prevent recipients from accidentally sharing messages. (See also: 9 useful Gmail features you need to try right away)

Setting up 2FA in Gmail app

Follow these steps:

  1. Tap your profile picture in the top-right corner of your screen.
  2. Select Manage your Google Account.
  3. Choose Security for an overview of your current settings and recommendations.
  4. Under How you sign in to Google, enable 2-Step Verification.

3. Outlook – stop hackers from resetting other apps

Your Outlook inbox effectively acts as a gateway to your other online accounts, which is why it's crucial to protect it.

If an attacker gains access to your messages, they could intercept password reset emails and use them to change the passwords of other accounts, including those for banking, social media or shopping sites.

Adding 2FA to your Microsoft account means you’ll receive a security code to your email, phone or authenticator app every time you sign in on a device that isn't trusted. Potential hackers will be stopped in their tracks, as they won't know your unique security code.

Approving login request through Microsoft Authenticator

Follow these steps:

  1. From a computer, sign in to your Outlook inbox.
  2. Click your profile picture in the top-right corner and select My Microsoft account
  3. Select Security > Manage how I sign in to reach the Microsoft security dashboard.
  4. Under Additional security, see the Two-step verification heading and follow the on-screen instructions.

News, deals and stuff the manuals don't tell you. Sign up for our Tech newsletter, it's free monthly.

4. Facebook – protect against phishing scams

Your social media account serves as a storage hub for personal information, photos and private messages. It likely contains a wealth of data that third parties could exploit, so take a moment to configure your security settings.

Data-hungry hackers will always revel in the chance to access social media accounts – doing so allows them to impersonate the account owner, spread spam or even demand money from contacts. This is known as a phishing scam.

When Facebook's 2FA system is activated, you'll be asked to enter a login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile that Facebook 'doesn't recognise'.

Facebook 2FA settings

Follow these steps:

  1. From the app, tap your profile picture.
  2. Choose Settings & privacy > Settings.
  3. Tap Meta Accounts Centre > Password and security > Two-factor authentication.
  4. Follow the on-screen instructions.

5. PayPal – keep your money safe

PayPal can be secured with Google authenticator or Microsoft authenticator – both apps are used to generate time-sensitive login codes.

Once 2FA is turned on, unauthorised users can't initiate transactions or withdraw funds from your account without verifying the login code. We recommend setting it up through your web browser rather than the PayPal app – we’ve tried both methods and using a computer is easier.

PayPal 2FA

Follow these steps:

  1. From a computer, log into your PayPal account and select Settings.
  2. Choose Security > 2-step verification.
  3. Pick between Use an authenticator app or Use a security key device.
  4. Follow the on-screen instructions.

Make sure you're on top of the latest scam alerts from Which?

6. X (formerly Twitter) – prevent spam posts

Staying on top of your X security details will stop hackers from accessing your private messages or posting malicious links under a false identity. If your account is found to be sharing problematic content, it could get banned permanently.

When you turn on 2FA, instead of just entering a password to log in, you'll also need to enter a code or use a security key. Part of the setup process requires an email address so X support can communicate with you if there's a problem.

Twitter 2FA settings

Follow these steps:

  1. From the app, tap your profile picture > Settings and privacy.
  2. Choose Security and account access > Security.
  3. Tap Two-factor authentication.
  4. Choose between these options: Text message, Authentication app and Security key.

7. Amazon – block fraudulent orders

Take a couple of minutes to protect against hackers looking to place orders through your account without permission.

You can secure your Amazon account using one of two methods. The first simply involves adding your phone number to the authenticator tool – that number will then receive a text message with a code every time you want to log in.

Alternatively, you can use an authenticator app such as Google Authenticator. If you go that route, your authenticator app will generate a time-sensitive code that you enter on the Amazon app. Regardless of which method you choose, you can be confident knowing you've added a layer of security to your account.

Two-factor authentication settings in Amazon app

Follow these steps:

  1. From the app, tap the Profile icon at the bottom of the screen.
  2. Select Your Account > Login & security.
  3. Scroll to 2-step verification and select Turn on.
  4. Choose between Phone number or Authenticator App, then follow the instructions.

Try a Which? Best Buy antivirus

With a Which? recommended antivirus software package protecting your device, your data is safe.

To find the best options, we subject antivirus programs to tens of thousands of threats, including viruses, ransomware and phishing attacks designed to steal your data. The test is repeated four times a year and the scores we publish are based on a full year of testing.

  • The best free antivirus we've tested is brilliant at detecting and dealing with any threats and covers multiple devices under a single account.
  • The best paid-for antivirus we've tested features automatic scanning and includes a great anti-phishing tool that spotted all our phishing test pages.

Explore the results of our rigorous security tests – see our expert pick of the best antivirus.

Join Which? Tech Support

Which? Tech Support package

Get tech confident for less

Get 12 months of tech support and buying advice for only £34.30, that's a 30% saving. Together we’ll show your tech who’s boss.

Join Which? Tech Support

Offer ends 16 Jun 25. Cancel anytime.

Which? Tech Support can help you keep on top of your home tech. Our experts explain things clearly so you can resolve issues and feel more confident using your devices.

Get unlimited 1-2-1 expert support:

  • By remote fix We connect securely from our office to your home computer and resolve issues while you watch.
  • By phone Clear guidance on choosing, setting up, using and resolving issues with your home tech devices.
  • By email Outline the issue and we’ll email you our answer.
  • In print Which? Tech Magazine, six issues a year delivered to your door.

You can join Which? Tech Support.

More on this

Related articles