I think that your phone is the weak link right, so adding it to a vlan with devices / data you don’t want interfered with probably isn’t a good idea. I keep my android devices on an IoT vlan, or in the case of a tablet I don’t have any additional apps installed which I us on my main vlan.
My problem is that I have no idea what is going on with my phone, and in fact have no idea where to even begin, as soon as I switch features off, apps start crashing.
A phone is made to be used in insecure environments. When you’re on the road, it’s on your mobile provider’s network, and when you’re on someone else’s Wi-Fi network (which I wouldn’t do), you’re dependent on the security of that network.
The biggest threat on your phone are all the apps you probably have installed that connect to all sorts of services. If you want more security, you should install as few apps as possible, use as few services as possible and avoid all the IOT stuff that is automagically configuring things via some cloud service. And if you do use such services, you should probably not control them with the same device which you are using for sensitive data.
Otherwise putting the phone in a separate network is not of much use, because your phone would still be the place where everything is linked together. This means the biggest risk is, just like with desktop PCs, that a malicious actor would grab sensitive data directly from your phone, by using some compromised service or a malicious app. In comparison, it is much less likely that some other device on your network could be used as a starting point to hack your phone.
I understand you. But IOT is sometimes called “internet of insecure things”. A phone is more vulnerable between other IOT devices since they reside in the (most unsafe) common subnet. A hacker could start a tcp session from a compromised IOT-device since the broadcast domain is the same, the phone will probably react on the three-way TCP handshake and could be targeted with malicious payload.
Am I wrong in here? Should you not be better off with a VLAN just for phones and not even hosts in it.
Or should client-isolation be enough when putting it in IOT-vlan?
I watch regularly YouTube-movies and see inconsistent use of where to put your phone regarding VLANS…
(I have always the thought “if Mr. Lawrence it says, it is true”)