PII and SPII β What's the difference?
Two terms you need to know: PII (Personally Identifiable Information) and SPII (Sensitive PII). Both can be used against you β SPII just does more damage faster.
The basics about you
Any data that can be linked back to you as an individual. Alone it seems harmless β but combine a few pieces and someone can impersonate you, spam you, or sell your profile.
The stuff that ruins lives
A step beyond PII. This data is directly tied to your financial security, health, legal status, or physical safety. A breach here can have consequences that last years.
π‘οΈ Why this matters for your phone
Pre-installed apps often request access to your location, contacts, microphone, and camera β all of which are PII or SPII collection points. When an app you never opened has your contacts and real-time location, you've handed over PII without knowing it. SlamDoor flags exactly which apps are doing this so you can shut the door.
Why protecting it is hard
The data economy is built on you not noticing. Apps collect data in the background β when you're not using them. They share it with "analytics partners" buried 12 pages deep in a Terms of Service nobody reads. Your data gets sold, aggregated, and combined with data from dozens of other sources to build a profile that knows your income bracket, health concerns, relationship status, and political views.
The answer isn't paranoia. It's knowing which apps are worth the tradeoff β and removing the ones that aren't. That's exactly what SlamDoor is for.
The five attacks that get most people
Hackers don't need to be geniuses. They reuse the same five playbooks, over and over, because they work. Here's what they are and how to spot them.
Phishing is when someone pretends to be a trusted source β your bank, Apple, Amazon, PayPal, even your boss β to trick you into clicking a link and entering your password. The link looks real. The page looks real. The only tell is the URL.
Malware is any software designed to harm you. It hides in apps, email attachments, and sketchy downloads. On Android, it can come pre-installed by your carrier or manufacturer β which is exactly why SlamDoor flags those apps.
Spyware is a type of malware that silently records what you type, where you go, what you say, and who you call. It reports all of this back to whoever planted it β without making a sound.
When you connect to public Wi-Fi β at a cafΓ©, airport, or hotel β someone on the same network can position themselves "in the middle" between you and the websites you visit. They can read your traffic, steal session cookies, and intercept passwords on sites that don't use HTTPS.
SIM swapping is when an attacker calls your mobile carrier, convinces them they're you (using PII they bought or scraped from breaches), and gets your phone number transferred to a SIM they control. Now they receive your texts β including every 2FA code you're sent. They log into your email, then your bank, then everything else.
Social engineering doesn't hack your system β it hacks you. It works by creating a situation where you feel urgent pressure to act without thinking. A "tech support" call warning your computer is infected. An "IRS agent" threatening arrest. A "prize notification" asking for shipping details. The goal is always the same: get you to hand over information or access before you stop to question it.
What those permission requests actually mean
When an app asks for a permission, it's asking for a key to part of your life. Here's what each permission actually lets an app do β and why some apps have no business asking for them.
π© Red flag: permissions that don't match the app's purpose
A flashlight app that wants your contacts. A weather app that wants your microphone. A game that wants SMS access. When a permission has no obvious connection to what the app does, that's a data grab β not a feature. On the scanner results, SlamDoor shows you which permissions each app holds so you can make the call.
How to audit permissions on Android
Go to Settings β Privacy β Permission Manager (exact path varies by phone). You'll see every permission group and which apps hold it. If an app has a permission you'd never have granted knowingly, revoke it β or remove the app entirely.
What to do right now
You don't need to become a security expert. You need to do ten things. Here they are, prioritized.
π Enable 2FA on every account
Email, bank, social media β all of it. Use an authenticator app (Google Authenticator, Authy) instead of SMS when possible. This single step stops most account takeovers.
π Use a password manager
Reusing passwords means one breach unlocks everything. A password manager creates and stores unique passwords for every site. You only remember one master password.
π Check if you've been breached
Visit haveibeenpwned.com and enter your email addresses. If you show up in a breach, change those passwords immediately and review what data was exposed.
π± Review your app permissions
Settings β Privacy β Permission Manager. Revoke location, microphone, and camera from any app you don't actively use. If an app breaks, you can re-grant.
ποΈ Remove bloatware you don't use
Every app you don't use is an attack surface. Pre-installed apps run in the background and report home. SlamDoor tells you which ones to remove.
π Add a PIN to your carrier account
Call your carrier and set a SIM PIN or account passcode. This is your SIM swap defense. Without it, your phone number can be transferred with just your name and address.
π₯ Update your operating system
Security patches fix vulnerabilities attackers actively exploit. An unpatched Android is like a door with a known broken lock. Updates close those gaps.
π Use HTTPS everywhere
Check that sites show a padlock in the address bar. Never enter a password on a site that shows "Not Secure." Install a browser extension like HTTPS Everywhere if needed.
Start with your phone
The fastest security win is removing the apps that shouldn't be there. SlamDoor shows you exactly what's on your phone and what it's doing β no tech knowledge required.
SlamDoor my phone β