Android Security: 13 Must-Know Tips for Keeping Your Phone Secure
These days, that pocket-sized computer we call a smartphone is home to your entire digital life. But with the onset of mobile payments and online banking, the line between your virtual world and the physical realm is becoming increasingly blurred.
We vigilantly remember to lock our doors and close our curtains at night to help keep the bad guys out, but can oftentimes be far too lax when it comes to mobile security. So to help you get started on the path to a safer digital life, we'll cover 13 simple tips below that should have your Android device more secure in no time.
This first tip is absolutely the most important Android security feature of them all. If your phone were to ever become lost or stolen, a secure lock screen would be the only barrier between a potential thief and all the passwords and sensitive data stored on your phone.
To set up a secure lock screen, head to your phone or tablet's main Settings menu, then go to Security and tap the "Screen lock" option. From here, choose either Pattern, PIN, Password, or on capable devices, the Fingerprint option.
From here, you'll be prompted to enter your new security code twice, but as soon as that's done, your phone will be much more secure than it was before. The next time you go to unlock your device, you'll be greeted by the secure lock screen—just enter your passcode to log in.
Google is aware that users tend to avoid setting up the secure lock screen because it complicates things a tiny bit, but knowing how important it is, they've added a new feature to Android 5.0 that will let you bypass the secure lock screen altogether in some cases.
The feature is called "Smart Lock," and the premise is simple—when your phone is in a secure environment, you shouldn't have to be bothered by the secure lock screen.
To set this feature up, head to the Security menu again, but this time choose the "Smart Lock" option (note that the secure lock screen must be enabled first). From here, you should see several options, and here's what they each do:
- Trusted devices: Bypass secure lock screen when connected to a known Bluetooth or NFC device.
- Trusted places: Bypass secure lock screen when device is in a preset location (home, work, etc.).
- Trusted face: Bypass secure lock screen when the front-facing camera on your device detects your face.
- Trusted voice: Bypass secure lock screen for "OK Google" voice search when user's voice is recognized.
- On-body detection: Bypass secure lock screen after passcode has been entered, where device has not been set down since.
With the Smart Lock options set up, your device will be more secure since you have a secure lock screen enabled, but you won't have to bother entering your passcode when you're in a trusted environment.
Considering that Google and Android are almost synonymous these days, if someone were to ever gain access to your Google account, your device's security would be compromised. To combat this, you can add an extra layer of security to your Google account called 2-Step Verification that will require a second code to be entered after your password. The trick here is that this code will only be sent to your cell phone, meaning no one can get into your Google account without having physical access to your device.
To set up 2-Step Verification on your Google account, head to this link, then follow the simple prompts. As a head's up, this is probably better to do from a desktop or laptop.
All modern Android phones and tablets have an awesome utility called Android Device Manager baked right in. This allows you to remotely lock, wipe, and locate your device should it ever fall into the wrong hands.
This feature should be enabled by default, but to be on the safe side, head to the Security menu again, then select the "Device administrators" option. From here, be sure to tick the box next to the Android Device Manager entry, then press "Activate" on the subsequent popup.
Android is now capable of scanning your device for malware automatically, and it does a wonderful job. This option is enabled by default in Android 5.0 and above, but for the folks on KitKat or lower, it's a great security service that should be manually enabled if it isn't already.
To begin, head to the Security menu in settings, then scroll down to the Device Administration section. From here, make sure that the "Verify app" option is ticked, and you'll be all set.
Although Android is capable of scanning your apps to detect malware, you should never rely too heavily on an automated solution such as this. Instead, use the prophylactic approach of researching an app and its publisher before you install it.
At the very least, you should only install apps from trusted sources. Publishers like the Google Play Store and the Amazon Appstore can be trusted, but be weary when downloading APKs from random websites.
Android uses what is known as a permission system to dole out access to certain parts of your phone when apps request it. Unfortunately, until Android M is officially released, these permissions are handled in an all-or-nothing approach, and your only chance to deny an app access to the permissions it requests is by not installing it in the first place.
Some apps request way too many permissions, and this is a security risk in the sense that if an app has access to certain parts of your phone, so does its developer. To see which apps on your phone are getting out of control with their permission requests, I'd suggest installing an app called Permission Friendly Apps. It scans your installed apps and rates them by how many permissions they've requested, where the higher the score, the bigger the security risk.
Once you've identified the permission-hungry apps on your phone or tablet, your safest bet would be to uninstall them and look for a more permission-friendly alternative on the Play Store.
While Android scans for malware automatically and silently, an antivirus app can give you more peace of mind by actually showing you the results of its scans. There are many great antivirus options available, but I've recently rated the best antivirus apps on Android if you'd like to narrow down the field.
I know the word "encryption" might evoke feelings of technophobia in some, but it's an incredibly simple concept. Think of it like all of the data on your device being jumbled up to the point where it's meaningless to an outsider, but once a password has been entered, it all sorts itself out and falls back into place automatically.
With an Android device, encrypting your data is incredibly easy. Just head to the Security menu again, then choose the "Encrypt phone" option. From here, make sure your phone or tablet is fully charged and connected to a charger, then press the "Encrypt Phone" button.
Depending on how much data you have stored on your device, the process can take as long as an hour or more, so keep your phone plugged in and stay patient. When it's done, the data on your phone will be completely useless to an outsider, but all you have to do to decrypt it and render it useful again is enter the pattern, PIN, or password on your secure lock screen.
One of the biggest potential security risks to your phone or tablet is the network it's connected to. Traffic through this connection is generally trusted by default, so if you're not familiar with a Wi-Fi network, the best thing to do would be not connecting in the first place.
Public access points generally have some form of security that prevent the various devices connected to them from communicating with one another. But if you're not sure about a certain network's security measures, it would be best not to connect.
Speaking of web traffic, the internet browser on your device has the potential to be your biggest security hole. If you're using the stock browser that came preinstalled on your phone or tablet, the problem with these is that they don't generally receive updates until your entire phone gets a firmware update.
Instead, consider downloading a third-party browser from the Play Store, which should receive prompt updates to block new security exploits that are discovered. One of the most secure and functional browsers available is Google's own Chrome, which is always updated with the latest security patches.
Continuing on the topic of prompt updates being good for security, your phone or tablet will occasionally receive an over-the-air firmware update from the device manufacturer. Some users are reluctant to update their firmware for fear of change, but this is an important security measure as exploits and loopholes in the Android system are often patched in a firmware update.
To see if your device has an update waiting on you right now, head to the "About phone" or "About tablet" menu in Settings. From here, tap "System updates" and install any available updates. Generally, though, you will receive a notification when a firmware update is ready.
Finally, if you are a rooted user, this means that apps can acquire full access to your entire system. If a root-enabled app were to have malicious intents, this might be the biggest security risk of all.
The easiest way to prevent apps from gaining full access to your system in this case would be to install a root management app like phh's SuperUser. This app monitors the root requests from other apps on your phone, then prompts you to either allow or deny root access—meaning no app can gain full access to your system without your consent.
Were you already practicing some of these good security habits? If so, how many? Let us know in the comment section below, or drop us a line on Android Hacks' Facebook or Twitter, or Gadget Hacks' Facebook, Google+, or Twitter.