Applying a dozen iOS security settings to better protect your mobile device does not sound like a terribly tedious job. So what about Android?
The issue here is that Android as a mobile OS is seemingly the same, yet it is so varied. Its open and flexible nature has made it the leader in the mobile market, but simultaneously it is the basis for the notorious fragmentation issue that everyone is keen to mention every so often.
Versions of Android running on the Nexus device, Samsung/Sony/HTC smartphones and on a Chinese no-name are easily distinguishable. However, there are some general tips to ensure that your Android device is more secure, and a number of the tips are those that are applicable to iOS as well. Of course, it presupposes compromises in everyday experiences, but in this case you have to choose between comfort and safety. Ultimately, one can find an optimal balance between convenience and safety and, at least partially, follow the list of tips below.
1. Download apps only from the Google Play Store
Indeed, the most ‘dangerous’ thing about Android is not the OS itself, but apps that a user can install. Contrary to iOS, installing an app by oneself or with ‘help’ from another user is super easy on Android. Just never download an app from third-party platforms and websites: they might be infected. It is easier to fully disable this capability in settings and deploy an integrated app security check. Also, say no to root access, as it significantly elevates the risks of running into infected applications.
How it helps: significantly lowers your chances of getting malware.
How to set it: go to “Settings” -> “Security”, un-check the “Unknown Sources” box, check “Verify Apps.”
2. Watch out for app permissions
First, you’d want to install apps only by known developers, or rely on Google recommendations. Second, check the apps’ permissions every time you install to see what exactly a certain app is asking to access. If a wallpaper app or game wants to access your accounts, SMS, mic, location and to enjoy unlimited Internet, that looks fishy.
How it helps: significantly lowers your chances of getting malware
How to set it: upon installation, the list of permissions is shown on the screen, and also there is the “See Permissions” link on the bottom of the app page. If a suspicious app has been installed already, go to “Google Settings” -> “Enabled Apps” and disable the ones you don’t want to run.
3. Use strong passwords
This is more of a ‘one-size-fits-all’ tip. To unlock your phone, use sophisticated passwords, not a PIN or graphic code. The best solution is a password that contains at least ten characters, including lower case and upper case letters, numbers, and symbols. But it’s not easy to enter that many symbols each time that you unlock your phone, so you should try several passwords to find the optimal one. The password should be changed on a regular basis. Also, set the minimal idle time to enable the lock, and disable the option to show passwords when entering them. Note that many apps also use password-based security.
How it helps: significantly lowers the chances for other people to access your phone and its content.
How to set it: go to “Setting” -> “Security” -> “Screen Lock” and choose “Password” as a means of locking the screen. Then go to “Settings” -> “Security” and un-check “Make passwords visible” box.
4. Encrypt your data
It’s simple! If the data on your phone is encrypted, then no one is able to access it even if the phone is lost or stolen. It is better to choose a password rather than a PIN code because in the current Android version, encryption is based on password/PIN only and is only as strong as the password is. Android 5.0 should improve upon this.
How it helps: protects data in case your device is lost
How to set it: go to “Settings” -> “Security” -> “Encrypt Phone”, and check the “Encrypt SD Card” in addition.
5. Watch out for your Wi-Fi connections
By default, Android tries to connect to any wireless network you ever accessed. In the case of open access points, it may well be that it is not a hotspot you are used to but rather a malicious hotspot created by a cybercriminal. With that in mind, first try to avoid public hotspots, and second, run a regular audit of your remembered Wi-Fi networks list. Also, disable default search for open wireless connections.
How it helps: lowers the chances of inadvertently connecting to potentially malicious Wi-Fi networks.
How to set it: go to “Settings” -> “Wi-Fi”, press and hold a remembered hotspot name to call up the menu which allows you to delete the network; go to “Advanced Settings” to un-check “Always Search for Wireless Networks.”
6. Always use VPN
This tip is especially relevant when using a public hotspot or an untrusted network connection. Using VPN will protect the data you transfer and (as a bonus) allow you to access resources that are somehow restricted on public networks.
Today, robust VPN access is not that expensive and the latest models of home routers have their own VPN servers, making VPN access completely free for you. It is better to use L2TP or OpenVPN, which sport even more reliable protection than the widely used PPTP. To prevent a data leak prior to establishing a VPN connection, do not forget to make VPN ‘always-on’, or disable automatic syncing of your apps.
How it helps: encrypts inbound and outbound data.
How to set it: go to “Settings”, choose “More…” -> VPN in “Wireless Connections and Networks”; in the context menu check “Always-on VPN” and choose the connection; autosyncing can be disabled in “Settings” -> “Accounts.”
7. Disable notifications
Even if your phone is locked, different notifications can be pushed to the status bar or to the display. Notifications may include one-time codes to confirm transactions, account status alerts and other sensitive data. Unfortunately, there is no single Android notification center where these can be disabled. Also, many device OEMs use different skins which are not secure in this respect. That means that you will have to disable all app notifications manually.
How it helps: no outsider is able to see your notifications, which might contain sensitive information.
How to set it: go to “Settings” -> “Apps”; choose an app and un-check the “Show notifications” box. In some cases it is even easier to disable notifications in the program’s settings.
8. Apply settings to Google services
There may be good reasons to set some limits for the search giant, as any leak of Google account information might lead to negative consequences for a user: any culprit able to gain access might not only read your messages but may also find out where you have been, see your photos and contacts and other meaningful things.
How it helps: minimizes damage done in case of data leakage.
How to set it: in the “Google Settings” app, in “My Location” entry, disable “Sending Geolocation Data” and “History of Location” options for all accounts; in “Search and Tips,” disable Google Now; in “Android Remote Management” you may want to enable “Remote Device Search” and “Remote Lock and Reset” options; in the “Google Photo” app, go to “Settings” -> “Auto Back Up” and disable the default automated backup of all of your photos on Google servers.
9. Get rid of unnecessary apps
See tips 1 and 2 above. The more apps that you have, the higher the risk is that some of them are involved in malicious activities. Also, in the Android world, there is this bad habit of selling devices with tons of pre-installed services and apps. You may not use them, but it doesn’t mean that their creators don’t use you. Some, but not all, of them, can be deleted. Refer to an app’s website to know which of them are good to go.
How it helps: minimizes damage done in case of data leakage. How to set it: go to “Settings” -> “Apps” -> “All,” tap on the app you need to delete in the list and press “Wipe data” and “Disable”.
10. Use two-factor authentication for Google and other apps
Two-factor authentication is likely the best method to ensure maximum user account security available today. It is simple: besides using the password, it requires you to also enter a one-time code sent via text message or within specialized apps or even hardware. Without this code, an intruder cannot log in to your accounts, even if they have laid hands on your password.
How it helps: significantly lowers the chances of an outsider using your accounts. How to set it: go to https://accounts.google.com/SmsAuthConfig in your browser and follow the instructions.
This list of tips helps to significantly improve Android security but it is not a cure-all. Thus, do not forget to install a trusted security pack on your smartphone or tablet. Besides antivirus, such solutions offer other means of protection: safe web surfing, password manager, SMS filtering, anti-theft options and so on.
And, a final note in our recommendations: stay alert!
110 Reykjavik, Iceland