The no-freakout guide to Android security

BY

Published 3 Feb 2014

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

I believe any rational discussion of Android security should have two goals. The first is to not freak out the reader. I see no need to instill with you panic, to drum up ominous clouds of doom, or to paint a picture of imminent peril associated with even glancing sideways at an Android device.

The second goal, which works well with the first, is to assure you that I have nothing to sell. The ideal malware panic message touted by the major media is invariably followed by cautious words of advice from some lab coat-wearing nerd who just happens to work for such–such major anti-malware software developer. Oh, by the way, they have a solution ready for their happy, safe subscribers.

I don’t mean to downplay security as an issue. It’s important. It’s vital. Your phone or tablet contains sensitive information. That includes email, data for apps, media, your schedule, other private data. In a triumph of usability over security, the device’s web browser might automatically retrieve website passwords. The Bad Guys would dearly love some free stuff courtesy of poor security or user laziness. Yet it’s possible to accept these things without having one h clutching your chest while the other is pulling out your wallet.

lscape locked

A password-protected device is a safer device.

Basic security

Android comes amply supplied with all the basic security measures you need. You don’t need to buy extra apps to employ some simple, safe practices such as applying a secure screen lock, beefing up browser security, keeping your user accounts separate.

Your first line of defense on an Android device is to use a secure screen lock. Yes, the pattern lock is really cool, but it’s not secure. en you want security, lock your phone or tablet by using a ssword screen lock. Apply all the same password rules as you would for anything: longer is better, mix up numbers symbols, upper lower case.

Next to the password, a N screen lock is best. It’s just numbers, short sweet. That’s not as beefy as a full-blown password, but it works. Eschew any other type of screen lock.

lock settings

ways set a password or N on your lock screen.

Screen locks are set by opening the Settings app choosing either the Security or Screen ck item.

If I were a bad guy who had just gotten hold of an Android phone, my first stop after unlocking the screen would probably be the web browser. b apps such as Chrome retain user passwords – but only when you let them.

Set the web browser app’s security by summoning its Settings screen. In Chrome, touch the Action Overflow icon choose the Settings comm. Change the setting for Autofill Forms to Off; set the Master Control on the Autofill Forms screen to OFF. kewise, disable the Save sswords feature.

Finally on the basic security front, specifically for Android 4.3 or later, I recommend configuring separate accounts when more than one person uses the device. ck each account with a ssword or N screen lock, keep your email, social networking, other accounts separate.

The Malware Issue

Unlike s, an Android devices can’t be compromised by opening email attachments. The only way you can install evil software on an Android device is to do so deliberately. Either you pick up a bad program from the ay store or you disable app security to allow software to be installed from other sources.

Odds are low that you’ll find a compromised app at the ay Store. ways check the user recommendations reviews. Generally speaking, the more downloads you see for an app, the better the odds that it’s legitimate. so, scrutinize the App rmissions screen before you touch the Accept button. Ensure that the phone or tablet features accessed by the app serve a legitimate purpose. For example, why would an app that displays a silly animation need to use the phone’s text messaging service? en in doubt, don’t install the app.

The cases of actual malware arriving via the ay Store are extremely rare. en it has happened, has been successful at remotely disabling the app.

If you find yourself overly paranoid regarding malware, you probably won’t bother allowing app installation from unknown sources. Most of the sources, such as the Amazon App Store or Samsung apps, are legitimate, but I wouldn’t bother looking anywhere else. Specifically, don’t allow installation from unknown sources when someone sends you an app or app link via email or SMS. That action can lead to the deliberate installation of malware I mentioned earlier.

Given the remote possibility of an Android infection, the question still looms on whether you can benefit from installing an anti-virus or anti-malware app. My first thought is “No,” mostly because the need for an anti-virus program seems to stem from the necessity of a requiring that software. Tablets phones are different creatures. Even so, if it makes you feel better, go ahead get one.

Do remember that malware is most successful via social engineering. Even with an anti-virus app installed, if you opt to deliberately install a rogue app or heed an onscreen direction to disable the device’s anti-virus software, you’re still screwed.

Anti-virus apps also may not protect against dialing a reverse-charge number or various SMS scams. For example, no app can prevent you from signing up for an SMS service that charges your credit card to send you jokes or a horoscope.

st Missing Devices

The worst thing imaginable is that your beloved Android device is either lost or stolen. The first thing you want to do is to find your missing phone or tablet. If that’s not possible, then the next best thing would be to remotely erase the device or somehow render it completely useless to anyone who has it.

The first step toward rendering the device useless is to apply a password. Not a N, but a full-on password like you’d apply to any secure computer or account. After all, how can you be serious about protecting your technology when you don’t even bother to lock the front door?

The next step, which doesn’t require extra software or a service, is to encrypt your mobile device. An Android phone or tablet can be completely encrypted, but it first requires that you have a secure screen lock. To perform the encryption, open the Settings app choose Security. Select the Encrypt Device comm.

The encryption process takes a while. The screen says an hour, but I would initiate the procedure before going to bed: ug in the phone or tablet to ensure it has an ample charge. Then encrypt its data, which includes your account information, settings, apps, media, all the files.

If you’re hesitant to encrypt your Android device, don’t be: You can decrypt is as well. st choose the Decrypt Device comm from the Security screen in the Settings app. If you don’t encrypt, however, the next best step in mobile device security is to rely upon a third party app to assist with locating a lost or stolen device , potentially, erasing that device remotely.

rhaps the most popular Android security app is okout from okout Mobile Security. It has a free version you can try, which does include a tool to locate a missing device. As with most of these services, you need to sign up for an account. The good news is that okout only mildly bothers you to upgrade to the full, paid version of the app. It does offer more detailed features, including safe browsing more thorough monitoring of apps that can access sensitive data. These features are right in line with what a security-minded phone or tablet owner would need.

If you have a newer Samsung phone or tablet, then you can use the Find My Mobile feature. It also helps locate a lost or missing device. As with other such apps, you need a separate account to fully use Find My Mobile. In this case, you need to have a Samsung account. You can also use the Android Device Manager to remotely lock or wipe your device.

Some corporate account information can be removed from a lost or stolen Android device. If all hope is lost, contact your organization’s IT Department. Have them use the Exchange Service to remotely wipe your Outlook information from the phone or tablet. This trick doesn’t remove other account information, in fact it might be a required policy at your organization anyway. Check with the IT guys to confirm.

Threat level: w

Overall, I would consider the malware threat rather low for an Android phone or tablet, I would also consider that security software is amply available for those who need it. This is all good news.

at would be the best news, of course, would be to get the cellular providers on board with a bricking system that wouldn’t require extra effort on behalf of the user. It could work simply: You lose your phone or tablet, call the cellular provider they kill it, instantly turning the device into a brick. That would not only make users feel better about their mobile devices, it would be a great deterrent to theft. Until that day comes, consider employing some of the suggestions in this article to keep your Android device safe.