10 Steps to Secure and Mitigate Risk on Android (and more!)

September 27, 2018 | Views: 5667

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Surrounded by IT hobbyists, technologists, professionals, and others, I’ve come to realize we don’t treat our phones as computers that store and access data. Many do not take the necessary steps to secure mobile devices. Many access their work and personal emails on these devices yet have not taken any steps to secure their devices and mitigate risks. Multi-layered security is the best approach to securing mobile devices. With the ever-growing popularity of Android phones, what can we do to better protect ourselves from the dangers online?

While many of these steps seem commonplace for IT or security professionals, yet many of us still succumb to not securing our mobile devices.

Due to the fragmentation of Android, and a multitude of manufacturers, it’s difficult to summarize every possible option of securing an Android device. However, with BYOD on the rise, and the amount of work that’s done via mobile devices always increasing, it’s important that everyone takes steps to secure their mobile devices.

  1. Before even purchasing an Android device, consider the manufacturer you are purchasing from. Do they provide regular security and/or OS updates? Are they well known for fixing bugs? The decision to choose a certain manufacturer is one of the most important factors to consider when looking at security.
  2. Set up a passcode (password). This is the first step any person can take to protect their devices yet is often skipped. While a 4-digit PIN is better than nothing, I encourage using a password with a combination of different characters. Using numbers only is more easily brute forced.
  3. Enable Encryption if possible for data at rest. This setting is often found in Settings > Security but could be found elsewhere depending on the version of Android and device. Many newer Android devices come encrypted by default. If using an SD card, encrypt that as well.
  4. Keep your device up to date with Security patches and OS updates. Companies like Google will release Security updates every month.
  5. Install an Anti-Malware/Anti-virus solution. Malware often targets Android devices.
  6. Install and use a trusted VPN (especially on Public wi-fi). This will encrypt data in transit.
  7. Avoid Public wi-fi where possible.
  8. Only install applications from trusted sources; uninstall/remove bloatware/unnecessary applications where possible.
  9. Limit the data you store locally on your device. Don’t store your sensitive information like passwords or credit card information. Use a password-manager (there are a ton of free/paid options) to store that type of data. The less data you store on your device and in the apps your accessing, the smaller the vector, and lower the risk.
  10. Don’t root your phone. While some users can benefit and improve upon the security of their mobile devices, it’s generally considered best practice to not root your devices.


  1. Use a private DNS provider, if possible, such as Cloudflare.
  2. Install a mobile intrusion detection system.
  3. Understand Find my Device / prepare to use it if your device is stolen.
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?