By: Christopher Bainbridge
June 6, 2017
Android Security Basics - Reinforcing Security Measures
By: Christopher Bainbridge
June 6, 2017
As I write this, I am aware that there are a few different approaches to Android security. This article aims to provide the following:
- Just ensuring you have a basic understanding of security
- You know how to be private and safe
- Know how to lock down and secure your devices
( I’m sure there are lots of other approaches but for the sake of keeping it simple this is how I would categorize them )
We all know the type of people that have antivirus and do not install anything from anywhere but the Goggle Play Store. Those individuals probably also have a finger swipe lock and that is all they need or want to know about. Not to say that is bad - it's good to feel secure - but that is literally the MOST basic form of "security" for your device.
However, I will help with just adding a little bit more to this, and how to do it while keeping it as simple as possible.
( 1 ) Antivirus – I assume nearly everyone has this, but if you don’t, go to the Google Play Store and have a look at a few ( most are free ) and install one. This will help you by finding the most known Viruses Spyware and in most cases advise you how to change some settings for additional security. Remember, your data - images, texts, saved login information - is private and personal. Keep it that way!
( 2 ) Screen-lock – Everyone should know what this is. It is as old as mobile phones are nowadays. It locks the screen after the screen goes black or after a set time limit of inactivity. You can often access the screen lock options by going to Settings > Security > Screen Lock, which will ensure that a code, pattern or password needs to be entered in order to unlock the screen once it has been locked.
I would recommend using the PIN or Password option, as these are not restricted by length (it may be restricted to 4 characters on some devices). But also, due to how easily a swipe pattern can be unlocked by one of these methods: 1. tilting the screen so you can see the swipe marks and repeat the pattern, or 2. just watching the person's swipe pattern (a form of shoulder surfing).
( 3 ) Encryption – Device Encryption disguises data by rearranging the data so that no one can see/access it without a password or key.
This can be done in Settings > Security > Encryption. Before you can utilize device encryption, however, you will be required to set a screen lock password ( Device should be connected to a charger while doing this).
( 4 ) Phone Location Tracking – Device Tracking is self-explanatory and there is no shortage of apps out there on the Google Play Store to track your device if you lose it outside or just down the back of the sofa. All you do is register your phone's details then test it about the house and track it. This ensures if you lose your phone, or if it is stolen, you can always track it down.
( 5 ) Software Updates – Updating the Software on your Android device can remove any vulnerabilities in the device's software and should always be done at the first possible time.
There are two ways of doing this -
Updating the Phones OS (Operating System)
Settings > AbouPhonene > Updates > Check for Updates.
Updating the Apps
Open Google Play Store > My Apps this should show any updates that are available for any of your installed apps
*( I would always recommend you update your device at home while plugged in and on a trusted internet connection )
I believe these five things are about as basic as it gets for Android Security. In the next part “Being private and safe,” I will go into more detail and try help the slightly more tech confident user by showing them how easily a mobile device can be compromised and what could potentially be done to it.
Security and the slightly more advanced stuff but nothing too complicated: ( By securing these settings you secure your device and probably save battery life and save on data charges )
( 6 ) Useful Settings - These are two simple ways of securing your device and yourself.
Bluetooth, Wifi, NFC, Tethering and Portable Hotspots, should always be switched OFF when not being used. All of these methods leave your device open to attack and as you may leak your data out or allow another user to access your device remotely.
All of these can be changed from Settings > Wireless and Network Settings
Only turn on location settings when you need them. It is important not have these services running when not required as it increases the risk of location tracking.
Settings > Personal > Location
( 7 ) Useful Apps – There are lots of different apps that can increase the security on your Android but here are just a few that can seriously increase your privacy.
A password manager is a small easy to use a database on your phone that you can save passwords and usernames for your favorite websites ( or anything really ) which are fully encrypted and secure a quick look on the Google Play Store will find lots of these.
App Lockers are apps that give you the ability to stop another user using a specific app or your entire device without entering a specific information. ( this can be a fingerprint scan or password or pattern ) They usually include other features like the if an intruder enters a password wrong 3 times it will take pics with both front and rear camera
*I could write all day about app lockers but if you want more information a simple internet search will provide lots of information and which one is best for you
( 7 ) Backup and Cloud Storage - Losing pictures videos or documents can be annoying at least or extremely embarrassing and emotional at worst. There is no shortage of apps out there for online storage to back these up. I won’t list the best and worst here but Android Devices come with Google Drive which gives you 15gb of free online space to save you private data to. All you need to do to avoid having your stuff leaked online like a celebrity ( if you're popular enough to have someone try ) Is to set a decent password or passphrase that you can remember and won't be easy for people to guess.
Off topic but there are apps out there you can buy ( usually available for a free trial though ) that can monitor pretty much everything that happens on a device. ( note I never said YOUR Device ) That is because these apps are primarily used to keep an eye on family members to ensure they are safe online, but I believe they work as a good example of what kind of data YOU could be leaking by installing Apps from unknown sources or by rooting your device.
Check them out
* Note I am no way affiliated with either of these apps and I am not being paid to promote them I just think they are good examples to show people what a user could do with access to you phone for a short period.
Okay, now it's time to roll out the tinfoil hats ………….
Not all people that want to block people from eavesdropping on their phone calls or reading their messages are nefarious characters, or paranoid. Some people just want better privacy or to learn how to do this for educational reasons
( 8 ) Private Encrypted phone calls – Encrypted voice calls over the internet has become more popular lately due to lots of available apps that can provide this service. This provides Security against eavesdropping and electronic surveillance and can keep your conversations private.
( 9 ) Encrypted end to end messaging – Encrypted messaging does exactly what it says, It encrypts the content of a message so that only the sender and receiver can read the data. This has become commonplace even popular Apps like WhatsApp now include end to end encryption but there are other tools which also do this and have a higher level of encryption.
( 10 ) Anonymous and private internet surfing – There are few Apps that are designed to increase the anonymity of your activities on the Internet by sending your connections over the Tor network, But there isn’t any better than Orweb and Orbot. When used together Orweb & Orbot allow you to send all your web browsing over the Tor network and maintain a high level of Privacy
( 11 ) Panic Buttons – A Panic Button App will enable you to secretly trigger an alarm on your phone to send a prewritten text message to a predefined list of contacts know you may be in danger. There are a few of these available on The Google Play Store.
( 12 ) Data Leakage – Data Leakage is when your Android device leaks sensitive information (such as your phone number, contacts, location, etc) to other installed apps on your phone. Allowing that data to be used potentially against your wishes. X-privacy is a free App, which can stop this from happening you just have to set up its rules first.
That is it. All the best ways to ensure your privacy and security on Android Devices. you may not use all of what I have provided but all of this is to ensure you have a good idea of what can be done to keep yourself safe and secure when using your Android device.
I would like to do a course on this topic for Cybrary, but let me know if there is any more you'd like me to cover. I hope you have enjoyed this post. Comment if you have questions!