10 steps for Android smartphone safety
Download apps only from the Google Play Store
Indeed, the most 'dangerous' thing about Android is not the OS itself, but the apps
that a user can install. Contrary to iOS, installing an app by oneself or with
'help' from another user is super easy on Android. Just never download an app
from third-party platforms and websites: they might be infected. It is easier to
fully disable this capability in settings and deploy an integrated app security
check. Also, say no to root access, as it significantly elevates the risks of
running into infected applications.
- How it helps: significantly lowers your chances of getting malware.
- How to set it: go to "Settings" -> "Security", un-check the "Unknown
Sources" box, and check "Verify Apps."
Watch out for app permissions
First, you'd want to install apps only by known developers or rely on Google
recommendations. Second, check the apps' permissions every time you install to
see what exactly a certain app is asking to access.
- How it helps: significantly lowers your chances of getting malware
- How to set it: Upon installation, the list of permissions is shown on
the screen, and also there is the "See Permissions" link at the bottom of the
app page. If a suspicious app has been installed already, go to "Google
Settings" -> "Enabled Apps" and disable the ones you don't want to run.
Use strong passwords
This is more of a 'one-size-fits-all' tip. To unlock your phone, use
sophisticated passwords, not a PIN or graphic code. The best solution is a
password that contains at least ten characters, including lowercase and uppercase letters, numbers, and symbols. But it's not easy to enter that many symbols
each time that you unlock your phone, so you should try several passwords to
find the optimal one. The password should be changed on a regular basis. Also,
set the minimum idle time to enable the lock, and disable the option to show
passwords when entering them. Note that many apps also use password-based
- How it helps: significantly lowers the chances for other people to
access your phone and its content.
- How to set it: go to "Setting" -> "Security" -> "Screen Lock" and
choose "Password" as a means of locking the screen. Then go to "Settings" ->
"Security" and un-check the "Make passwords visible" box.
Encrypt your data
If the data on your phone is encrypted, then no one is able to
access it even if the phone is lost or stolen. It is better to choose a password
rather than a PIN code because, in the current Android version, encryption is
based on password/PIN only and is only as strong as the password is. Android 5.0
should improve upon this.
- How it helps: protects data in case your device is lost
- How to set it: go to "Settings" -> "Security" -> "Encrypt Phone", and
check the "Encrypt SD Card" in addition.
Watch out for your Wi-Fi connections
By default, Android tries to connect to any wireless network you ever accessed.
In the case of open access points, it may well be that it is not a hotspot you
are used to but rather a malicious hotspot created by a cybercriminal. With that
in mind, first try to avoid public hotspots, and second, run a regular audit of
your remembered Wi-Fi networks list. Also, disable default search for open
- How it helps: lowers the chances of inadvertently connecting to
potentially malicious Wi-Fi networks.
- How to set it: go to "Settings" -> "Wi-Fi", press and hold a
remembered hotspot name to call up the menu which allows you to delete the
network; go to "Advanced Settings" to un-check "Always Search for Wireless
Always use VPN
This tip is especially relevant when using a public hotspot or an untrusted
network connection. Using VPN will protect the data you transfer and (as a
bonus) allow you to access resources that are somehow restricted on public
networks. Today, robust VPN access is not that expensive and the latest models
of home routers have their own VPN servers, making VPN access completely free
for you. It is better to use L2TP or OpenVPN, which sport even more reliable
protection than the widely used PPTP. To prevent a data leak prior to
establishing a VPN connection, do not forget to make VPN 'always-on', or disable
automatic syncing of your apps.
- How it helps: encrypts inbound and outbound data.
- How to set it: go to "Settings", choose "More…" -> VPN in "Wireless
Connections and Networks"; in the context menu check "Always-on VPN" and choose
the connection; autosyncing can be disabled in "Settings" > "Accounts."
Even if your phone is locked, different notifications can be pushed to the
status bar or to the display. Notifications may include one-time codes to
confirm transactions, account status alerts and other sensitive data.
Unfortunately, there is no single Android notification center where these can be
disabled. Also, many device OEMs use different skins which are not secure in
this respect. That means that you will have to disable all app notifications
- How it helps: no outsider is able to see your notifications, which
might contain sensitive information.
- How to set it: go to "Settings" -> "Apps"; choose an app and un-check
the "Show notifications" box. In some cases, it is even easier to disable
notifications in the program's settings.
Apply settings to Google services
There may be good reasons to set some limits for the search giant, as any leak
of Google account information might lead to negative consequences for a user:
any culprit able to gain access might not only read your messages but may also
find out where you have been, see your photos and contacts and other meaningful
- How it helps: minimizes the damage done in case of data leakage.
- How to set it: in the "Google Settings" app, in the "My Location" entry,
disable the "Sending Geolocation Data" and "History of Location" options for all
accounts; in "Search and Tips," disable Google Now; in "Android Remote
Management" you may want to enable "Remote Device Search" and "Remote Lock and
Reset" options; in the "Google Photo" app, go to "Settings" -> "Auto Back Up"
and disable the default automated backup of all of your photos on Google
Get rid of unnecessary apps
See tips 1 and 2 above. The more apps that you have, the higher the risk is that
some of them are involved in malicious activities. Also, in the Android world,
there is this bad habit of selling devices with tons of pre-installed services
and apps. You may not use them, but it doesn't mean that their creators don't
use you. Some, but not all, of them, can be deleted. Refer to an app's website
to know which of them is good to go.
- How it helps: minimizes the damage done in case of data leakage.
- How to set it: go to "Settings" -> "Apps" -> "All," tap on the app you
need to delete from the list, and press "Wipe data" and "Disable".
Use two-factor authentication for Google and other apps
Two-factor authentication is likely the best method to ensure maximum user
account security available today. It is simple: besides using the password, it
requires you to also enter a one-time code sent via text message or within
specialized apps or even hardware. Without this code, an intruder cannot log in
to your accounts, even if they have laid hands on your password.