10 steps for Android smartphone safety
Download apps only from the Google Play Store
Indeed, the most ‘dangerous’ thing about Android is not the OS itself, but apps
that a user can install. Contrary to iOS, installing an app by oneself or with
‘help’ from another user is super easy on Android. Just never download an app
from third-party platforms and websites: they might be infected. It is easier to
fully disable this capability in settings and deploy an integrated app security
check. Also, say no to root access, as it significantly elevates the risks of
running into infected applications.
How it helps: significantly lowers your chances of getting malware.
How to set it: go to “Settings” -> “Security”, un-check the “Unknown
Sources” box, check “Verify Apps.”
Watch out for app permissions
First, you’d want to install apps only by known developers, or rely on Google
recommendations. Second, check the apps’ permissions every time you install to
see what exactly a certain app is asking to access. If a wallpaper app or game
wants to access your accounts, SMS, mic, location and to enjoy unlimited
Internet, that looks fishy.
How it helps: significantly lowers your chances of getting malware
How to set it: upon installation, the list of permissions is shown on
the screen, and also there is the “See Permissions” link on the bottom of the
app page. If a suspicious app has been installed already, go to “Google
Settings” -> “Enabled Apps” and disable the ones you don’t want to run.
Use strong passwords
This is more of a ‘one-size-fits-all’ tip. To unlock your phone, use
sophisticated passwords, not a PIN or graphic code. The best solution is a
password that contains at least ten characters, including lower case and upper
case letters, numbers, and symbols. But it’s not easy to enter that many symbols
each time that you unlock your phone, so you should try several passwords to
find the optimal one. The password should be changed on a regular basis. Also,
set the minimal idle time to enable the lock, and disable the option to show
passwords when entering them. Note that many apps also use password-based
How it helps: significantly lowers the chances for other people to
access your phone and its content.
How to set it: go to “Setting” -> “Security” -> “Screen Lock” and
choose “Password” as a means of locking the screen. Then go to “Settings” ->
“Security” and un-check “Make passwords visible” box.
Encrypt your data
It’s simple! If the data on your phone is encrypted, then no one is able to
access it even if the phone is lost or stolen. It is better to choose a password
rather than a PIN code because in the current Android version, encryption is
based on password/PIN only and is only as strong as the password is. Android 5.0
should improve upon this.
How it helps: protects data in case your device is lost
How to set it: go to “Settings” -> “Security” -> “Encrypt Phone”, and
check the “Encrypt SD Card” in addition.
Watch out for your Wi-Fi connections
By default, Android tries to connect to any wireless network you ever accessed.
In the case of open access points, it may well be that it is not a hotspot you
are used to but rather a malicious hotspot created by a cybercriminal. With that
in mind, first try to avoid public hotspots, and second, run a regular audit of
your remembered Wi-Fi networks list. Also, disable default search for open
How it helps: lowers the chances of inadvertently connecting to
potentially malicious Wi-Fi networks.
How to set it: go to “Settings” -> “Wi-Fi”, press and hold a
remembered hotspot name to call up the menu which allows you to delete the
network; go to “Advanced Settings” to un-check “Always Search for Wireless
Always use VPN
This tip is especially relevant when using a public hotspot or an untrusted
network connection. Using VPN will protect the data you transfer and (as a
bonus) allow you to access resources that are somehow restricted on public
networks. Today, robust VPN access is not that expensive and the latest models
of home routers have their own VPN servers, making VPN access completely free
for you. It is better to use L2TP or OpenVPN, which sport even more reliable
protection than the widely used PPTP. To prevent a data leak prior to
establishing a VPN connection, do not forget to make VPN ‘always-on’, or disable
automatic syncing of your apps.
How it helps: encrypts inbound and outbound data.
How to set it: go to “Settings”, choose “More…” -> VPN in “Wireless
Connections and Networks”; in the context menu check “Always-on VPN” and choose
the connection; autosyncing can be disabled in “Settings” -> “Accounts.”
Even if your phone is locked, different notifications can be pushed to the
status bar or to the display. Notifications may include one-time codes to
confirm transactions, account status alerts and other sensitive data.
Unfortunately, there is no single Android notification center where these can be
disabled. Also, many device OEMs use different skins which are not secure in
this respect. That means that you will have to disable all app notifications
How it helps: no outsider is able to see your notifications, which
might contain sensitive information.
How to set it: go to “Settings” -> “Apps”; choose an app and un-check
the “Show notifications” box. In some cases it is even easier to disable
notifications in the program’s settings.
Apply settings to Google services
There may be good reasons to set some limits for the search giant, as any leak
of Google account information might lead to negative consequences for a user:
any culprit able to gain access might not only read your messages but may also
find out where you have been, see your photos and contacts and other meaningful
How it helps: minimizes damage done in case of data leakage.
How to set it: in the “Google Settings” app, in “My Location” entry,
disable “Sending Geolocation Data” and “History of Location” options for all
accounts; in “Search and Tips,” disable Google Now; in “Android Remote
Management” you may want to enable “Remote Device Search” and “Remote Lock and
Reset” options; in the “Google Photo” app, go to “Settings” -> “Auto Back Up”
and disable the default automated backup of all of your photos on Google
Get rid of unnecessary apps
See tips 1 and 2 above. The more apps that you have, the higher the risk is that
some of them are involved in malicious activities. Also, in the Android world,
there is this bad habit of selling devices with tons of pre-installed services
and apps. You may not use them, but it doesn’t mean that their creators don’t
use you. Some, but not all, of them, can be deleted. Refer to an app’s website
to know which of them are good to go.
How it helps: minimizes damage done in case of data leakage.
How to set it: go to “Settings” -> “Apps” -> “All,” tap on the app you
need to delete in the list and press “Wipe data” and “Disable”.
Use two-factor authentication for Google and other apps
Two-factor authentication is likely the best method to ensure maximum user
account security available today. It is simple: besides using the password, it
requires you to also enter a one-time code sent via text message or within
specialized apps or even hardware. Without this code, an intruder cannot log in
to your accounts, even if they have laid hands on your password.
How it helps: significantly lowers the chances of an outsider using
How to set it: go to
https://accounts.google.com/SmsAuthConfig in your
browser and follow the instructions.