Smartphones have become indispensable. They hold the key to our digital lives, which is why it is vitally important to keep them safe and secure. Android is the largest computing platform in the world, and that makes it a big target for cyberattacks.
If an attacker gets hold of your phone and is able to get unfettered access, they can learn a lot about you. They can steal your personal data, get into your banking app, steal your financial information, access your family photos, impersonate you, use social engineering tactics to scam your friends, etc.
You can prevent all of this from happening by doing everything in your power to secure your device in the same way that you probably guard the information on your laptop or desktop.
Read on for 15 easy ways to protect your Android smartphone…
- Lock your phone with a passcode.
- Be careful how you assign permissions.
- Setup a remote device locator.
- Encrypt your data.
- Add applock software.
- Set your updates to be downloaded and installed automatically.
- Disable automatic connections on your phone
- Avoid messing with Android’s security settings.
- Delete your cookies, messages, cache and browsing history on a regular basis.
- Protect your phone and digital life with a VPN.
- Limit the amount of apps you have on your phone.
- Disable Bluetooth when you’re not using it.
- Use Chrome’s safe browsing feature.
- Encrypt your mobile cloud backups
- Harden your privacy settings.
1. Lock your phone.
Setting a passcode is the quickest and easiest way to boost the security of your smartphone. This should be fairly obvious, but there are many smartphone owners who just can’t be bothered with the inconvenience of having to type in a passcode every time they want to get into their phones.
There are various types of screen locks that you can use including a password, PIN or pattern. A password can be alphanumeric, while a PIN can only be 6 numeric digits. With a pattern, you connect the four dots on the screen to create the screen lock, and you’ll need to recreate this pattern every time you want to login to your phone.
Using a strong screen lock to secure your device is absolutely mandatory. No matter how cautious and careful you are with your phone, there’s no guarantee that you won’t forget it somewhere, or someone won’t snatch it out of your hand. Putting a passcode ensures that you have at least one layer of protection no matter what happens to it. If you secure your phone with a strong screenlock, you won’t have to worry about unauthorized access and your data will always be protected.
You can configure a screen lock for your screen by going to Settings > Privacy > Lock Screen > Screen Lock Type.
Using a simple 6-digit numeric pin or password offers the best security for your phone. Avoid using a pattern because it only offers a moderate level of seurity, and can be breached quite easily. You can also use a biometric authentication system if your phone offers one. This type of multi-layer security ensures that even if someone manages to get into your phone, they won’t be able to access your data.
Other built-in Android security features include:
- Smart Lock: this is a feature that allows you to keep your device unlocked in certain situations when security is not an issue.
- Device Protection: also known as factory reset protection, this feature is automatically enabled when a user sets up a Google account to the device. It prevents use of the device after a factory reset until the original Google account credentials are provided.
- Find My Device: used to remotely trace, locate and wipe Android devices.
- Verify Apps: this tool is designed to prevent you from downloading dangerous apps from Google Play and other 3rd party sources. It also continuously scans your device for harmful apps to catch rogue apps that slip through the cracks. To enable this feature, tap Settings > Google > Security > Verify apps, then switch on the ‘Scan device for security threats’ setting.
- Google Play Protect: this is a feature Google rolled out with Android Oreo (v. 8.0). It aims to keep malicious apps at bay by constantly scanning apps in the Play store and on your device. To see Play Protect’s settings, tap on Settings > Google > Security > Play Protect.
2. Be careful how you assign permissions.
Apps have the easiest access to your data, so it is critically important to review the permissions you give them properly. Before you install any app, establish that it’s reputable enough by putting it through a rigorous vetting process. Those apps will ask for permissions to do certain things or to access certain data, and it’s up to you whether to grant those permissions. The permissions are typically needed in order for the app to function properly. For example, a photo editing app will need access to your camera and photos in order to work. If you don’t provide that access, the app won’t be able to function. But if that app is requesting access to your location data and your contacts, you’re going to have to think twice about granting that permission. There’s just no conceivable reason why it should want to access your location. The good thing is that you can grant all or some of the permissions, and you can manage how you grant those permissions in the main settings of your device.
Whenever an app needs access, you’re going to get a permission request pop up with the list of permissions it needs. You just have to establish whether each of the permissions it asks for are necessary for the app’s functionality.
You should be especially cautious about apps that request access to the following permission groups:
- Body sensors
With the release of Android 6.0, Android allows you to determine which permissions to grant an app after the app is installed. But before you grant any permissions, read the list so you’re aware of what permissions the app is asking for and why it needs them. Ask yourself the following questions:
- How trustworthy is this app?
- Is it clear why this app needs these permissions?
- Does the developer explain why they are needed?
If the app is from an unknown developer and he isn’t transparent about why the permissions are needed, you’re better off searching for an alternative unless you understand why the permissions are needed for that type of app. The permissions are usually listed at Google Play or on the developer’s website along with the reasons for each permission request. It is important to also read the app reviews to ensure that the app isn’t doing something unexpected behind the scenes.
If you really want to install a specific app but fail to see why it needs the permissions it is asking for, the following apps can help to monitor the app in question. They notify you when an app is trying to access certain data, and provide the option to allow or deny permissions. Note however, that if an app requires a permission and you don’t grant it, it will probably crash.
- PDroid Privacy Protection (requires root) monitors the types of info your apps request, and lets you allow or disallow on a per-app basis. It allows you to block access to personal or identifying information for each app.
- LBE Privacy Guard (requires root) lets you know when an app is trying to access data and gives you the option to allow or deny it.
- PermissionDog lets you know visually how dangerous an installed app is. By scrolling through the list, you can tell which apps are okay and which ones you should monitor closely.
3. Setup a remote device locator.
If you misplace your mobile device or it gets stolen, you’re going to want to get it back pretty quickly, especially if you have a lot of valuable information on it. And probably one of the easiest and most convenient ways to do that is by being prepared for such an eventuality, by setting up a remote device locator such as Find My on iOS or Find My Device on Android. These tools use GPS to identify exactly where your device is at any point in time, so if you simply misplaced your device, you’ll know exactly where to go and pick it up. On the other hand, if it was stolen, you can simply hand over the location to the police so they can recover it for you. But if your smartphone has been stolen and you are worried about someone accessing your private information, Android offers a remote wipe feature that allows you to erase all of the data on your phone.
You can do configure these features in Android Device Manager by going to Settings > Google > Security, and then toggle on these two settings: Remotely locate this device, and Allow remote lock and erase. Note that this will not erase your SD memory card, so any data on there might be vulnerable.
4. Encrypt your data.
Encryption is one of the most powerful tools that you can use to protect your data from falling into the wrong hands, and this capability is built into your phone. Encryption is technical process that uses advanced computer algorithms to transform plain text into something completely unrecognizable. This allows us to completely mask any sensitive piece of information that we want to keep private. So, if even if the information falls into the wrong hands, the encrypted data would be completely useless to an attacker unless they know the encryption key.
Note however, that encryption only protects your data from physical access; it doesn’t protect you from malware or viruses. It only protects the data on your phone if you lose it or someone steals it from you. You don’t have to be a cryptography expert to encrypt the data on your phone. As mentioned earlier, the capability is already built in. On some higher-end Android handsets running Lollipop (5.x) and higher, it’s enabled by default. On older handsets, you have to enable it. Once encryption is enabled, when you enter your passcode on the lock screen, your phone decrypts the data. If someone doesn’t know the encryption PIN or password, they will not be able to access the data.
Things to consider before enabling encryption.
- Encrypting your phone can take sometimes take several hours.
- Android won’t start the process unless your battery is at least 80% charged.
- Your phone must be plugged in throughout the entire process.
- Your phone must be unrooted.
- Do not interfere with the process or you’ll likely lose your data.
How to encrypt your Android device
Tap on Settings > security. If your device is already encrypted, it will show up here as encrypted. If not, start the process by tapping “Encrypt Phone”. You’ll need to read the warning signs and have to tap “Encrypt phone” a couple of times. The phone will then reboot and start the encryption process. Next, you’ll get a progress bar and estimated time till completion. Once the process is complete, the phone will reboot and you’re done.
5. Add app lock software
Installing app lock software presents another important layer of security that you can add to your smartphone to prevent rogue apps and unauthorised users from gaining access to confidential and sensitive data on your phone. You can use a free app like App Lock for this purpose. The fact of the matter is, apps downloaded via official app stores like Google Play or the Apple App Store are not guaranteed to be safe. Some of the apps you get from these official stores can be infected with malware that can take over your phone’s system by obtaining administrative rights. This can put your most sensitive apps at risk. App lock software allows you to protect the data in individual apps.
Which apps should be locked down?
- Email: locking down your email applications ensures that your conversations and personal information are kept secure.
- Shopping apps: apps like Amazon, eBay and other shopping apps should be locked down to prevent misuse.
- Dropbox: this app is likely to contain sensitive data like your medical history, tax information, legal docs, and you’ll want to lock it down for security and privacy.
- Banking apps: the use of mobile banking surged during the lockdown with millions of users downloading mobile banking apps. Locking down your banking app is essential to prevent your confidential data being compromised in the event that you inadvertently download rogue apps to your phone.
- Credit card apps: credit card information is sensitive data, and you’ll want to lock down your apps to protect this data.
- Social media apps: it is important to lock down your social media apps to prevent fraudsters impersonating you on these platforms.
6. Set your updates to be downloaded and installed automatically.
Outdated software is one of the most common reasons why computing devices get hacked. Attackers are constantly changing their tactics and looking for new ways to crack Android’s powerful security features. As they do, Google keeps up by releasing security updates that address newly discovered vulnerabilities in the operating system. That is why it is so important that you keep your phone updated with the latest security patches. This not only ensures that you’re maintaining your phone’s security, it also means that you’re not missing out on any new features.
Google releases security patches for Android every month, while more comprehensive updates are released annually in August. The current version of Android is 11, which was released to the public in autumn 2020. Google no longer uses he dessert names on its latest software versions, so you can simply expect a numerical format from now on.
Your Android phone should prompt you whenever there’s a new update to install. Alternatively, you can tap Settings > About phone > System updates to find out if there are any newly released updates to download.
Here are previous versions of Android:
- Android Donut (v1.6)
- Android Eclair (v2.0)
- Android Froyo (v2.2)
- Android Gingerbread (v2.3)
- Android Honeycomb (v3.0)
- Android Ice Cream Sandwich (v4.0)
- Android Jelly Bean (v4.1)
- Android KitKat (v4.4)
- Android Lollipop (v5.0)
- Android Marshmallow (v6.0)
- Android Nougat (v7.0)
- Android Oreo (v8.0)
- Android Pie (v9.0)
- Android 10
7. Disable automatic connections on your phone.
One of the most important security measures you can make on your phone is to prevent your Wi-Fi from connecting automatically to open networks. This is because hackers can setup a malicious network that is specifically designed to harvest data. If your phone automatically connects to that network, your device and data is going to be vulnerable. You should be fully aware of every network your phone is connected to.
To stop your Android device from auto-connecting to open networks, tap Settings > Network & Internet > Wi-Fi > Wi-Fi preferences. Turn off the Connect to public networks toggle switch to disable this feature.
8. Avoid messing with Android’s default security settings.
Each and every Android device comes with “Unknown sources” disabled in the security settings. This message will appear every time you want to download an app from a 3rd party app store other than Google Play or from a Google partner like Samsung. It simply means that the platform you want to download from hasn’t gone through the rigorous Google vetting process.
Downloading apps from “Unknown sources” is not necessarily a bad thing. For example, even when downloading an app from a secure site like Amazon, you’ll get the “Unknown sources” message. The problem is enabling the setting for no credible reason or keeping it on all the time. This will render your phone vulnerable to websites that try to install an app on your phone without your permission. You can always turn on the Unknown sources setting on to install an app from a trusted store like the Amazon app store, but you must always remember to keep the setting disabled again once you’re done.
To turn the Unknown settings feature on or off, tap Settings > Security and then toggle off the Unknown sources setting to switch it off or on as you need it.
Your browsing history stores a lot of personal information about you, and is a goldmine for hackers. They pose a security threat because hackers can use your cookies to breach your account even without a password. So, to improve your privacy, make sure that you delete your virtual footprint. This will minimize the amount of data that can be harvested.
Here’s how to clear your history:
- Open Chrome app
- At the top right, tap More > History
- Tap clear browsing data
- Next to Time Range, select how much history you want to delete. Tap All time if you want to clear everything.
- Check browsing history.
- Tap clear data.
10. Protect your phone with a VPN
Using a VPN is one of the most powerful ways to secure the data that leaves your internet-connected mobile device. The VPN protects your data by encrypting the data, providing you with the benefits of a private network even while you’re on a public one. VPNs allow you to use free, public Wi-Fi hotspots which are open networks that are frequented by hackers. VPNs also work on phones in the same way that they work on desktops.
Best VPNs for Android
- Hotspot Shield
11. Limit the amount of apps you have on your phone.
You can have too many apps on your phone, and the more apps you have, the bigger the chances of a security breach. If you don’t plan to use an app more than once, delete it after you’ve used it. When you have too many apps on your phone, those that haven’t been updated with security patches will leave your phone vulnerable to rogue apps and hackers. Installing less apps and just the ones you plan to use will minimise the dangers of your phone being compromised.
12. Disable Bluetooth when you’re not using it.
As convenient as Bluetooth can be, it is a bad idea to keep it on all the time when you’re not using it. In and of itself, Bluetooth comes with a plethora of security issues and concerns. For example, a vulnerability known as BlueBorne gave a hacker control of Bluetooth-enabled devices, even when the device wasn’t connected to anything when the attack began. BlueBorne attacks also spread from device to device.
While hackers technically need to be within Bluetooth range to attack your phone, if there are infected devices around, they can get some extra distance. By leaving Bluetooth enabled on your phone all the time, you’re exposing yourself to this type of security issue. It can be an incredibly convenient tool when you need to use Bluetooth, but once you’re done using it, you should turn it off. And if you don’t use it at all, then you should make sure that it is off.
To disable Bluetooth, tap Settings > Connections > Bluetooth. Toggle off.
13. Use Chrome’s safe browsing feature.
To activate Chrome’s safe browsing feature, open the browser, tap the three-dot menu button in the top corner of the screen, tap Settings > Privacy, and then make sure the “safe browsing” setting is checked.
14. Encrypt your mobile cloud backups.
Mishandling your mobile data backups can often be the source of a security breach. Whenever you’re syncing or backing up your data to the cloud, make sure that any private data you’re backing up is encrypted. Cloud backups are oftentimes an easy target for hackers. If you use Google Drive, your cloud backups should use the same 2 factor authentication as your Google account. This will ensure that you’re in full control of the security of your data, and that no one but you can access your data in the cloud.
15. Harden your privacy settings.
You can enhance the security of your phone by optimizing your privacy settings in the following ways:
- Disable location services. If you are worried about Google tracking your location, you can disable this feature. Note that if you do this, you will also disable Find My Device. To disable location services, tap Settings > Connections > Location. Toggle switch to off.
- Opt out of personalized advertising. Tap Settings > Google > Ads > Switch on Opt out of interest-based ads or Opt out of ads personalization.