Security Best Practices for your Android Devices

Security Best Practices for your Android Devices

Have you ever considered checking how secured you phone’s data is? How certain are you that the message you sent five minutes ago via one of your social media handle was not read by someone else other than the intended recipient? Did you know that your location  and movement can be tracked in real-time by a manufacturer of a third-party app on your phone, just because you left a feature turned on after using it several months ago?

Fortunately, you can prevent some of the instances mentioned here, and even more by maintaining regular security practices for your mobile devices. This article focuses on Android-based devices (phones and tablets), but the same principles can be applied across other devices.

Update your Apps and Phone Settings

A lot of the security attacks we have read or heard about have occurred due to the presence of outdated apps or modules on the phone. Regularly updating your apps and settings as released from your phone’s manufacturer can keep your data safe and devices free from cyber attacks.

Do not root your device

Rooting your android phones and tabs can happen by installing some third-party apps. Enabling certain roles under your phones’ properties settings can also activate the root mode on such. This action, in turn gives other apps on your phone the advantage of executing certain actions on it without your intervention. So if you are not certain about the function of a role or option within your device, it is best to leave it as the factory’s default setting, rather than make any changes you don’t know the implications of.

Do not trust third-party source for installing Apps

Third-party source involve downloading the APK files from your browser and installing it directly on your device. Any other installation option that is not done through Google’s Play Store is regarded as a third-party source (or manual) installation option. Using third-party source for app installation is as risky as calling in an artisan from the road-side with a placard that shows “Artisan” and bringing such into your house to fix a broken pipe. Some of these apps may have malicious contents in them which are not easily detected until they are inside your device and it just might be too late.

This setting can be enabled or disabled from the Settings menu >> search for “Install Unknown Apps” >> confirm the “Not Allowed” option is enabled for all apps  (except the defaulted apps by the Android’s operating system) on your device.

Password-protect your Phones and Tabs

Password-protecting your device adds an extra security layer, as it prevents unauthorised users from accessing the data on it. With the Password, PIN or Pattern options, you have the convenience to choose according to your preference.

Also, try to change your security credentials regularly (say every three to six months), just in case your existing credentials get compromised without your knowledge.

Turn off USB “Debugging” and other “Developer option”

This is a feature which allows development-related tasks to be done on Android devices. Enabling this feature can give the user access to override default security settings like preventing a lock on the screen, unlocking the bootloader of the device, allowing installation of apps or copying files onto your device via the USB port etc. This means any app or file (safe or otherwise) can be inserted into your device and execute specific actions based on the configurations of the app or file.

Turning on/off this feature is available in: Settings menu >> search for “Developer Options” >> turn off this feature. If you cannot find this feature after searching, this means the options is presently turned off. So no need to take any further action.

Maintain Screen Timeout (Screen Lock)

This feature allows the phone’s screen to get automatically locked after a period of inactivity on such phone. This feature can also be enabled in the Settings menu.

Turn off Bluetooth when not Using it

This will prevent some random pairing of nearby devices with your device, which may be accepted with or without your knowledge.

Avoid using public Wi-Fi without a VPN setup on your device

Naturally, there are a lot of people using public Wi-Fi connections and you cannot tell whom each person is. In certain instances, a Man-In-The-Middle attack may be launched. These attacks can impact your device’s use of the internet. your transmitted messages may also be intercepted by the wrong person, while the intended recipient either gets a different message from the attacker or does not even receive any message at all.

A VPN (or Virtual Private Network) feature protects critical data on your devices. It creates a tunnel (or passage) for your connection to a public Wi-Fi, hence your connection and information transmitted are all protected . No one else in the network will have access to your data.

Forget Untrusted Wi-Fi networks

These are networks that you have connected to previously and the network credentials are still saved on your phone. When your phone is within the connectivity region of that network at any other time, the phone will likely connect to the Wi-Fi network again without any action from your part. As much as this can be good in the aspect of gaining access to a free Wi-Fi, the downside to it is that the phone is also exposed to a number of unknown users, all passing information through the same gateway path.

So if you have not used a Wi-Fi service in a period of time, and you are not certain of the recent security updates of such network, it is best advised you forget the network on your phone. This prevents your phone from automatically connecting to the network when you are within the network’s region.

Set your Device to automatically erase data upon excessive password failure, loss or theft

When taking your phone or tablet to a repair shop, it is advisable to erase the data on it. This will prevent anyone (at the repair shop) from accessing or copying your data.

You should also enable remote-wipe on your device through the Google account you use to managed your device. Remote wipe enables you to wipe/delete your phone data when it is confirmed lost or stolen.

Regularly review your apps’ permissions

When installing and setting up some app, there are permissions you will need to enable to proceed with certain actions. After some time, such permission might need to be disabled to prevent continuous access, even when they are not required. A typical scenario is the GPS permission which will continue to share your location’s details if permanently enabled on the app. Reviewing your apps’ permissions regularly will help you maintain best security practices for your device and data.

Today we carry along with us a wealth of information within our Android phones, tablets and other devices. We therefore need to be more conscious, not only about how big or small the size of information in our pocket, not only about how reliable the backup and storage solution we have in place for such information, but also about how to secure the information from getting into the wrong hands.