Android security and privacy

thinkinfinity

Member
Sep 28, 2015
9
0
0
This is a simple question and I would be very happy to get clear and detailed explanations from experienced users, techy savy people or even IT Security specialists.

How to lock down, tighten and harden an Android phone?
I would like my phone to be as private and secure as possible, as well as safe from viruses, rootkits and all other exploits that affect (other) phone OS.

Either on the pc or the phone, I have always considered the browser to be a very vulnerable part of the OS along with many other things.

In today's world, I don't believe any pc or phone OS is 100% secure and virus free.
However there are steps that can be taken to minimize the damage, in case of an attack, or at least to try to prevent/stop it.

I might post this question on Android Central, Apple iPhone Central, Windows Phone Central as I believe answers could help educate users on better protecting and securing their personal information and their device.

Thanks for helping newbies learn the good habits.
 
1. Use some sort of security on your lock screen. Password, PIN, gesture ... Pick one. Use it.
2. Don't install apps from outside Google Play or Amazon if you can at all help it. (And you probably should be just fine with those two.)
3. Don't leave the "Unknown sources" button turned on. (This goes hand-in-hand with No. 2.)
4. Don't root your phone if you don't need to.
5. If you get a text message from someone you don't know, don't click on any links therein.
6. Careful with links in emails, too.
7. If something feels weird, ASK! Lots of folks in the forums here are happy to help out. There are no dumb questions.

That about cover it? :)
 
I think the number one security tip is don't do stupid things. A couple of neighbors and I were sitting outside of our building recently and a phone came flying through the air and landed near us. We couldn't figure it out. It was a Galaxy Note, now smashed up from hitting the ground. I was able to pull the SD card out and went browsing through the files. If I was the nefarious sort, I could have really wreaked havoc on the owner. I found photos of debit and credit cards, front and back of cards, checks, account numbers, wifi passwords, copies of professional licenses and drivers license, social security card, basically everything I needed to totally own this guy's identity. Contacts files, everything.

I managed to track the guy down and called him up to come retrieve the data... Along with a lecture about how much damage I could have done were I so inclined. Long story short, if you're going to keep sensitive things on a device you may lose or have stolen, use basic tools. Encrypt your storage. Don't keep sensitive materiel where it's easily obtained. If you back up your photos to a web service, make sure it uses https encrypted transmission of your photos. Use Android Device Manager or another security service to remotely locate and wipe your device. I really like Sophos' Android security, it even sends me a text with the location before the battery dies (I use Google Voice, so I can get sms on my PC).

And just where did the flying phone come from? Turns out the guy was taking one of those introductory flying lessons, and stuck his phone out the window to take pictures when the wind "grabbed it". Who knew a plane flying at a hundred twenty miles an hour might have wind outside??:p
 
I think the number one security tip is don't do stupid things. A couple of neighbors and I were sitting outside of our building recently and a phone came flying through the air and landed near us. We couldn't figure it out. It was a Galaxy Note, now smashed up from hitting the ground. I was able to pull the SD card out and went browsing through the files. If I was the nefarious sort, I could have really wreaked havoc on the owner. I found photos of debit and credit cards, front and back of cards, checks, account numbers, wifi passwords, copies of professional licenses and drivers license, social security card, basically everything I needed to totally own this guy's identity. Contacts files, everything.

I managed to track the guy down and called him up to come retrieve the data... Along with a lecture about how much damage I could have done were I so inclined. Long story short, if you're going to keep sensitive things on a device you may lose or have stolen, use basic tools. Encrypt your storage. Don't keep sensitive materiel where it's easily obtained. If you back up your photos to a web service, make sure it uses https encrypted transmission of your photos. Use Android Device Manager or another security service to remotely locate and wipe your device. I really like Sophos' Android security, it even sends me a text with the location before the battery dies (I use Google Voice, so I can get sms on my PC).

And just where did the flying phone come from? Turns out the guy was taking one of those introductory flying lessons, and stuck his phone out the window to take pictures when the wind "grabbed it". Who knew a plane flying at a hundred twenty miles an hour might have wind outside??
LOL. Great story.

I thought this was going to be a moronic post trying to better our beloved leader Phil's advice...
and I was going to chastise you for looking at the information. But you were right to do what you did.

That could have killed you.
He opened the door / window of a Cessna to take photos and yet could still work a Note 4, and stay in the air without killing the instructor.

Anyway, Welcome to Android Central.

Give us some more!
 
@PhilNickelson: Your list is very similar to my list of security practices, which I've posted a few times. We think alike about this! Here's my list (slightly changed since last posted):

Security is not an app. It's a habit. No app is a security 'solution'. But it's not hard to keep your phone secure. Android is a pretty secure system by design. The biggest security risk to Android is Android users. Or, Android users can be the biggest security asset.

1. Use a password or pattern lock to keep people out.
2. Be very careful where you get software. Use only reliable, trustworthy sources, basically the Play store and Amazon.
3. In Settings > Security > Device administration leave Unknown sources disabled. If you must enable it to do an install don't forget to disable it when done.
4. IMHO antivirus is kinda worthless. Instead of antivirus apps install Common Sense. Use it at all times. That is the most effective protection.
5. Do not root the phone unless you have the knowledge and willingness to do the firewalling and other work necessary to secure a rooted device. Rooting breaks basic Android security features such as user permissions and sandboxed apps.
6. Pay attention to permissions requested by apps during installation.
7. Use 2-step authentication. I admit I don't, but you might consider it.
8. Use Android Device Manager or a similar app to locate, remotely ring, lock or wipe data on the phone if lost.

Follow these simple steps and you will have no problems.

@thinkinfinity: In addition to the steps above, you can:

1. Encrypt the phone. My Nexus 6 is encrypted and does not suffer from poor performance because of it. You'd never know it if not told.
2. Use a secure browser. For example, Firefox has a Private Browsing mode, a wide selection of blockers, phishing and privacy protectors, etc. Some other browsers have special security features.
3. To take secure Browsing a step further, use Orbot, which is Tor for Android. When you install Orbot it includes the Orweb browser, a specialized version of Firefox. Gibberbot is instant messaging on Tor.
4. If not Orbot, use a VPN with a secure browser.
5. Rooting breaks security on the phone somewhat. To secure the phone, install iptables and configure firewalling. I use AFWall+ for this. Here's a link to an excellent, very interesting and informative thread about firewalling and security for rooted devices. A MUST read for those interested.
http://androidforums.com/index.php?posts/7050355
6. Use an app locker, password protect files, etc.

There's even more you can do, the list could certainly get longer. You can go crazy on paranoid security stuff. And of course there's the Blackphone, or the ultimate, the Granite phone.

Personally, I don't let paranoia take over my life. I freely use a lot of Google services, cloud storage, etc. I just keep privacy settings under control and go. But do what makes you comfortable.

Android since v1.0. Linux since 2001
 
Last edited:
Thank you everyone for your wise and detailed replies. I really hope it will help and educate people on keeping and protecting their personal information more private and more secure.
 

Forum statistics

Threads
958,669
Messages
6,977,421
Members
3,164,118
Latest member
Michaelstech008