Question Maximising App Security

Spkers

Member
Mar 13, 2018
12
2
3
Visit site
Time to review how I manage access to apps and accounts on my phone.....thinking aloud:

My phone (Samsung Galaxy S20 FE) is locked with biometrics.
My online accounts are password protected and I pay for 1Password so generally have strong passwords.
I also pay for Avast Premium which should give my phone a good level of protection?

Weak points seem to be:
Email - most online accounts pswd reset via email - if my email is compromised then my passwords can be reset.
Many apps on my phone are not and cannot be locked with biometrics.
3rd party app lockers can simply be uninstalled.
The Samsung option seems to be 'use the Secure Folder' but this means just about everything would have to be in the secure folder?

Just uninstalled Outlook and Samsung Mail and installed BlueMail as it allows app locking internally, as I see it this now stops password resetting via email without my email acc password?
Dropbox and Onedrive apps have biometric protection but Google Drive app doesn't?

It all generally seems messy with no clear Android strategy for security once the phones front door is compromised.

Thoughts?

Cheers
 
  • Like
Reactions: SeeBeeEss

SeeBeeEss

Well-known member
Jan 5, 2019
518
1,006
93
Visit site
I'll have to say that I feel fairly safe and secure with Android by just following a couple of easy rules:

1. Don't give my real email address/other personal information to anyone I don't know, especially businesses (I use a throwaway email address for that).
2. Don't open links from unknown sources and be cautious even with known sources (was I expecting it, does it make sense - your family and friends may not be as security-conscious as you are and may be hacked).
3. Don't use apps outside of those found in the Play Store. Only give permissions that are necessary and limit the use of apps that ask for more permissions than they really need for the software to function. Use caution with lesser-known apps.
4. Good passwords. Multi-factor authentication for banking, government biz, etc.
5. VPN when using public WIFI or other WIFI not my own (nowadays, I pretty much use it full time rather than connect and disconnect all the time).

Fortunately, I would also be "small pickings" for the good hackers out there who have better things to do than the "mom's basement variety" of ne're-do-well.
 
Last edited:

Mooncatt

Ambassador
Feb 23, 2011
10,930
598
113
Visit site
Most of your concerns sound like they are not Android specific. For example, if your email password is compromised, then you are at risk regardless if it's Android, iPhone, or on computer. That's why the general recommendation is to change your passwords about every 6 months. That way if a bad actor gets ahold of one, chances are they won't get around to actually using it until after your next password change. A good password manager can help with this.
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
166,770
6,659
113
Visit site
I agree with @SeeBeeEss and @Mooncatt . It doesn't matter if it's Android, iOS, MacOS, or Windows -- if the front door is compromised, then a lot of everything else is compromised. So the important thing is to guard that front door. Your phone is using a biometric lock -- that's good. But also make sure that your backup PIN/password is not easy to guess, in case your phone falls into the wrong hands. Along those lines, since it seems you're extremely concerned about security, you may want to consider ditching biometric lock altogether and rely on a good PIN/password, since biometrics can potentially be bypassed by coercion or legal compulsion (e.g., police forcing you to unlock your phone using your fingerprint or face -- they can't, however, force you to enter a PIN/password).

In addition, make sure that you're the only one who handles your phone. Don't lend it to friends or family. And make sure you have either Google's Find My Device or Samsung's Find My Mobile active, so that you can quickly wipe the phone remotely if needed.
 

Spkers

Member
Mar 13, 2018
12
2
3
Visit site
I disagree with some of these points, locking your email app is significant because that allows password changes - turns out my Avast account does include an app locker and you can include itself in the locking so it can't be uninstalled. My email has a sturdy (1password generated) password and is now biometric protected for access so, even if they get in the front door, it should resist the non-software methods of hacking.

This all arose because a mates phone was hacked and they got into his email and changed his email password then used the email to change other passwords - Ebay, Paypal. Though he can't afford Avast/1password subscriptions so I'm looking at logic level protection or free options.

Dashlane do a free password manager for 25 passwords - enough for the most critical accounts. And I will test whether you can include free app lockers in their own lock list like I can with Avast.
 

SeeBeeEss

Well-known member
Jan 5, 2019
518
1,006
93
Visit site
I disagree with some of these points, locking your email app is significant because that allows password changes - turns out my Avast account does include an app locker and you can include itself in the locking so it can't be uninstalled. My email has a sturdy (1password generated) password and is now biometric protected for access so, even if they get in the front door, it should resist the non-software methods of hacking.

This all arose because a mates phone was hacked and they got into his email and changed his email password then used the email to change other passwords - Ebay, Paypal. Though he can't afford Avast/1password subscriptions so I'm looking at logic level protection or free options.

Dashlane do a free password manager for 25 passwords - enough for the most critical accounts. And I will test whether you can include free app lockers in their own lock list like I can with Avast.
You asked for thoughts, you got them and it is okay to disagree with them. We are all different and have different needs and desires. We all have to do what makes us feel comfortable, safe and secure with our devices. Do away! 😉
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
166,770
6,659
113
Visit site
I would wonder how your mate's phone got hacked. That's what I meant about guarding that front door. Getting hacked often has to do with things like falling for phishing emails, tapping suspicious links, installing apps from insecure sources, etc. I'm not trying to place blame on your friend, but realistically, it's actually pretty hard to get hacked as long as you follow some basic security guidelines:

“I’ve been hacked” - Android Forums at AndroidCentral.com
[GUIDE] How To Avoid Malware - Android Forums at AndroidCentral.com
 
  • Like
Reactions: SeeBeeEss

Mooncatt

Ambassador
Feb 23, 2011
10,930
598
113
Visit site
My email has a sturdy (1password generated) password and is now biometric protected for access so, even if they get in the front door, it should resist the non-software methods of hacking.

I think you don't fully understand how biometrics work, and it is not adding extra protection. Some would argue it's less secure, like the kid that used their sleeping mom's finger to access her phone to make Amazon purchases. Setting that up is about convenience, but your regular plain password would still work if someone got ahold of it. Hopefully it's set up with a good 2FA to prevent someone else from using it, but some options are better or worse than others.
 
  • Like
Reactions: B. Diddy

Spkers

Member
Mar 13, 2018
12
2
3
Visit site
I would wonder how your mate's phone got hacked. That's what I meant about guarding that front door. Getting hacked often has to do with things like falling for phishing emails, tapping suspicious links, installing apps from insecure sources, etc. I'm not trying to place blame on your friend, but realistically, it's actually pretty hard to get hacked as long as you follow some basic security guidelines:

“I’ve been hacked” - Android Forums at AndroidCentral.com
[GUIDE] How To Avoid Malware - Android Forums at AndroidCentral.com
I totally agree on this point, even though he denies it, it is likely he allowed access. And, yes, he went into an immediate 'this is unbelievable!' conspiracy theory spin.

But that is the reality of the average user, so (in my limited capacity) I shall try and give him some options and hopefully reduce the likelihood in the future.
 
  • Like
Reactions: B. Diddy

smvim

Well-known member
May 16, 2014
1,182
207
63
Visit site
I disagree with some of these points, locking your email app is significant because that allows password changes - turns out my Avast account does include an app locker and you can include itself in the locking so it can't be uninstalled. My email has a sturdy (1password generated) password and is now biometric protected for access so, even if they get in the front door, it should resist the non-software methods of hacking.

This all arose because a mates phone was hacked and they got into his email and changed his email password then used the email to change other passwords - Ebay, Paypal. Though he can't afford Avast/1password subscriptions so I'm looking at logic level protection or free options.

Dashlane do a free password manager for 25 passwords - enough for the most critical accounts. And I will test whether you can include free app lockers in their own lock list like I can with Avast.
You have a lot of misconceptions about basic functionality of a smartphone. You may disagree with what previous postings, but there's established facts and then there's your beliefs.

Really, when it involves email your phone does not manage and maintain your email account. That's all done online and handled by your chosen email service -- i.e. if you use Gmail, your email is managed by Google's online servers; if you use Outlook, your email is managed by Microsoft's online servers; etc.
Your phone on the other hand is NOT an email server, it's simply an email client. Whichever email app you use is just a client, it relies on whatever data exchanges with your online service. Odds with your friend, their email service was not compromised on their phone but much more likely done online. It's just not likely the phone, it's the online service that needs to be recovered. Focus on that instead. Until that gets straightened out, whatever is done on the phone is just wasting time. Phones are just single targets, online accounts have a massively higher exposure rate.
 
  • Like
Reactions: mustang7757

Latest posts

Trending Posts

Forum statistics

Threads
947,832
Messages
6,936,374
Members
3,160,890
Latest member
carlgulliver