How to protect your Android phone’s sensitive data

6 min read

Android

If you’re like most people, you store a lot of sensitive information on your Android device, whether it’s a smartphone or a tablet. This can be critical business information, banking and payment apps, or personal data, messages and photos that you don’t want the public to see.

And as with anything of value, Android devices become an attractive target for malicious actors that want to earn a few bucks or harm you financially, personally, or any other possible way. Software vendors and hardware manufacturers go to great lengths to make their products secure, and Android devices are no exception. However, some things will ultimately depend on users, and unless you don’t take the necessary measures and precautions, you’ll eventually fall victim to an irreparable hack.

Here are basic measures that aren’t very demanding, but can make a huge difference if when your Android device becomes the target of an attack.

Consider yourself a target

One of the biggest pitfalls that average users fall into is fooling themselves into thinking that hackers, thieves and cybercriminals aren’t interested in them. That’s utterly wrong. It’s true that the media covers high profile hacks such as John Podesta’s emails. But most security incidents don’t make it to the headlines.

Instead of trying to convince yourself that criminals won’t be looking for your Android, ask yourself why they should and what do you have in your Android phone that can be used against you? You’ll probably find plenty of frightening answers. The most obvious thing that comes to mind is draining your online accounts with monetary value.

But your Android smartphone or tablet might contain plenty of other things that can be of value to hackers. For instance, you might be storing sensitive business secrets that can be damaging to your company and your career. You might have personal photos and private chats that can be used to dox you or blackmail you. Or hackers might simply be looking for more trivial information, such as contact lists, birth dates, events and preferences for a bigger phishing scam they plan to stage in the future.

Patch your Android regularly

Android-patches
Source: ThreatPost

Installing updates and patches is the first advice every cybersecurity expert will give you. In this respect, Android devices are no different. You should always keep your OS up to date to protect yourself against many frightening vulnerabilities that crop up every so often.

However, the Android landscape is a bit complicated. Every hardware manufacturer has its own cycle of delivering updates. Google-manufactured devices such as Pixel and Nexus receive updates immediately after they’re released. Other OEM’s issue them with a delay of at least two 78 days.

Enable your Android’s lock screen

You take your smartphone everywhere—and leave it everywhere. As it happens, physical access is a bigger threat to your device than malware. Of course, we’re worried about the data in this post (not the device itself), so it’s important to make sure that in case your device finds its way into the wrong hands, the data remains secure.

Enabling the lock screen on your Android phone will protect its sensitive contents from pickpockets or snoopy guests and coworkers who want to peek in your phone while you’re away. And though it might not be as convenient as fingerprint of face lock, a six-digit PIN is more secure. Also make sure that the automatic lock is set to a reasonable interval, not too short to make it noisome and not too long to make it insecure.

In case you’re not familiar with the settings, How-To Geek has a comprehensive guide on Android’s lock screen.

RELATED: How to protect your password

Lock or sign out from sensitive apps

Sometimes, you intentionally let someone use your phone, such as a coworker or a stranger who wants to make a call. But unlocking your phone effectively gives them access to all your apps and the data they contain.

In order to prevent the abuse of your trust, you can lock the apps that contain sensitive data, such as your photos or chat logs. There are various apps that enable you to do this. One of them is AppLock, an application that—as the name unimaginatively suggests—locks down the apps in your Android device, by letting you put a passcode on any of your apps.

Another effective measure to prevent unwanted access to your online account data is to sign out of services that you don’t use often. This is one of my favorites, because it also has the added advantage of preventing those services from collecting extra information in the background.

Encrypt your data

Cryptography encryption

Enabling full-disk encryption will enhance the security of your Android device and protected against more sophisticated hacking schemes. This means stubborn hackers won’t be able to bypass your phone’s security by directly accessing the on-device memory, because they’ll only see encrypted content.

Enabling device encryption is very easy (Settings>Security>Encrypt Device). However it takes some time, so you have to make sure your device is fully charged and connected to a charger.

RELATED: What is encryption?

Prepare to remotely wipe your Android

Encryption will protect you from most attempts at getting access to your device’s content—but not all. Last year, after a long legal debate, the FBI was able to unlock a contested iPhone without the entry passcode or Apple’s help. The same can happen to Android phones, and if FBI can do it, other hackers can as well.

If you can’t afford the tiniest sliver of a chance that your Android phone or tablet’s content is spilled, you can remotely erase all its contents if it gets stolen or lost. Google has a find, lock and erase feature that lets you just do that. After losing your phone, you can activate Google’s erase function from its website, which will trigger the erase process if the device is connected to the internet.

The tradeoff is that you’ll have to let Google collect even more data about you and your device than it’s already doing. If it makes you feel uneasy, you might want to try these alternatives.

Only install apps from Google Play Store

As opposed to Apple, which has a locked-down and centralized business model, Android is a very open platform. This gives Android users the advantage of versatility to choose from various app stores or manually install .APK files on their their devices. But it also opens up a Pandora’s box of new attack vectors and the possibility of malicious software finding its way into those devices.

As a rule of thumb, only install applications you find on the Google Play Store. It has an extensive process to make sure submitted applications don’t have malicious code and content. But that doesn’t mean that its security defenses are perfect. Apps infected with malware and spyware often find their way past Google’s defenses, which means you should still be wary of the apps you install, and take complementary measures to prevent data leaks from your device.

Monitor your Android’s network traffic

As mentioned in the previous section, even getting apps from the safest repositories isn’t a perfect solution. One of the ways to find out if any app is exfiltrating your data is to monitor your device’s network traffic.

Android’s Settings app has a decent Data Usage section which reports on the data consumption of each of your apps. A more effective alternative is GlassWire, an app that lets you view a live graph of how various apps are sending and receiving data. It will also alert you if the data consumption of an app suddenly surges.

Uninstall unnecessary apps

android malware

Most reputable software developers put great effort to ensure their applications are secure. However, as it often happens, those efforts are not enough, and security flaws frequently crop up on some of the most popular apps, such as Pokemon Go, the mobile gaming sensation that was downloaded millions of times in the first months of its release.

The more apps you have on your device, the more likely it is that one of them has an unknown or unpatched vulnerability. So if there’s an app that you’re not using, do yourself a favor and uninstall it to reduce your attack vector.

Use a Virtual Private Network (VPN)

In the previous sections, we covered how you can protect your sensitive data as it resides on your Android device. In the final two sections, we deal with protecting your data as it leaves your device, an equally important topic.

The use Virtual Private Networks (VPNs) is an efficient way to protect your Android’s network traffic against surveillance and eavesdropping. In a nutshell, a VPN application encrypts all the outgoing and incoming information into your device and routes it through a server, preventing eavesdroppers from looking at your data or figuring out which websites and services you’re using.

VPNs are especially useful if you’re using public Wifi networks, which are vulnerable to many types of attacks that involve the theft of data.

There are various VPN services, both free and paid. Not all are equally reliable. You should especially be wary of free VPN services. Although there are some decent options out there, you should consider that “if you’re not paying for it, you’re the product,” and there’s a likely chance that they’ll be collecting your data for their own commercial purposes. Two paid VPNs that I personally recommend are F-Secure’s Freedome VPN and NordVPN.

Turn off unnecessary connections

This is a general tip that applies to any kind of networking device. Disable unnecessary connection features. On your Android, if you’re not using Wifi, disable it. The same goes for Bluetooth. Both have known vulnerabilities, and probably some that are still unknown. Often times, these vulnerabilities can be exploited silently, without you ever taking note.

There’s no such thing as absolute security, but it’s fair to say that these tips will make much safer and harden your Android against most known attacks. And given the amount of sensitive and personal information you store in there, it’s not a small thing.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.