Sign up to our newsletter
The latest security news direct to your inbox
“Trojan-ized” apps and dodgy online stores aren’t the only risks Android users face. Android comes with many great, built-in security features – but these often aren’t enabled by default.
Many people leave Android phones and tablets “open” to criminals – both the cyber variety, and the ordinary, non-cyber kind. Even apps such as Dropbox can be a “way in” to your private data – and a disaster if a handset is lost, stolen or infected.
These tips should help you avoid some common Android pitfalls – and keep your device (and data) safe.
Don’t “bring your own disaster”
“Bring your own disaster” has long been the jokey term for the trend for “bringing your own device” to workplaces. If you are using an Android phone for work, and have sensitive information on it, don’t be the “disaster” guy. Encrypt your phone – that way, sensitive data should be safe. Thankfully, it’s easy to encrypt your device in Android’s own settings menu – Settings/Security/Encryption – in an option available since Android Gingerbread 2.3.4. Choose Encrypt Device and Encrypt External SD Card, then wait while the device crunches your data (this takes a while). After that point, your data is PIN-protected. This will slow your device, though.
Don’t forget to double-lock
Not having a PIN code on Android is like leaving your front door open – but if someone does crack the code (sometimes possible simply by turning a handset sideways and looking for greasy finger marks, or by using an ingenious robot), you can lock them out of important data anyway. Free apps such as App Lock allow you to put PIN codes on individual apps (such as Gmail, or Facebook), adding an extra layer of security, and giving you time to change passwords.
Don’t forget where you put your stuff
For a determined cybercriminal, the average Android handset is like a candy store filled with information that could be used to craft identity theft attacks. Even if you have locked your email – if your device is lost, use Gmail’s PC-based security system to sign the attacker out, under Account Activity on the main Gmail page, then select “Sign Out All Other Sessions” – you could still be handing out valuable infromation. Dropbox is a particular risk – do you keep documents in there? PIN lock it if possible. Don’t save passwords in your web browser. Don’t keep email addresses, or banking details in any note-taking app. Lock your Google Drive.
Don’t fall for text scams
Recent reports have highlighted how easy it can be to “fool” an Android device into accepting a Trojan-ized app – which remains the main way for criminals to inject malware into Android devices. But SMS scams are still a risk, says ESET’s Cameron Camp. “Got a text that says your mobile device will soon be subject to certain doom? Check the link before you tap, it might send you on wild chase through rogue websites trying to scam you,” says Camp. “Malware posing as security apps, also known as “scareware”, are some of the most pervasive scams on Android in recent months.”
Always have a backup plan
Many Android phones have tracker software and back-ups built in – Samsung’s Galaxy handsets, for instance, offer this as standard, as long as you sign up for a Samsung account. This can allow you to track a device if it is stolen – or find out, happily, that it’s lost behind the sofa rather than in some criminal’s den – and to retrieve crucial information (or delete it to prevent it falling into the wrong hands). “If you lose your phone or it becomes damaged, have a way to retrieve your contacts, files and other personal information,” says ESET’s Cameron Camp. “There are apps, such as My Backup Pro and Super Back up, that back up your data in case it happens to you.”
Author Rob Waugh, We Live Security