Hardening your Android Device, Part-3

Securing your Android Phone can be accomplished in many different ways, and by catering to many different tastes, so no single way is correct, or best for everyone. I do recommend at least the following as a minimum spread on your device.  There are three main areas for security on your device, those settings which left in default mode can be a serious security risk, those apps and programs which help secure your device like AntiVirus and AntiMalware, and AntiTheft apps which can lock-down and secure your information should your device be lost or stolen.

Hardening your Settings

There are many default settings on your Android Phone that could be hazardous to your privacy and security, not the least of which is rooting or jail breaking your phone.  As a point of clarification, “Jail breaking” is a term better used to describe iOS devices, whereas “rooting” is used more to describe Android devices.  Both give you “root” access to the device, so that as the primary user you could “side-load” non-Google approved apps. There are plenty of good reasons to do this, but this should typically only be done by folks who know and understand the risks involved with going this route.  More importantly, to must users anyways, is that going this route also typically voids your Warranty through your carrier of choice, and offers a distinct chance to brick your device, etc.  Regardless, while rooting may provide you with a lot of additional control over your Android Phone, it also provides bad actors with an improved opportunity to hack into your device through malware or other code.  Securing a rooted phone is all the more difficult, so if you have already rooted your Android phone, please consider un-rooting it.

You can go through your settings on your own, or you can download some Apps that walk you through the process of checking and unchecking the various settings that need tweaking.

AntiVirus & AntiMalware

The biggest threat to your device is Malware and Virus infections.  I’m a big fan of AVAST AntiVirus, since their product is as good as or even better than some of the more common commercial software like McAfee, Norton, and ESET, but has a much better price-point: it’s free for personal use.  I’m actually using their Business AntiVirus on my laptop, desktop, and servers, and so far, it’s been great.  And it’s also free!  Likewise, their Android offering “Mobile Security & AntiVirus” is also FREE.  Sadly, if you have an AVAST family or business account that allows you to monitor your machines from the web, you won’t be able to monitor or manage your Android device remotely at this time.  Hopefully they’ll change that soon.

For AntiMalware, my best recommendation is Malwarebyte’s aptly-named “Anti-Malware for Android”.  It isn’t as tightly coded as it’s PC equivalent, so the package is a little bigger than I’d like to see, but it scans quickly and appears to be quite thorough.

AntiTheft

The theft of your device is an all-too-real possibility, one that you really should plan for.  This is truly where that old adage “Failing to plan is just planning to fail” really applies.

Since I’m already using AVAST AntiVirus and AntiMalware, I decided to try-out their AntiTheft program. This programs allows you to setup an account that will allow you to track your phone on a Map to help locate the device if you dropped it somewhere.  Alternately, if it’s in someone else’s possession, you can log into your account on another device like a PC and send them a message and lock the device, or as a last-resort you can wipe the device.  Like it’s AntiVirus and AntiMalware solutions, it is also FREE.

Another App called Lookout is a wonderful program that provides a lot of utility services. I normally would not utilize a second application to provide duplicate services, but Lookout appears to be a rock-solid app, so I’m in the process of taking it for a test drive. It also allows you to Send a message to the device, Lock it, and again as a last resort, you can remotely wipe the device.  Sadly, the folks at Lookout are looking for a $2.99 monthly fee, or $29 a year.

Remote Phone Wipe

Should your device ever be stolen, and you had chosen not to employ the services of one of the Anti-Theft apps above, don’t worry.  You can still log into the Google Device Manager Website and remotely wipe your device should it ever be stolen.  As long as your device is connected to the Internet at the time, you can remotely call, lock, or wipe the phone.

 

Enable Device Encryption/Security

Most Android devices since Android Gingerbread (2.3.x) included built-in Data Encryption.  It’s normally enabled by default on most Lollipop (5.x) devices, but you can check to ensure that yours is enabled. When you lock your encrypted device, your password or PIN (see below) functions as the key that allows your device to decrypt itself to enable you to re-access it’s contents.

Setup and use Multiple methods to Unlock your Phone

PLEASE PLEASE PLEASE Enable multiple methods to unlock your device.  Choices depend on the hardware on your device, but most allow at least a PIN and Password.  I’m also employing the fingerprint scanner for the bulk of my device unlocks. The Biometric Fingerprint scanner is by no means 100% secure, so you should treat security with multiple layers to ensure your device’s security.

If you have a Biometric Fingerprint Scanner, consider using it to act as a secondary form of verification of ID, also referred to as 2FA, or Two Factor Authentication.  This will allow you to protect such websites such as your banking website and require a Fingerprint scan in addition to using your manual entry username and password.

Make sure the device password you set is sufficiently complex to thwart casual hacking.   Don’t pick whole words, names of people or places, or use numerical codes that represent your birthday, your phone number, etc.

Again, a program like LastPass can assist you in generating new passwords for any websites where you have a profile, which can absolutely help you Harden your entire online footprint.  Consider changing the password for every website you have access to once you have LastPass installed.  It might take a few hours to accomplish, but it’s well worth it!

Only use a Trusted Installation Source

Don’t Sideload or load your Applications from an Untrusted Source, stick with Google’s Play Store.  It might be tempting to load Apps and games from another source besides Google’s Play Store, but really this option only opens you up to a lot more vulnerabilities, allowing you to install compromised Applications that could act as a backdoor for hackers to just monitor any and all of your usernames and passwords.

Bookmark the permalink.

Leave a Reply