If you follow tech news, you’ve probably come across the many horror stories about the massive proliferation of Android malware, which is reported to have grown 300% in the last three years. At one point, some experts believed that 97% of all mobile malware was against Android, although Google claims to have cut this in half recently.
There are two things that make Android vulnerable, and they are the same two things that make PCs so exposed – they offer an open software development environment with great freedom in how you publish software, and the operating system was offered by many hardware vendors. Contrast this with the tightly controlled iPad and iPhone and you get the picture.
But one of the things that make Android vulnerable – the open software development – is one of the reasons why many people would never jump ship to another mobile OS. So what’s a loyal Android user to do?
Some steps you can take are behavioral, and a few others are technical.
Get acquainted with your phone settings
You should understand your Android security options, part of which involve becoming intimately familiar with options and settings. Sticking with defaults could be a recipe for disaster. Security isn’t always broken remotely by hackers. Just as often losing your phone or having it stolen is the cause of the breach. And the result is the same – the hacker can access your data, passwords, apps, and even pose as you.
Password your phone
Make sure your screen locks when not in use. This way if someone picks up the phone, they’ll have to somehow crack your hopefully secure password. Just like with your PC, a strong password is the answer, and don’t use the same password for other apps. If your smartphone password is cracked, you don’t want the hacker accessing your other programs. Some phones are also equipped with a fingerprint reader, and that is probably even more secure than a password. Keep in mind as well that on most fingerprint enabled devices, offer also a backup password option to prevent cases where you are locked out of your phone in case your fingerprint gets ruined (burns, cuts). Make sure that this backup password is also secure.
Use trusted app sources
Malicious apps are a key way devices get compromised remotely. Only use trusted app sources such as Google Play, and whenever possible, check out reviews and comments to see if there are any problems. Also keep in mind that when an app is too good to be true, it probably is. Never trust applications that claim to provide additional features beyond your phone’s capability.
When installing an application that you might have doubts about, make sure that you review the application permissions during the installation process. If you notice that the application is requesting way too many permissions for its intended purpose, we’d suggest finding an alternate application or investigate further.
One things malicious apps can do is corrupt data. The answer? Have a backup. There are many applications that you can use to keep your phone’s content backed up. Run a search for “top android backup apps” to find the app that works for your needs. As for photos, Google offers its own photo app with unlimited free storage.
Encrypt your data. With Android, you can go to the security submenu and choose to encrypt the data (Settings > Security > Encryption in Jelly Bean). This is especially helpful against remote attacks and if your phone is ever compromised you can rest a little easier knowing any sensitive information is in cipher text.
Beware of the open network
It is tempting to log onto any Wi-Fi network available to save on data charges, but not all open networks are secure. One recent exploit used compromised Wi-Fi nets and the hack went after Android’s SwiftKeyboard (the touch screen typing app). Devices were infected during SwiftKey software updates, and only when the software was updated over a compromised network. If successful, hackers could then use elevation of privileges to run malicious code. One quick fix to this is to disable SwiftKey.
Update is your friend. Update doesn’t just give you new features, they roll in fixes and patches as well. Learn the ins and outs of updating, and do it frequently, and when you hear a tale of new malware, look out for the patch and protect yourself immediately.
Stagefright is a relatively new exploit that uses MMS messaging to infect the device and allow hackers to control it. The answer, though imperfect, is to limit MMS (simply turning the feature off when possible is a quick and dirty approach to any exploit which attacks a particular feature). To limit MMS you stop it from auto retrieving. Start by going to your Messages program, launch settings, click on advanced or multimedia messages, and turn off auto-retrieve.
Last but not least – Android Device manager
It’s unfortunate that devices can get lost or stolen (quite easily), and if this happens, you could be thanking the few seconds of effort used to install the Android Device Manager. This application helps you to trace your phone’s location via its own portal at https://www.google.com/android/devicemanager and if the phone is totally un-recoverable, you can also run a Lock & Erase. At least, whoever stole or found your device, will not have access to your data.