Android Smartphone Security, How to Securely Use Your Android Smartphone

Posted on the 04 November 2011 by Safegadget_com @safegadget

Google’s Android operating system powers many popular cellphones including the popular Samsung Galaxy 3. Most Android Smartphone users do not think very much about security.

Why is Android more susceptible to attack?

  • Open nature of Android system
  • Multiple App stores
  • Apps are not checked

The Android Smartphone is part of Android’s open ecosystem, making viruses and malware more possible than closed platforms like the iPhone. As the Android Smartphone has grown in popularity, the smartphone has become more of a target by hackers and criminals. The DroidDream and Plankton Android malware infected over 250,000 phones before anyone discovered their malware. Google removed over 58 malicious apps from this single malware. A recent survey has shown that only 30% of Android Smartphone users installed security software on their phones. Malware can grab private data or use the phone to communicate externally.


Carrier IQ is a controversial piece of software that can show you what certain Android phones and spyware can do if the carriers allow it.

It is important that Android Smartphone users immediately become more vigilant about smartphone security. Our tutorial covers the Android Smartphones running most versions of the Android operating system.

1. Android Smartphone Software Updates

Google upgrades the Android software for the Android Smartphone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Contact your smartphone vendor for the latest Android software update to your handset.

If you Root your Android Smartphone, you need to be extra careful with regards to security as updates are much more difficult for you. Be careful where you obtain your Android Apps as malware is much more prevalent. Rooting also exposes your device’s internal hardware to software much more so than normal. This is the equivalent of running your PC as Administrator.

2. Android Smartphone App Security

Apple’s App Store reviews all submissions before adding them, but Google does not review Apps added to their store. Google does run a security scanner on apps to ensure that they do not include known malware. There have been several occasions where Apps containing malware have entered the Google play formerly known as Android Market.

Apps are prone to security vulnerabilities that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. To update applications do the following:

  • Tap the Notification menu at the top and drag it downwards. If there are App updates available, they will be shown
  • Tap on App updates to bring you to Google play formerly known as Android Market
  • Tap the App to be updated
  • Repeat the process for all Apps

Google has the ability to remotely remove malicious apps from your Android Smartphone. This is NOT true if you buy from 3rd part App store.

When installing new Apps, we suggest you install well known Apps from Google play formerly known as Android Market or Amazon App Store with positive reviews, and avoid brand new Apps from unfamiliar companies, and unofficial 3rd party App stores like mmoovv.com or samsunggalaxy-s.ru.This becomes a problem when the official App Market is blocked, such is the case in China.

It is fairly easy to repackage free Apps into a clone of the App. Repackaged Apps that also include Malware or Spyware have been encountered on 3rd party Android Markets. Free pirated versions of paid Apps are also found on 3rd party sites. Download only from the official App Market and give new Apps time to build trust and to allow others to help test the App for malware and security risks.

Users also need to be aware that scareware where apps are displaying advertisements for battery saving apps have been tied to malware. If the user taps on the ad, your phone’s browser launches and proceeds to download the apps file. These apps could endanger your privacy by stealing your address book, or cause money to be withdrawn from your accounts via costly phone calls or SMS messages.

3. Suggested Android Smartphone Settings for Security

Below are several suggestions for Android Smartphone settings to increase security on the smartphone. If you use swipe patterns to unlock the phone, make sure you clean your Android devices’ screen regularly.

Enable Passcode

  • Open Settings
  • Select Security
  • Select Screen Lock
  • Select Password
  • Enter a Passcode – Do not select an obvious passcode like 1234a or 1111a

Encrypt your Android Smartphone and require a PIN or password to decrypt it every time you power it on. It takes an hour or longer to initially encrypt your Smartphone. This requires a full battery or the phone connected to a charger.

  • Open Settings
  • Select Security
  • Select Encrypt phone
  • Click Encrypt phone

Lock SIM card makes your phone require a PIN before becoming enabled.

  • Open Settings
  • Select Security
  • Select Set up SIM card lock
  • Select Lock SIM card

If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.

  • Open Settings
  • Select Wireless and Networks
  • Uncheck Bluetooth

Backing up your Android Smartphone regularly is an important task. If you have a rooted Android Smartphone use the ROM Manager and Titanium Backup root and MyBackupRoot. Regular Android Smartphones need to pay for backup Apps like MyBackup Pro. There are free Apps to backup individual areas like SMS, images, or Applications.

4. Android Smartphone Email Security

It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers. Most major email providers automatically activate SSL if you let Android setup your email account.

If you are setting up a new email account, make sure that you have enabled SSL or TLS in the Security type field for both the incoming and the outgoing mail server.

To check an existing Mail Account for secure SSL access, do the following:

  • Open Email application
  • If Combined Inbox is shown, Select a mail account by tapping Accounts then Select the email account. Otherwise, hit Menu then Account Settings
  • Check Incoming settings and Outgoing settings
  • Examine the Security Type field
  • Verify that it is not set to None

If it is set to None, check with your email provider to verify their SSL support and enable it if possible.

Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.

APG – public key encryption for emails and files.

5. Find a Lost Android Smartphone, Erase a Lost Android Smartphone

Lookout has a Free App called plan b that helps you find a lost Android Smartphone by showing it on a map. This free service is a life saver and should be one of the first items installed. Some similar Apps include:

  • Android Lost – Locate, wipe, lock, take pictures, and much more
  • Lost Phone – On your lost phone: Lock, locate, set ringer volume to max
  • MobiUCare - Find, lock, wipe, and more
  • Prey - Open source, cross-platform, lost phone or tablet protection
  • Wheres My Droid – Find your lost phone, password protection, notification of changed SIM card. Paid Pro version includes remote phone erasing

When you lose your device utilize the lost device App you installed. If you cannot access the device, make sure you contact your Wireless carrier so they can disable the device. If you recover your Smartphone, make sure you change all passwords.

Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your Android Smartphone is lost and password protected, people could still contact you. Alternately you could install Phone Found App.

6. Using WiFi securely

When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the Wi-Fi network is secure, we would recommend against connecting to it.

If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

The Android Smartphone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the Android Smartphone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the Android Smartphone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The Android Smartphone is very good at transparently switching from a cellular data network to a Wi-Fi wireless network. You can turn off Wi-Fi auto connect by the following:

  • Open Settings app
  • Choose Wireless & Networks
  • Select Wi-Fi Settings
  • Uncheck auto connect

When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your Android Smartphone’s traffic through a secure server. There are many paid services that sell VPN access.

Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.

7. Secure Browsing with Android “Browser”

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection i.e – https://www.google.com

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

8. Careful Link Clicking and Attachment Opening

As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Android Smartphone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.

Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.

9. Android Smartphone Free Antivirus and Internet Security Software

Android Smartphone anti virus software is available and highly recommended because of the open Android Market for Apps. Be aware that fake anti-malware Apps have appeared, so stick to brand name antivirus Apps.

Antivirus Free – free antivirus App for Android

AVG Antivirus – free mobile security and antivirus App for Android

DR. Web Anti-virus Light – free antivirus App for Android

GuardX – free antivirus App for Android

Lookout - free mobile security and antivirus App for Android

Norton Mobile Security – free mobile security and antivirus App for Android

Webroot Secure Anywhere Mobile – Free Mobile Phone and Tablet security antivirus protection.

Android Smartphone security Apps

Orbot: Tor on Android – Enhance your privacy, break through firewalls and communicate more safely.

WhisperCore - Encryption and Firewall App for Android

10. Android Market Password and Payment Option

You can delete the payment information in your Google account after making a purchase. You must have a payment method in order to make purchases or make refunds. If you are very cautious, remove payment information when you do not anticipate App purchases.

11. Malicious QR Codes

QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.

12. NFC – Near Field Communication

NFC has been touted as using your phone as a contact-less credit card.  It is being hyped up by smartphone manufacturers as well as credit card firms.  This technology opens up a new way of hacking your credit card info.  TURN IT OFF and avoid it.  This recent Defcon presentation shows how a security researching skimmed a NFC credit card and used it.

To disable NFC on the Samsung Galaxy S III and other phones:

  1. Tap Apps
  2. Choose Settings
  3. Scroll down the screen and tap More Settings
  4. Uncheck the NFC box
  5. Close the Settings app

13. Avoid Huawei and ZTE Android Smartphones

These Chinese companies are drawing a lot of attention. Congress suggests people avoid their products due to possible suspicious equipment behavior.

We have covered many ways to improve your Android Smartphone security. Utilizing our tips will help significantly improve the already good security of the Android Smartphone.