Security-minded people have a bit of work to do with their new Android device to make it as secure as it possibly can be. The open nature of Android allows unique customization options for consumers and manufacturers, but that comes with a few severe caveats.
Want to make sure your Android device is as secure as possible? Take a look at our ultimate security checklist for Android phones.
1. Limit Google's activity collection.
Android is an open source operating system distributed by Google. To use the Google Play Store to download new apps, you'll need to create a Google account and sign-in. Google monitors every action you perform on your phone, including app launches and searches.
You can limit what data Google collects in this manner by visiting your personal Google activity profile. Clicking on Activity Controls lets you turn off monitoring of your web & app activity as well as your location history. Keep in mind that Google Maps may not work as well if the location history option is turned off.
2. Keep your device locked down.
Most modern smartphones come with a fingerprint reader and the ability to set up a PIN. You should always set up the security features on your phone as a primary form of protection. A fingerprint reader, iris reader, and even just a basic four-number PIN can deter identity theft if your device is lost or stolen.
You can access your phone's security settings by going to Settings > Security > Screen Lock.
3. Make sure your device is encrypted.
You will need to set up a PIN for your device before you can encrypt it, but every single Android device can be encrypted. Tap Settings > Security > Encrypt phone to get started.
4. Use a VPN for your WiFi connections.
Connecting to a sketchy public WiFi service can be a great way to give a local hacker plenty of information about your device. Some unscrupulous individuals set up free WiFi service attached to packet sniffing devices that allow them access to your accounts by spoofing a security token.
To prevent attacks like this from happening, Android users should use a VPN when connecting to an unknown WiFi source. Virtual private networks act as a firewall between your device and the outside internet, masking your web presence from the outside.
The most secure VPN providers offer an SSL-secured network with 256-bit encryption. Most VPNs are available for a small monthly fee. You should make sure the service you use keeps no records from its users and has servers in your country to make the connection painless.
5. Make sure your software is up-to-date.
Every month Google releases a new series of security patches for Android that is designed to address vulnerabilities discovered by bug bounty hunters. The recent addition of Project Treble to the Android SDK is supposed to make it easier for manufacturers to update phones with these security patches. However, very few manufacturers maintain a consistent schedule.
Google's Pixel devices always receive the latest security updates each month for up to 24 months. OnePlus and Nokia have a pretty good track record of offering updates promptly. Larger manufacturers like Samsung, LG, and Motorola have been less than reliable in releasing these monthly updates.
Security conscious individuals who plan on purchasing a new Android device should keep the manufacturer's update track record in mind.
6. Do not install apps from unknown sources.
Every Android device can install any .apk file if one option is enabled. If the checkbox for Settings > Security > Unknown Sources is enabled, then any .apk file can be run on the phone. Malicious apps take advantage of this vulnerability by injecting code that will download an .apk from an unknown server and ask the user to install it.
Most users tap install without thinking about it, and suddenly their phone is infected with malware. Do not install apps from unknown sources unless you explicitly trust the source. If you have an app that must be installed this way, enable the option, install the app, and then disable it again.
7. Hide private notifications.
If you have a sensitive app installed on your phone that you don't want to display notification contents, you can disable this feature on a per-app basis.
Head to Settings > Sound & Notifications and then select what happens when the device is locked. You can show notifications in their entirety, hide the contents of the notification but show the app, or not show notifications for that app at all.
8. Review your location sharing information.
Plenty of the apps that are installed on your device rely on location information to serve you relevant details. But its also a dead giveaway in your broader data picture. In fact, fitness apps like Strava have given away top-secret U.S. Army bases with their location monitoring.
Start by tapping on Settings > Personal > Location to review which apps on your phone are using location services data. You can turn this off on a per-app basis, which should reduce the amount of tracking third-party apps can do. Keep in mind that turning off location services will limit location-based offers from apps like Google Opinion Rewards.
9. Use a private browser, email client, and messenger.
Most Android phones ship with the Chrome browser installed, but Google uses this to track how you move across the web. You can prevent tracking by using a privacy-minded browser like Firefox Focus or DuckDuckGo's recently introduced browser.
Gmail is another way that your privacy can be invaded. Google combs all of your emails from companies to suggest ads that you're most likely to click. If you would prefer not to have your email indexed in this way, you'll need to turn to an encrypted service like ProtonMail.
Messaging privacy is a significant concern for Android devices. Facebook Messenger and WhatsApp are two of the most popular communication apps, but Facebook owns both of them. Private messaging services that offer end-to-end encryption exist, but it can be hard to get friends and family to convert with you. Apps like Telegram and Signal work well for this purpose.