Ten Simple Tips for Android Phone & Tablet Security

As a REALTOR®, losing your Android smartphone or having it stolen is a bad scenario. You may be storing private or sensitive client information on your phone or tablet, and losing control of that information is not something you would wish.  You can lose possession of the phone and the data on it; you can also lose control of the data when a hacker swipes it using the Internet. Here are some tips for using Android smartphones that can reduce your information security risk.

1. Stay Up To Date

It’s important to keep both your Android operating system and your apps up to date. You will be prompted when updates are available; don’t delay installing them. As well as adding new features, new versions of Android and apps often fix security issues. New Android security features will be discussed in the tips below. Check to make sure you’re using the latest version of Android, “KitKat” (version 4.4).

Some of the tips below will depend on you having access to its security features, and the illustrations and instructions that follow reflect those versions. But, many of the features are there in earlier versions – you may just have to search to find them.

To find out what version of Android you have, select “System settings” from the main menu; then select “About phone” (or, on a tablet, “About tablet”). Your Android version will be listed.

To see if a more recent version of Android is available for your device, click on “System updates.” Your phone carrier may not yet have the most current version of Android ready for you, but if your phone does not offer an official update, be patient. Do not follow advice to “Jailbreak” your phone or download unauthorized versions of Android. Always use the normal “System updates” process.

About Android Android-Version-Number - PNG

2. Use Android’s Screen Lock, Encryption & Owner Info Security

The screen lock and encryption settings help prevent someone from accessing your information if you lose your phone or tablet. These features are built into the latest versions of Android.  From the same “System settings” screen as before, choose “Security & Screen Lock.” There are a lot of important settings on the screen, but we’re focusing on three:
Android Screen Lock, Owner Info, and Encrypt Phone Menu Items

The first setting is “Screen lock.” Click on this to set up a PIN or Password that will be needed to use your phone. Don’t choose an obvious pattern like “1234” or “1111”.

The second setting is “Owner info.” This lets you enter information to be displayed on the lock screen, so someone can know to whom to return the phone if it is lost. Some people also keep a business card in their phone case, though people may not find it unless they look for it.

Android Owner Info

 

The third setting is “Encrypt Phone.” On the next screen, for some Android models, make sure both “Memory card” and “Device data” are checked. There is one downside to data encryption: while stopping “bad guys” from reading what’s on your Android device, it may, depending on device model, also make it impossible for you to connect your phone to a computer with a cable or remove the memory card and access photos and images. The only way to access your files will be to share or email them, and that may not be feasible for some larger files.

 

3. Take Care When Downloading Apps

You may see a notice on a website or receive an email or text message – sometimes from a friend – inviting you to download and install an app on your device. This can be risky! It is less risky to download apps from Google Play, where Google works to block and remove malicious applications.  If you download an app from an unknown source, a message should appear asking if you want Google to scan the file. Select “OK,” but note that this “on the fly” check is not going to mean your download is risk-free.

Even if an app is listed in Google Play, it is still not risk-free. Always look at the app’s publisher carefully; there’s at least one example of an unauthorized app being uploaded with an MLS®’s name in the title. Also, when you are installing an app, it will list the permissions it requires. Always read through this list to see if it makes sense. For example, an app that says it will provide weather forecasts should not need to access your contacts, read your text messages, or access your camera. An app requiring excessive privileges should be suspect.

The best security practice when it comes to apps is to install as few as possible. The more apps you install, the more chance you’ll run across a malicious one.

4. Install a Mobile Security App (Anti-virus / Anti-malware)

Sometimes, despite your best efforts, malicious apps can find their way onto your mobile device, and mobile security (anti-virus / anti-malware) software is your last line of defense.  Reputable vendors for such software, available from Google Play, include but are not limited to:

  • Avast!
  • AVG
  • Lookout
  • McAfee
  • Norton
  • Sophos
  • Trend

As mentioned previously, take care to ensure you are downloading legitimate software. Check the publisher name carefully, along with user reviews.

Also, always remember: none of these programs provides 100% protection against all malware.

5. Find, Ring, and/or Data-Wipe your Errant Phone or Tablet

Google added a great security feature in Android 2.2 called “Google Device Manager,” which lets you locate, ring, or data-wipe your lost phone or tablet. To make sure it’s configured properly, click on “Google Settings” in your big list of apps, then “Android Device Manager.” Make sure both boxes are checked to allow for remote location and factory reset.

 

Google Settings App: Device ManagerAndroid Locate and Erase Screen

 

If your device is tied to your Google account – most are when set up at the store – and you are logged in, this configuration allows you to visit https://www.google.com/android/devicemanager (or Google “device manager”) and locate, ring, or data-wipe your lost phone or tablet.

Remote Control for Android

 

The only downside of this setting is that, if your Google account itself is compromised, the hacker can erase what’s on your mobile device. Some people choose to enable these types of features, where available, using separate mobile security apps instead of using the Google feature.

6. Do Not Save All Passwords

Some websites and apps allow you to save passwords on your mobile device. This can be a great convenience, but it also is a security risk. While setting a device PIN or password and enabling encryption decreases the risk when your phone is lost or stolen, if someone grabs your phone while it is unlocked, they can access those services for which you have saved passwords. Carefully consider this risk before saving passwords that provide access to your banking information or to clients’ personal or financial information.

Do you want Chrome to store your password until someone steals it?

7. Secure Your Network

Is there a “bad guy” watching what you do over the network? To reduce that risk, do not use unencrypted Wi-Fi networks (look for the “lock” symbol at right and the word “WPA2”), networks run by people you don’t know, or networks that may allow fellow users that you don’t know and trust. You should be aware that there are various ways of intercepting cellular traffic, and you cannot be assured of the security of your data or voice transmissions. Though some forms of cellular communications are encrypted between your device and the base station (cell tower), hackers have tricked mobile devices into using their bogus base stations instead of the cellular provider’s and intercepted both communications and data. The only way to protect data if you choose to use an insecure network is to use a “Virtual Private Network” (VPN). This is something that may be available via your office’s firewall, and you will likely need the help of a technical person to help set it up.   There are also third parties offering an encrypted VPN-like connection via installation of their installed app, though one must be careful in choosing such an app, since the provider may be able to see your sensitive data.

Secured WiFi Networks

8. Secure Email and Web Browsing

Another layer of protection against someone seeing what you are doing online and accessing your accounts is to use encryption in your web browser and email software. In the case of web browsing, the website must support secure browsing via “https” (TLS protocol, replacing SSL) and in the case of email, the email server must support similar encryption – something to coordinate with your email provider.

 

HTTPS Web and Email

 

9. Back Up Your Android Phone or Tablet

If the worst should happen and you lose or damage your device, ideally you can restore your data from backup. Each kind of Android device has different settings in unique places, depending on the manufacturer, model, and carrier. For example, some Verizon devices have a “System Setting” called “Backup Assistant Plus” where backups for contacts, pictures and video can be configured. Meanwhile, those on Rogers might install and configure the “Rogers Mobile Backup” app. Some carriers’ backup software has an “automatic restore” feature. Be cautious about enabling this, because if you don’t disable it before wiping and getting rid of your device, the carrier may accidentally restore your data after you have recycled the device.  Some people avoid the carrier’s backup software and use third party software such as Google’s or other vendors’ installed apps. Usually the store where you purchased your device can walk you through the options, but choose and use something to back up your data, or one day you may lose it, due to loss, theft, or hacking.

Sometimes backup settings are located in the “Privacy” area of “System Settings”:

 

 

Android Backup Menu ItemAndroid Backup and Restore Screen

 

10. Discarding Your Android Phone or Tablet

Before discarding your mobile device, always remove the “Backup account” set from the screen shown above, and use the “Factory data reset” on that same screen.

Some Parting Words

There are many possible settings and practices to decrease the likelihood that your Android phone or tablet will be compromised – this article is just a starting point for individuals and the small business audience. Nonetheless, if you follow at least these ten steps, you will have substantially decreased your risk and improved your chances for recovering quickly from an incident.