Android is not only one of the most flexible platforms on the market, it is also one of the most widespread. The fact that so many people are using Android suggests that more people will be targeting those devices to get at your data. So it's crucial for you to practice safe Androiding. Otherwise, precious business data could be compromised.
Fear not. There are several best practices and precautionary steps you can take to avoid a possible breach in mobile security. Here are 10 suggestions that will help ensure a more secure Android experience.
1: Set up your lock screen
This should be a no-brainer, but I'm always shocked to see how many Android users neglect to set this up. Anyone who uses a smartphone or tablet for business knows better than to leave their data out in the open for anyone to snag. But if you don't set a lock screen PIN/pattern/password, that's exactly what you're doing. This should be the first thing you configure after you've done the initial setup of your Android device. A word of warning: If you use a pattern for unlocking, always make sure you wipe your screen after usage. When you draw the pattern, you can leave behind a telltale smudge that gives the pattern away.
2: Never join an unsecure network
This also should not have to be said... but unfortunately, it does. Never join an unsecure network. I would say, "This is especially true when doing business with your smartphone," but it should really be the general rule. Yes, you will often work in coffee shops and restaurants. But if you have to do so on a wireless network with no password, do NOT transmit sensitive company data.
3: Set up phone storage encryption
This is mostly for those who are really paranoid about their data. You can encrypt the storage on your phone such that it will require an encryption password to even use the phone. This is much stronger than the standard lock screen password and is much harder to crack (because stored data is encrypted and can't be read unless it is decrypted). This will also require a lock screen password — so, in effect, you will have a two-step authentication to use your Android device.
4: Do not allow unknown sources for installation
You may find some third-party application you want to install that is not a part of the Google Play Store. In most cases, that's fine. But in that one instance that it isn't, you may well have compromised the security of your company data. It's not worth it unless you can trust that third-party app 100 percent.
5: Install an anti-malware app
Android was recently hit by a rash of malware. Even though Google is working hard to fortify the vetting process on the Google Play Store — and even rolling protection into the operating system — it's always good to install and regularly use an anti-malware app. My app of choice is Malwarebytes. I always run a scan after installing an app (no matter from where the app was installed).
6: Install and use the Secure Update Scanner
The Secure Update Scanner was created to avoid an unusual security risk (called a Pileup Flaw). Developers were creating apps that were innocuous on install and first use. But when the first update hit, malware was added to the app. To avoid this, install and regularly run this tool. And run it prior to doing an update on any app or your operating system.
7: Read the permissions listing for apps
Never, ever, ever install an app without first reading the permissions listings. Why? If you're installing a game or a simple note-taking app (one that doesn't connect to a cloud service) and the permissions listing indicates that it needs access to your contacts, your phone, and your networking information, you may well be installing a malicious piece of software. Good security can easily start with a modicum of user action. It takes only a moment to read through the listings — and that moment can save you from a world of headaches (or data loss).
8: Set up a SIM card lock
Along the same lines as the encryption of your device, you can also set up a SIM card lock so that the only way the SIM card can be accessed is by entering a user-created PIN. You will have to enter your SIM card PIN every time you start (or restart) your phone. But if you are uber-worried about data loss, the added time required to enter the SIM card PIN is well worth the security.
9: Turn off Bluetooth and hotspot services when not in use
With Bluetooth and hotspot services running, other devices can see your phone. This means you can possibly be open for security breaches. Do not leave these services running when they aren't needed. Period. Not only are they a possible security issue, they run down your battery. So turn these two services on only when you need to call upon them.
10: Turn on location settings only as needed
If there is no reason why you should leave a breadcrumb trail of your whereabouts, turn off location settings. Though this may not be directly related to your device security, it could compromise your personal security (given the wrong circumstances), which could also lead to a data breach. Turning off location services provides the added benefit of saving your battery and reduces unwanted data usage (from apps running in the background or remotely initiated by your mobile carrier).
No matter your platform, you should never take security lightly. Your data — and your company's data — is important and valuable. If it falls into the wrong hands, it could unleash a nightmare. With just a few simple steps (and a couple that are not-so-simple), your Android device will fare exponentially better in the wild.
Do you think Android is secure enough? If not, how would you improve the security of the platform?
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.