Smartphones

Android smartphone security primer

Jack Wallen believes that a smartphone's security is proportionate to how intelligently it's used. Here is some basic security information for your Android device.

I've been getting massive amounts of emails about Android security. Many users are interested in migrating over to the platform but want to know that their data will be safe (and how to ensure this). So, I thought it would be wise to introduce users to the ins and outs of Android security. Since smartphones often contain fairly important data, it's a good idea for people who use the platform to know how to keep that data safe.

The very basics

The basics of securing your smartphone means, at the minimum, establishing a PIN or pattern that's required to unlock it. This is the easiest way to make sure that no one can get to your data. I've already covered creating a security pattern in my article "Travel with your Android mobile without losing your mind (or bankroll)." But don't think for a second that a pattern is enough security for your phone.  Fortunately, the Android platform offers plenty of ways to dig deeper into security.

Once you get beyond the lock screen, there are certain aspects of the Android phone you should know about with regards to security. Let's go over them.

Permissions

One of the issues with Android is that every application installed (or to be installed) must have access to various services on the phone. For example (I'll make this glaringly obvious):

  • Installing the Android Facebook app will require access to network, location, contacts, storage, system tools, hardware control, and phone calls
  • Installing Netflix for Android requires access to storage, system tools, phone calls, and network communication

Now, where this gets tricky is when you find a live background you want to install that requires access to system tools, contacts, and phone calls. Ask yourself this question: "Why would a live background need access to contacts or phone calls?" They shouldn't. At that point, it should be clear that the application should NOT be installed.

If you're curious about permissions, take a look at the web-based store where you can view the necessary permissions of all applications.

Use secure credentials

Another setting that some users may not be familiar with is "Use secure credentials," which allows applications to access secure certificates and other credentials. I would certainly not recommend enabling this feature. On the Samsung Galaxy line of phones, you can find it Menu | Settings | Location and Security. Make sure it's unchecked. I would think twice about installing any application that requires this feature to be enabled.

Viruses

This issue is quite the sticking point. There have been a lot of warnings about various viruses plaguing the Android phone. Some of these are real, and some are not. Many of them are Trojans inside rogue applications. These "viruses" have spawned a number of anti-virus tools for Android, and most of them are worthless. Since the only way a virus can enter a device is from within an application, a bit of caution on the end user will go a long way.

Encryption

Finally, I always like to tell users that if you have sensitive data you must carry with you on your mobile device, I highly recommend using a user-friendly tool called NoteEverything Pro. The reason I suggest the Pro version is because it adds encryption to the note. Yes, you can download many other third-party applications to add encryption to your notes, but NoteEverything Pro is the app that works best for me.

Avoid

There are two features I highly recommend that you avoid. As I've already mentioned, avoid anti-virus, since you'll be a smart Android user and won't install any and every application you see. The other feature to avoid is the SIM lock. Although it's a good idea, if it fails, you'll wind up with an unwanted trip to your provider for a new SIM card. You only get three chances to enter your SIM lock, and when you fail, you really fail. Besides, if you lose your phone, you're going to be contacting your provider to have that SIM disabled anyway.

Draw your own conclusions

When people tell me that they're concerned about the security of Android smartphones, I have to wonder how secure they were on their previous device. We live in a very mobile age, and that mobility has a price. Phones can be stolen, numbers can be hijacked -- nothing is truly safe. But as far as Android security versus any other security? I honestly believe that there should be no more concern using Android than an iPhone or any other platform. As a general rule, the device's security will be proportionate to how intelligently the phone is used.

Also read:

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

2 comments
mikewor
mikewor

If you lose your phone and don't notice it for just 2-3 hours, or if it takes that long to contact your Operator to block it, the bad guys can run up a bill of $20 000 to $30 000!! I kid you not. They operate as call aggregators and will route vast numbers of international mobile calls through your SIM. So I recommend you ignore Jack's advice and DO set your SIM lock

Editor's Picks