Android Security- How to secure your Android based devices

The open source Android operating system has exploded in popularity and Android is the world’s largest platform for smart phone devices and the growing tablet market. Android market is the central location for purchasing applications compatible with the devices and there are hundreds of thousands of applications already available.

The current version of Android is v2.3 but you may notice that your Android based device is operating at a lower version then this. It should be noted that unlike an Apple device which controls the distribution of operating system/firmware updates centrally Android updates are issued by the vendor providing the device you purchased. That means you will not be updated to the latest version of Android until your service provider certifies the update and rolls out the update to you on a scheduled basis.

Android Device Security Tips

1. Set a screen lock to help prevent unauthorized use of your Android based device. If you do not set a screen lock you greatly increase the chances of unauthorized use especially if your device gets lost or is stolen. For android based devices you have the option to set the screen lock by drawing a pattern on the screen (for you creative types), choosing a pin, or choosing a password.

To configure: From home screen > menu > settings > location & security > Set up screen lock and choose between Pattern, Pin or password.

2. Turn off the location based Latitude service if you desire increased privacy. The Latitude option is useful for various applications or if you intend to use GPS based features but if you do not want people to be able to determine your location or do not use these features you will want to disable Latitude.

To disable Latitude: Open Latitude touch your name edit privacy settings

  • Detect your location – Uncheck this option for privacy
  • Hide your location – Check this option for privacy
  • Turn off latitude – Check this option to disable the entire location based service

3. Tether at your own risk. Android based devices allow you to “tether” which means you open up your device to other devices to use your connectivity as a defacto portable hotspot. Enabling this option comes with increased information security risks so make sure you are willing to accept them.

To ensure you are not sharing your network: From home screen > menu > settings > Wireless & Networks > Tethering & Portable Hotspot

Uncheck Portable WiFi Hotspot

4. Disable Bluetooth if you do not plan to utilize it. If Bluetooth is active it is another potential vulnerability source so if you are not using it shut it off.

To configure: Home > menu > settings > Wireless Networks

Uncheck Bluetooth

5. Internet Browsing Security Settings – There are several browser related security and privacy settings that will make your Android device more secure. It should be noted that some of these settings may affect your Internet usability and are less convenient then the less secure options so it is important to assess your secure requirements and implement accordingly. If you are performing online banking via your Android device you should err on the side of security in my opinion.

Browser Security options: Access via Menu > More Settings – Browser Settings

  • Block Pop Ups (Check for the more secure setting to prevent websites from opening new windows without your permission)
  • Enable Java Script (uncheck to prevent Javascript  from running, note this is probably not advised except for those desiring the most secure setting)
  • Enable Plugins (uncheck to prevent plugins from loading from web pages)

Browser Privacy Options

  • Clear Cache
  • Clear History
  • Accept cookies (uncheck to prevent cookies from being placed on your browser although this is only recommended for high security setups due to its impact on functionality)
  • Enable Location/Location Sharing (turn off to prevent browsing based applications from utilizing your location as a data source)
  • Clear all cookie data
  • Remember form data (uncheck to prevent which is recommended if you perform online banking or access other sensitive sites)

6. Update your installed applications automatically or on a timely basis. It is usually best to automatically update your applications to lower your exposure to known vulnerabilities that have been patched by the vendor. Applications are not set to update automatically by default so to configure that option you must perform the following:

Android Market > Menu > Downloads > Select the given app

Check Allow automatic updating

If you choose not to auto update your Android applications it is important to be notified when application updates are available so you can manually install them. To configure that option:

Android Market > Menu > Downloads

Menu > Notifications Check for Updates

7. Backup your key files such as contact lists using your google account. This is good for general housekeeping and will come in handy if you are upgrading devices or in need of a backup if a hard restore is necessary.

8. If you notice malicious or insecure applications utilize the App market rating function to flag it as inappropriate. Performing this action helps harness the power of the community to increase security and awareness around harmful applications.

To report an app with a problem – Go to App Market touch app in question

Scroll to bottom of details page – Flag as inappropriate

Submit with details of the problem

9. Remove applications that you no longer use. This helps lower your maintenance requirement for application updates and increases the security of your device since every application can be a source of vulnerabilities.

Android Market > Menu > Downloads > select app in question > Uninstall

10. General Location & Security Settings

  • Set password – Sets the password for secure credential storage area
  • Show security warnings (check to turn on but these are mostly related to site certification issues so most users would not pay attention to them)
  • Set up SIM card lock (can require SIM pin to use phone)
  • Clear Storage – Cleans out all the certifications and credentials on the phone

As you can see the Android platform offers a wide variety of security settings so now you can make an informed decision about which of these options are right for your intended use of the device.

Other useful resources:

Review of the best free Android apps

Help a friend by passing on these useful information security tips
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks