Secure and Protect your Android Smartphone - Tips and Advice

This tech world - referring to smartphones and tablets - is dominated by two main operating systems: Android and iOS. Since Android is the one which has the biggest market, I thought I should share some specific tips regarding security on Android devices.

Fun fact: Android means a human with a robot appearance.

Can you believe the first Android phone was released in 2008? That’s more than a decade ago, even though it appears it has been just a couple of years.

The first phone that had this Android software was, according to Spingfold, the HTC Dream. It appeared in the autumn of 2008. The software itself was developed by Android Inc. Google bought it in 2005.

The interesting part is this:

_“Device named “Sooner” would have featured the first version of Android OS and it would have been the world’s first android phone. It looked more like a BlackBerry phone with a non-touch screen and QWERTY keyboard. In 2007, Apple Inc has launched its first smartphone. This forced the team working on Android OS to change the operating system’s complete design, rework on various modules being built by then. They have finally come up with a touchscreen device with a sliding physical keyboard.”

• Springfold_

I guess it all comes to what your competitor does.

Even though this first Android phone received some criticism regarding some functionalities (compared with iOS and, back then BlackBerry), it was quite appreciated for the integration with Google services and for the notifications.

And, not to forget, Android’s first version was called Cupcake. It was version number 1.5.

That year was the mark for the later boom in new smartphones, and the annual releases. Nowadays, in 2019, Android is at the 9th version, called Pie. Of course, it offers a lot more features; as people are expecting tailored experiences, the Pie version comes with a few that are quite interesting:

1. Adaptive Battery - the tech industry is trying hard to use AI for its advantage. Programming AI it’s easier to create tailored experiences, and the Adaptive Battery is a feature that learns what apps you’re mostly using and tries to focus the battery on them (not on the other apps that you’re just keeping in your phone).
2. App Actions - because you, as a person, are doing a lot more than one thing, your Android phone will be there to support you. When you’ll plug in your headphones, your smartphone will start playing the songs you were listening.

These are just a few of the Android Pie features - this is the official website where you can learn everything about them.

As we’ll start discussing the security issues behind the Android, one main cause that has been speculated is this: Android is open-source.

Android software, unlike iOS, is open-source. This means that whoever wants it, can take the source code and modify it just as they like.

There are many smartphone brands that use Android: Samsung, HTC, Google, Motorola, and many others. Because it’s an open source, you may have seen that each brand has modified it a little bit (or more), in order to differentiate from the many devices out there.

In its early days, Android was highly appreciated and had a lot of success right because of this reason. Unlike iOS, developers could take Android and modify it according to their needs. It was (and maybe it still is) all fun and great, but security issues have risen.

Because the Android is now fragmented into who-knows how many parts, Google finds it a bit difficult to update all of the devices at once. All Apple users can update the software almost at the same time. Whilst the Android users find it a bit more difficult.

It is harder to keep up with all the versions of the Android and create valuable updated for each of them. Not to talk about releasing them. It is said that “Apple can get a new release of iOS onto about 85 percent of devices in a year, while Google struggles to hit double-digit adoption in that time. And it takes about four years for a release to fully penetrate the ecosystem.”

Which is a lot of years. 4 years can be life-changing in terms of just life itself. But it’s even a bigger time in terms of technology.

What can we draw from this? Google, the owner of the Android, should take the path of Apple: make the Android software a proprietary project. Even though being an open-source was the way to go back in the days, now it becomes clearer and clearer that it is not anymore.

My opinion (and others, of course) is that doing this, might give way to a bigger focus on unique and competing features; instead of joggling between tackling security issues, and new features. And there are a lot of more reasons why taking control over the Android might be a good idea.

While we wait for the big thing to happen, we should still be aware of some security issues that can happen or that already did.

Let me give you an example. Almost two years ago, there was an app called GoKeyboard. On the surface, everything looked OK; on the Google PlayStore page, it said that it wasn’t going to collect your information. Now whoever read this, may think that it’s not necessary to read the Privacy Policy as well, right?

Sometimes, you have to, for your own full protection. It appeared that in the Privacy Policy, the developers of the app stated that they reserved the right to collect the users’ information (social media interactions, names, birth dates, addresses).

The app collected the user’s Gmail account, among other important information. It also had the ability to install, download and execute code from a remote server - code snippets marked as adware or PUPs (potentially unwanted programs). Quite awful, right?

The ones who did this research and who found out this rather horrible information, where the ones from AdGuard. Apparently, they issued a complaint to Google, but they never got a response back. They just saw after a few months that the app’s statement in the Google Playstore was updated.

The troubled situation is that Google never responded to this issue. It may have directly contacted GoKeyboard, and may have avoided a public official response just to keep things at a low. They wouldn’t want people to panic and think that in the Google Playstore there were allowed apps that were basically lying users in their faces. A panicked crowd is of no use at all.

Compared to the AppStore, Google Playstore has a less restricted process of uploading an app. It’s easier, that’s why many brands and companies start with an Android version of an app.

This alone “helps” developers to create and upload copies of apps. Even though they may stay for a short time in the Playstore, that short time can be huge for a user database like Android’s. Some inexperienced users can download the fake app, not knowing it will be able to collect data or to infect their smartphone.

Another phenomenon related to security was based on installing apps from external sources. Some apps had malware capable of downloading a rootkit on the smartphone. This rootkit gave the attacker the ability to change the apps objectives: collecting credentials, installing a key-logger and various others.

This time, Google responded, confirming that they were aware of the situation. Here’s what Adrian Ludwig said:

And here’s a bit more information about the Ghost Push situation.

Just at the beginning of 2019, in March, Google has released an article depicting the year 2018 in Review - regarding what Google has made to improve the security levels.

Some of the highlights are that they started focusing more on transparency and layered security, along with various other issues.

• “New features in Google Play Protect
• Ecosystem and Potentially Harmful Application family highlights
• Updates on our vulnerability rewards program
• Platform security enhancements”

Source: Google

The whole report contains about 30 pages; you can read it here or you can watch the video in which Dave Kleidermacher, Vice President of Android Security and Privacy summarizes the whole report.

The year 2018 marked the ten years anniversary since they launched the first Android phone, so it was self-explanatory why they had to bring some things into a review. You should read it in full before or after listening to Dave. It will make you aware of lots of useful information.

Even though “supported by Google Play Protect, Android is protected around the clock”, there still are things that you can do as an individual in order to keep your Android device away from malware.

It should be common sense. Don’t download any apps that are not in the Google Playstore. Back in the days, it may have been OK (at a certain level), because the hackers and the desire of infecting phones and stealing identities weren’t at such a high level as it is today.

Play safe, because your whole online life can be at risk, even the real one.

It’s hard for the Android malware scanners and protection mechanism to fully know if a file (ending in .apk) is 100% safe.

Remember the hype with Pokemon GO? It was a tremendous opportunity for hackers to create some shady stuff. Apparently, after it arrived in Australia, researchers stumbled upon a modified version. That version of the Pokemon GO app was infected with a high level of malware (DroidJack RAT). Not fun...

I know that it may be difficult to not use an app just because it does something you’re not entirely comfortable with.

But it’s best at least to know what you’re exposing yourself at.

There are cases that even the simplest apps - which shouldn’t do anything besides let’s say, turn on your phone's flashlight - require access to email, SMS, location, Internet tracking. Why?! That’s definitely something suspicious. Because it’s an app that can be easily replaced with others that do the same thing (lantern mode), you can delete the one that wants your life and install another, safer one.

In case you’re worried about the existing apps in your phone, you can still check their permissions. Go to the Setting section, search for Apps and then search for the wanted app.

Along with reading the App permissions, you should also carefully read the Privacy Policy.

After the incident with the GoKeyboard app, people should be a lot more skeptical.

Of course, things should’ve changed since the incident. GDPR has also become official in Europe, so I don’t think companies are risking their whole future anymore.

With this regulation in place, companies have to be fully transparent in terms of how they collect and process their users’ data. In case they lie about it, or if they create confusion just like GoKeyboard did, then they should prepare for a humongous fine - 4% of their revenue or 2 mils. Euros.

Still, it’s safer to be cautious at all times, especially because you can. “Waste” 5 minutes more reading all the information, instead of tapping “Yes” everywhere you see.

We do live in a world where many things are bought through recommendations. The reason is based on a whole different story than the one we are talking about right now.

App reviews are kept for a long time in the Playstore. Most of the time you’ll see the versions of the app, along with some reviews - or you can match the dates of the reviews with the versions releases.

The complicated part is that hackers can create fake apps that also have fake positive reviews. This actually happened in 2016, when there was a fake version of the app called Prism. Prism was super-popular, so imagine how many users were at risk.

To avoid this, try to carefully read the comments - you can easily spot the spam, fake ones. In case you discover a lot of them, then you should do some further digging - search the Internet, search for the developers, etc. Even flag anything that you think it’s suspicious, and find another app that can satisfy your needs.

This solution for keeping your Android device protected comes to your own decision. Some say that it consumes too many resources, while others say that it’s just fine.

As there are so many devices running on Android, you just have to test it yourself to see whether it’s good for your devices or not - resource-consuming speaking.

Other than this small inconvenience, an antivirus app will be a great extra layer of protection. There are tons of big antivirus companies that also offer smartphone apps - some are paid, some are free, some require a subscription.

It’s also important to mention that phishing can happen anywhere, even while you navigate on your device’s browser. To keep yourself away from this and to take away the stress, using an antivirus might be a great solution.

Some antivirus apps require you to navigate through their app - which will be inconvenient, as you might have all the browsing history and credentials into one place. Most of them, though, just need permission to access your navigating data, whatever browser you’re using.

Even though some updates can do a lot of change in your smartphone, they are good as a whole. Each year there’s a whole new update, that brings new major features or changes. Between these updates, there are smaller ones.

These are the version updates, which are there to get rid of any issues that may have appeared along the way. Between these issues are the security ones, as well.

So it’s best to keep your phone updated regularly, in order to make sure you won’t have security problems with your Android.

This part will be detailed more in the next part. For now, you should simply keep in mind that not every WiFi is secure and/or secured. That means that even the ones with a password can be a threat to your data, and the ones that have no password at all are the worst.

You shouldn’t let your phone connect to every one of them without at least asking you first. Even better, skip this automatically search of new WiFis; it will unnecessarily drain your battery. Connect only when you need to.

Let’s say now you’ve completely understood what you have to do in order to stay away from most malware and other security issues.

But what happens with those unsecured WiFis that you have to use? What happens if you want to access some location-restricted websites? You use a VPN.

There are many more reasons why you should use a VPN. All of them are right here.

There are two options to use a VPN on your Android device:

• Input the credentials into Settings;
• Use a designated app.

Using an app is pretty easy, and I’m sure you’ll be just fine in installing and using one. Just pay attention to those free VPN apps - free doesn’t necessarily mean free. Those VPN apps might actually keep important logs of your browsing, which is totally unsafe for you. Some might even get access to what you’re viewing online.

It’s better to pay some money for a VPN app than to be happy with a free app and rely on its terms.

Coming to the credentials. This type of VPN services still need an app, but you might need to input the credentials into Settings. Some apps will come with a package of instructions, but some may not.

Here’s how to install a VPN on your Android device (might be a slightly different process depending on your device):

• Install the app;
• Go to Settings and search for Wireless & Network;
• Here you’ll find either a “More” or a “More connections” tab. Tap on it and hit the VPN option;
• Enter your login credentials, along with the protocol and the server.

To fully test if the VPN you picked is good and doesn’t unintentionally leak information, before connecting to your VPN, enter here: www.dnsleaktest.com. See what info it shows you. After you connect to the VPN, enter again and compare the information. If the new result is the same as the first one then it’s definitely not a good VPN. If it’s not, you’re good to go.

The main reason why you should use a VPN on your Android smartphone is to protect your data.

Smartphones were created and updated in such a way that you’re constantly in the need of a WiFi or data connection.

As I said above, don’t let your smartphone do the constant search of a new WiFi, not even connect to the free ones automatically. It’s not safe at all.

The unsecured WiFis are those that don’t have any password. They are like flowers in a field, ready to be picked by malicious hackers. Even people with no hacker experience can search on YouTube for how to hack a WiFi connection; they can see all of your data, and even do you harm.

If you’re connecting to a WiFi that is secured, you should do the following two things:

• Check if the password is strong enough. If it isn’t, then connect to your VPN right away.
• If it’s a new place - a cafe, a restaurant, a hotel or whatever other places that can be interesting to hackers, it’s better to use a VPN, even if the WiFi has a password.

To go even deeper, most ISP (Internet Service Providers) have access to all of your browsing data and more. There’s little chance they will actually start to check every single person on this world to see what they are doing.

Most of the time, they use their “ability” when the government, the police or other forces intervene. By this, they try to capture various malicious persons.

In case you simply feel that your privacy is violated, then go ahead and install a VPN on your Android, too. You know that you’re using it more than your computer, so it’s best to start with it.

Moreover, the Android smartphone (or, of course, other smartphones) is the one that you’ll take away in your travels. Why not be prepared from the start? In this way, you’ll be able to protect all of your data, location, and information while traveling.

You may even get to a country where there are restrictions. Back at home, you don’t have such a thing, hence you can feel a little down or angry. A VPN installed on your Android will help you gain (regain) your access to your home content.

To conclude, be sure to keep away from apps that are not from verified sources, install a VPN - to keep your online data safe and private, and keep your smartphone updated regularly.

Here's more about smartphone security tips