Android regularly comes under fire each time security researchers discover a new leak in the operating system. But how do you protect your Android smartphone, and what can you do about dangerous apps? We explain it all in our Android security guide.
- 1 1. Why Do You Need To Protect Your Android Smartphone?
- 1.1 2. How Do I Recognize a Dangerous Android App?
- 1.2 3. How Do Android App Permissions Work?
- 1.3 4. The dangers of apps outside the Play Store and apk files
- 1.4 5. What does Google Play Protect do?
- 1.5 6. Do I Have To Install An Antivirus App On My Android Smartphone?
- 1.6 7. What Are Android Security Updates?
- 1.7 8. How Do I Recognize A Phishing Mail?
- 1.8 9. How Do I Recognize A Dangerous Wi-Fi Network?
- 2 How Do I Protect The Data On My Smartphone?
- 2.1 10. What are the best password managers for Android smartphones?
- 2.2 1Password
- 2.3 LastPass
- 2.4 11. What Is Two-Factor Authentication And How Do I Set This?
- 2.5 12. What Does a Virtual Private Network App Or VPN App Do?
- 2.6 13. What Is The Best VPN App For Android Smartphones?
- 2.7 14. How Do I Hide My Notifications?
- 2.8 15. What Is End-To-End Encryption?
- 2.9 16. What Is The Safest Way To Lock My Smartphone?
- 2.10 17. What Do I Do If My Smartphone Got Stolen?
- 2.11 18. What Do I Do If I Want To Sell My Smartphone?
1. Why Do You Need To Protect Your Android Smartphone?
Your smartphone is full of personal, important information. From private photos to your bank details to your passwords. If there is one device in the world that knows almost all your secrets, then it is your cell phone. That is why it is very important that your Android smartphone is well protected.
Although Google, phone manufacturers, and hardware makers do everything they can to make Android as safe as possible, unfortunately, it happens regularly that malicious parties get their hands on private information. Sometimes because an app suddenly appears to have a security vulnerability, but mostly because users use weak passwords or even don’t protect their data at all. By protecting your smartphone preventively and paying attention to potential dangers yourself, you are much better protected.
In this Android security guide, we take you through some of the most common dangers, from dangerous apps to unreliable emails. We also discuss the best ways to secure your smartphone.
Is a pin code enough, or do you still need to work with a VPN, two-factor authentication, and encryption? We explain it to you in this guide.
2. How Do I Recognize a Dangerous Android App?
Almost all apps can be downloaded via the Play Store. You can now find millions of applications there. Although Google continuously scans all apps for possible dangers, unfortunately, it regularly happens that malware appears in the Play Store. You have to be careful about that because such an app can watch what you are doing on your smartphone, or send passwords in secret.
The vast majority of all apps in the Play Store are secure. The chance that you will suddenly download a virus instead of WhatsApp is therefore minimal. The main thing is to use common sense. If an app promises things that are too good to be true, don’t put it on your smartphone. If there are weird images, an unreadable text in poor English, or other questionable content, you should at least thoroughly check before you start downloading.
Your fellow users can also help. The Play Store shows how often an app has been downloaded. For example, if you’ve opened an app that claims to be WhatsApp, but has only 10,000 downloads, it’s probably a fake app. And check the reviews. If an application receives many negative reviews with low ratings, then ignore it.
3. How Do Android App Permissions Work?
Once an app is on your smartphone, Android has several ways to protect you. You must give explicit permission for the various parts of your device. These are called the ‘permissions’. If you open an app for the first time, or if you try out a specific function, a pop-up appears to ask for the authorization.
For example, WhatsApp needs access to your camera to take photos, while Facebook wants to see your contacts to add more friends. But if a flashlight app asks for permission to send text messages, you’d better refuse. We also advise against giving Facebook permission to see your contacts.
Also, a news app usually does not need access to your microphone. When in doubt, simply refuse even if it is a secure app. The app often continues to function normally, but some functions are not available.
4. The dangers of apps outside the Play Store and apk files
Android is a very open operating system, and that has both advantages and disadvantages. The advantage is that you can also download apps from outside the Play Store, such as Fortnite. You decide for yourself which apps to put on your device.
Unfortunately, Google cannot protect you against these types of apps. Malicious people can stuff the installation files (or APK files) with viruses, and because they are not in the Play Store, they are not inspected by Google. The built-in virus protection of your smartphone will hopefully stop it, but not always. So only download and install these types of installation files if they come from a safe, reliable source.
5. What does Google Play Protect do?
Google is taking steps to recognize dangerous apps on your smartphone faster and better. They do that with Play Protect, a feature that has been built into all Android smartphones since Android 8.0 (Oreo).
Play Protect regularly scans your device and all apps on it for harmful code. If Google discovers harmful apps then you will receive a warning about it. Apps that are known to Google to be very harmful are automatically removed from your device. Other times you can choose to remove the app yourself.
6. Do I Have To Install An Antivirus App On My Android Smartphone?
Unfortunately, Google Play Protect is not a perfect virus scanner. A study by AV-Test showed that the service only stops around 70 percent of all malware. Google is doing everything it can to increase that percentage, and if you mainly download from the Play Store, you’ll stay pretty safe.
Many users probably already use the built-in virus recognition of most Android smartphones. Still, it doesn’t hurt to download another antivirus app to boost your protection. But beware! use a reliable app, because with shady antivirus software you only run more risk. Two of our favorites are ESET and Bitdefender.
Bitdefender Mobile Security
With Bitdefender Mobile Security you have a very nice antivirus package on your smartphone. The app has a malware scanner and can place a pin code over your sensitive apps. The app also keeps a close eye on whether anything strange is happening in your browser. Bitdefender can even use Android Wear to protect your smartphone.
The app makes the smartwatch vibrate if you are too far away from your smartphone, after which you can make your smartphone make a loud noise with a touch of your smartwatch. In addition to Bitdefender protecting you well, it is also important that the app does not overload your device.
Bidefender requires a monthly subscription of a dollar per month. The app is also free to try for two weeks, so you can check if it’s worth your money.
ESET has clear advantages and disadvantages. On the one hand, the app does what it needs to do and the LiveGrid system offers clear added value. It is also a good idea to always have an extra ‘inspector’ on hand. The antivirus app is therefore especially nice for children and people who are less at home in the world of smartphones, who end up on dubious sites with malware, for example.
On the other hand, ESET looks quite dated and many functions are already standard in Android. ESET is a freemium app: some parts are free, but most functions cost money. You can sign up for five Android devices for ten dollars a year. You can try the app for free for a month.
7. What Are Android Security Updates?
Every software has vulnerabilities, it is almost impossible to prevent that. Android runs on thousands of different smartphones, tablets and other devices. Android needs to be adjusted for all those devices, and sometimes something goes wrong. That is why Google releases monthly updates to address these vulnerabilities.
These Android security updates are always released by Google in the first week of the month. A few minor vulnerabilities in all parts of the software are usually addressed before hackers have a chance to exploit these vulnerabilities. It is then up to manufacturers to roll out these updates for their smartphones.
Manufacturers are not required to release these security updates on a monthly basis. Many do, however. For example, Samsung, Nokia and Sony, among others, release almost monthly updates for almost all their devices.
As a rule, more expensive smartphones receive an update every month for two or even three years after the release. If you go for a cheaper device of fewer than $300, the update usually appears only once per quarter.
8. How Do I Recognize A Phishing Mail?
Phishing emails are messages that pretend to come from a well-known party, but that actually try to scam you. Think for example of a fake e-mail from BestBuy that offers you to pick up free products, or a message from your bank that your account has been hacked. The senders hope that you open the e-mail out of enthusiasm or panic, and quickly enter information such as your password and pin code.
These emails are dangerous in unique ways on smartphones. For example, because you cannot hover over a link with your mouse, just like behind your computer, to see what is behind it.
Fortunately, these phishing emails are usually easy to check. For example, check if the e-mail address is correct and if there is a strange language in the message. Never just click on a link without first seeing where it goes. Moreover, banks, the government and other important authorities will never just ask for your pin code or password.
9. How Do I Recognize A Dangerous Wi-Fi Network?
Criminals are increasingly targeting free and public Wi-Fi networks. For example, they create their own public Wi-Fi network that is accessible to everyone. Subsequently, it is relatively easy for malicious parties to keep track of all your activity on this network, and thus gain access to personal data.
That is why it is smarter to use the internet via your 4G connection: much safer and, in the case of public WiFi networks, also considerably faster. If you have a small data bundle and you decide to use a public Wi-Fi network, pay attention. Do not just give access to everything while logging in, and use a VPN to encrypt your internet traffic.
How Do I Protect The Data On My Smartphone?
If you protect your smartphone well, you run a lot less risk. The steps below may sound like a lot of work, but within a few hours you will have set up that password manager, VPN, and encryption. And then you know for sure that all your sensitive data does not suddenly end up on the street.
10. What are the best password managers for Android smartphones?
Are you still someone who uses the same password everywhere on the internet, with a few minor variations at most? Then it’s time to quickly choose a password manager. With that you set much more complex, difficult-to-crack passwords for all sites and apps that you use regularly.
With a password manager, you set one complicated password for your virtual vault. You then save all passwords for other sites there. The apps can generate complex passwords with the most random characters for you on all those sites. The apps also regularly remind you to update older passwords once, should something has been cracked. Our favorites are LastPass and 1Password, but there are also other options.
1Password is one of the best-known password apps, with support for different platforms. In addition to obvious features such as the automatic generation of passwords, the app is equipped with a few functions that do not recur in other apps. With the travel mode, you can temporarily delete all your sensitive data from your device, and you can also store credit card data and other important data in the 1Password safe.
1Password is free to use for 30 days and costs around $3 a month after that period. A nice extra is that the 1Password app has full support for Autofill in Android 8.0 (Oreo) so that it seamlessly enters your data for you.
LastPass is a fully-featured password app that meets the needs of most users. The app automatically enters passwords, can save secure notes and can be protected with your smartphone’s fingerprint scanner. In addition, the app helps you generate secure passwords for all websites and apps where you have an account.
Most of the functions of LastPass can be used free of charge, but a Premium version is also available. This costs around $24 per year and offers access to your account in emergencies and 1GB of encrypted storage. On the other hand, managing, retrieving and automatically entering passwords is simply possible with the free version.
11. What Is Two-Factor Authentication And How Do I Set This?
Unfortunately, a password nowadays does not offer sufficient protection. If a database full of passwords is cracked somewhere on the internet, then you will soon be pinched.
That’s why it’s better to set up two-factor authentication for the most important services. Then you have to enter a second, continuously changing code to log in. This code is only visible on your own device.
There are different options for two-factor authentication, or 2FA. For example, you can set the phone to send you the second code via SMS. However, there are also 2FA apps to which you link your account, which then continuously show new codes. The second option is just a bit safer, because text messages can be intercepted by malicious parties.
It is very wise to at least protect your Google account with two-step verification. A lot can be intercepted via that account. From Gmail to Google Photos to your Android smartphones: almost everything is linked to it. But you can now also set 2FA for WhatsApp, Facebook, Telegram and even some banks.
12. What Does a Virtual Private Network App Or VPN App Do?
VPNs encrypt your connection and allow internet traffic to pass through your own server, which often does not keep any information. They help you to remain anonymous by sending all your internet traffic through a kind of protected tunnel. It encrypts and anonymises your internet traffic and at the same time makes it virtually impossible to find your location.
A VPN offers the possibility to hide your internet use from others so that your privacy is guaranteed and you protect yourself against potential threats. You can also use a VPN to disguise your location. Sometimes you use a VPN for example to use a video service such as Hulu or Netflix, which does not work in some countries. But it is also useful to disguise your IP address. With a VPN, nobody knows which websites you visit, not even your provider. The big disadvantage is that a VPN sometimes makes your internet connection a bit slower because all your internet traffic actually goes through a diversion.
13. What Is The Best VPN App For Android Smartphones?
There are a lot of free VPN apps in the Play Store. However, we do not recommend that. In many cases, they collect all your internet data themselves, and they sell it on to make money. If you want to be sure that all your data remains protected, you will have to pay a small amount.
We recommend Private Internet Access (PIA), but you can of course also choose other apps. PIA offers many functions for a reasonable price and is also user-friendly. For a fixed monthly fee you can connect five devices to the VPN at the same time, your connection is encrypted and there is support for P2P and VoIP services, such as uTorrent and Skype. In addition, there is no limit on speed or consumption, which means you can download torrents relatively safely with PIA.
Also Read: Our Guide On Best VPN Apps For Android
14. How Do I Hide My Notifications?
On most Android smartphones, your notifications are shown on your lock screen as standard. That brings dangers. For example, if you use two-step verification for your Google account, the required code will be visible on your lock screen, without having to unlock the device.
Fortunately, there is an option that offers better protection. You can hide the content of your notifications on almost all Android smartphones. You then only see which apps have new notifications, but the content only becomes visible when you unlock your device. In the tip below we explain how you set that.
Follow the steps below to hide the notifications:
- Open the Settings app;
- Then select ‘Security and location’;
- In the next menu you scroll down for the ‘Screen lock preferences’ option;
- There you can choose from three options at ‘On the lock screen’. Choose to display everything, nothing at all, or to hide the content of sensitive notifications. The latter option hides your emails and WhatsApp messages, among other things.
15. What Is End-To-End Encryption?
With end-to-end encryption, your conversations are encrypted, which means that they can only be read by you and the recipient of your messages. Without that encryption, it is theoretically possible for malicious parties to intercept messages.
If you want to be sure that nobody is watching, use a chat app with end-to-end encryption. Fortunately, that is fairly easy to fix, because more and more apps support it. WhatsApp, the most popular messaging service of the moment, has it turned on for everyone by default. With some other apps, such as Facebook Messenger, you must first enable it yourself. There are even more secure messaging services such as Signal and Telegram which offer better encryption.
16. What Is The Safest Way To Lock My Smartphone?
To ensure that not anyone can just pick up your smartphone and view your apps and messages, set a screen lock. In the past, you could only that with a pin code. Nowadays you have access to a whole arsenal of resources. Which is the best to use? We have listed the strengths and weaknesses of the most popular methods.
PIN code : the simplest, most famous screen lock. If your smartphone supports this, try to choose six digits instead of four. As with passwords, the following applies to pin codes: longer is safer. The disadvantage is that it is relatively easy for someone to look at, and thus crack your code.
Pattern : actually works the same as the pin code. If you choose a complicated pattern, it is a lot harder for someone to watch, but it is still not completely watertight.
Fingerprint scanner : these are found on more and more devices, and in general they are very fast and secure. It is difficult, but not entirely impossible, to fool it.
Face recognition and iris scanners : almost all Android smartphones now offer face recognition. But beware! on cheap devices, it is certainly not nearly as safe as you might think. This is because often the selfie camera is used to take a picture of your face, and to compare it with a previously taken picture. Such a face recognition is very easy to get around with a photo.
More and more smartphones are therefore equipped with face recognition based on biometric sensors. For example, iPhone XS has a depth camera and a dot projector that sees the difference between a flat photo and a real face.
There are also cameras that detect heat: after all, a lot more heat comes from a person than a printed photo. These cameras are virtually impossible to bypass (unless you have an identical twin brother or sister) and therefore usually the safest option. However, they are often a bit slower than a fingerprint scanner and work less well in the dark.
LG debuted a new technology which used the Palm veins authentication method to unlock your device. LG has been able to do that by using a Z camera coupled with a ToF (time of flight) camera to achieve the result. The Z camera sees things in 3D so it can’t be fooled by a photo.
According to LG, ” LG’s Hand ID identifies owners by recognizing the shape, thickness and other individual characteristics of the veins in the palms of their hands”
Google Smart Lock: a handy alternative locking method from Google. With Smart Lock, for example, you can set your device to be unlocked automatically when a certain Bluetooth device is nearby (such as your headphones) or when you are at a certain location (at home). Handy in addition to the existing methods, but not very safe if someone steals your headphones as well, you are still in a hurry.
17. What Do I Do If My Smartphone Got Stolen?
A thief can of course not only use your smartphone to resell it, but your private data can also end up on the street. If you are not careful, a burglar will also have access to your passwords, credit card details and private photos.
Unfortunately, there is little you can do to prevent theft. Pickpockets or burglars can always find a way. You can protect your smartphone. If the device still falls into the wrong hands, then you know for sure that your data will remain secret. For example, make sure that you have always set a screen lock. With Android Device Manager you can also see exactly where your device is and delete all data remotely.
18. What Do I Do If I Want To Sell My Smartphone?
If you sell your smartphone, you must of course first delete all your personal information. That sounds logical but is often forgotten. Make sure you restore the factory settings of your Android smartphone before the sale. Remove all memory cards that are in it, so that you are sure that the buyer does not have access to your old photos and videos.