Greetings, Android! 12 tips to toughen up your new device for the real world

 This holiday season was a boom time for Android devices – with activations of Android smartphones and tablets on Christmas day hitting new heights, and narrowing the gap against rival Apple, according to analyst Flurry.

If you’re one of the lucky ones who unwrapped a Google Nexus tablet or one of Samsung’s army of different-sized Androids, congratulations – but there are a few sensible steps to take before taking that device into the ‘real world’, especially if you intend to use it for work.

There have been many scare stories about Android this year, often relating to malware targeting the OS – some rather overstated, but many, sadly close to the truth.

If you’re a user ‘switching sides’ from an Apple iDevice, you might be alarmed – and it’s easy to feel at risk when you’re getting used to a new system. But it’s not quite as bad as it seems.

Thankfully, Android itself now offers some great built-in protection against theft and malware – including a great anti-theft system quietly rolled out by Google to many Android users.

Once it’s started up, lock it down

Various Android devices from different manufacturers offer their own different security systems built in, but the really bulletproof ones are Google’s, and common to all up-to-date Android devices – the most basic one is getting a screen lock in place, and it’s common to every model. Do this before you take your device anywhere. Head to Settings > Security > Screen Lock. On new devices, you’ll usually get a choice of pattern, PIN, or password. A pattern’s less secure than a PIN, and a password is your best choice. If you’re using your tablet or smartphone for business, be extra careful.

While you’re at it, double-lock the important stuff
If someone does crack your code (sometimes possible simply by turning a handset sideways and looking for greasy finger marks – which is why choosing a pattern code can be risky), you can add another line of defense by locking individual apps – a very sensible step, and the reason that the excellent, free App Lock is, its makers claim, the most-downloaded app on Google’s Play Store. App lock lets you create a PIN which locks important apps – your email, Dropbox, or anything else which could hand data to cybercriminals. Better still, App Lock is pretty good at defending itself – it has mechanisms to ensure it can’t be uninstalled unless you have the PIN.

If you share ANY devices, be careful with Google Now

Google’s Now service can be accessed on Android via either a swipe up from the bottom of the screen, or via a Google Search box on screen, depending on which make of Android you choose – offering “predictive search” – ie guessing information you might need, based on your habits. Used carefully, it’s great – offering reminders of flights you have to catch (culled from Gmail), and traffic conditions on your commute (based on GPS data harvested by the handset). But while the ‘predictive’ search experience adds a lot to Android, it can also give a lot away. Any device signed in to the same Google account – ie a tablet you share at home – will ‘know’ whatever information you opt to share with Now, including potential privacy minefields such as your web search history. Thankfully, you can tailor how it works for you from Now, or from Google’s dashboard page – do so carefully.

Taking your phone to work? Talk to IT first

The trend for workers “bringing their own devices” to work is increasing year-on-year – but your boss, and your IT department will thank you if you ask first. Around 30-40% of devices in workplaces fly “under the radar”, according to former vice-president of security body ISACA Rolf von Roessing, who warned that workplaces faced a “tidal wave” of threats unless users were educated about risks. If you’re taking your own phone to work, ask your IT department for advice – and remember that even an email ‘Sent’ box can contain information invaluable to a criminal looking to penetrate a company network. Your boss will thank you if you’re open about using your own smartphone in the workplace – or even for working from home.

Lost it already? Don’t panic!

Despite frequent malware attacks – and an official app store that is still home to thousands of malicious and spammy apps – Google offers a pretty decent selection of security features built in – including a location tracker, which can help find a lost device, even if it’s just down the back of the sofa. Visit  Google’s Android Device Manager page to activate it, while logged into your Google account, and you’ll be able to force a device on silent mode to ring, remote-lock a device, and view its location on a map. If you own several Androids, you’ll be able to see them all. 

Keeping sensitive info on your smartphone? Don’t store it on a removable SD card

If you are keeping sensitive information on your phone – you really shouldn’t, if at all possible – don’t keep it on a removable SD card. This makes it easier for attackers to access data. If, for instance, your photos include an image of your credit card or passport, don’t store them in external memory.  Ensure anything you want to keep safe is stored in your device’s internal memory, and protect this using a strong password. Google’s Android Device Manager page offers useful options to wipe data remotely if a phone is stolen.

 Encrypting your phone WILL slow it down – but keep your data safe

Encrypting your device – so that all data on board is PIN-protected – isn’t for everyone – it will slow your device down, which can be painful if you’ve just unwrapped a top-of-the-range smartphone. But if you are carrying work information on it, it’s a good way to ensure sensitive data is safe, even if the device falls into the wrong hands.  Thankfully, it’s easy to encrypt your device in Android’s own settings menu – Settings/Security/Encryption – in an option available since  Android Gingerbread 2.3.4. Choose Encrypt Device and Encrypt External SD Card, then wait while the device crunches your data (this takes a while). After that point, your data is PIN-protected. This will slow your device, though.

 Google’s Play store isn’t perfect – but it’s FAR safer than most ‘unofficial’ stores
For ‘defectors’ moving from iOS to Android, the fact that malicious and spammy apps sneak into Google’s official Play store may be a shock – unlike Apple’s App Store, there is not an approval process, so ‘bad’ apps can sneak onto Play. Play, though, remains a far safer place to shop than unofficial stores – or bogus ‘review’ sites offering free apps.  Google removes ‘bad’ apps once users complain – but some lurk around for quite a while. Watch out for close-but-not-quite clones of popular apps and games – a classic trick – and in general, think like you are shopping on eBay (ie does the developer sound legitimate? What do the reviews say?). Most apps on Play, though, ARE safe. But the most crucial google Play, Amazon’s App Store and GetJar, you will be much safer – although “bad” apps can still sneak into those.

Don’t feel you HAVE to root your Android

For many tech-savvy phone users, the chance to ‘root’ an Android device – gain root access to the phone’s OS, which allows users to, among other things, uninstall all the unwanted apps with which Samsung and other phone makers routinely bloat their devices. There are dozens of tutorials on how to root devices online, and many Android forums make it seem like a “first step” for users, allowing Android fans to run apps which require root access, such as firewalls – normally blocked by the OS. But rooting a phone opens users up to new risks – and cuts off many of the protections built into Android itself. It will also severely annoy your employer, if the handset happens to be a work one. Malicious apps with root access can cause far more damage than normal ones – and the unofficial app markets where apps for rooted devices are traded are filled with malware, sometimes disguised as popular apps. “Free” versions of the predictive text app Swiftkey appeared on pirate sites – infecting users foolish enough to download with a keylogger which took note of every keystroke in Swiftkey, with the goal of stealing data.

Read the “permissions” screen EVERY time you install an app

Most computer users are pretty impatient while shopping – and used to skipping straight past huge legal documents without reading a word – but while Android’s App Permissions page looks boring, it’s THE single most important defense built into the system.  “Bad” apps will request access to and control over huge amounts of your Android’s functions – such as reading all network communications, or sending SMS messages – if an app has a huge list of Permissions, it’s an “alarm bells” moment. Why WOULD a screensaver need to send SMS?

Don’t EVER install a banking app from a link

Governments around the world have warned of the risk to consumers from ‘fake’ banking apps – either delivered on their own, or as part of an attack against a PC, where the malware attempts to fool users into downloading the fake app by delivering messages through bogus bank sites. An increasing number of PC Trojans target Android devices with fake banking apps – with several families of  banking  malware attempting to fool users into installing malicious apps via their PC’s browser – aiming to bypass two-factor authentication systems used by banking sites. Banking Trojan Hesperbot uses a malicious webpage to instruct users to enter their cellphone number and make, and attempts to install a malicious app that bypasses security systems. Your bank will NEVER distribute apps in this way – instead, download your bank’s app from Google’s Play, and ensure yours is up to date.

Paying for something with your phone? Be VERY careful

Up-to-date Androids such as Samsung’s Galaxy S4 and HTC’s One ship with an NFC (Near Field Communication) chip – a new technology designed to transmit data over short distances, and used in some countries, such as Chile, as a tap-to-pay system in stores. But point-of-sale terminals have become an increasing target for cybercriminals. Any technology used for bank transfers is a potential target of computer attacks. As this means of payment becomes more popularly used, malicious code may appear to steal information relating to these transactions.” Be cautious about any means of storing money on your phone – such as Bitcoin wallets – or paying direct via NFC.