Securing your Android phone or Android tablet is more involved than adding a PIN lock (although you should certainly do that). We run through 14 ways you can keep Android secure, from dealing with app permissions to locking down apps, banishing Android viruses and tracking down a stolen phone.
1. Avoid dodgy public Wi-Fi networks
Smartphones and tablets are mobile devices, which means we are as likely to use them in a cafe or pub as we are our own homes. Provided free Wi-Fi is available, of course. Just don’t fall into the trap of jumping on to an unsecured wireless network just so you can take advantage of a free internet connection when out and about - whoever is providing that ‘free’ internet connection may be taking a great deal more from you in return.
Open Wi-Fi hotspots are incredibly useful when you're out and about and need to get online, but they aren't always safe. Security company Wandera examined 100,000 corporate mobile phones and found that 24 percent were regularly using insecure open Wi-Fi networks. It also found that 4 percent of these devices came into contact with a man-in-the-middle attack in November 2017.
The security company advises that if you must use an open Wi-Fi network, don't pay any bills or make any transactions, use a VPN if possible, install a security app that can detect dodgy websites and insecure hotspots, and disable automatic connection to open Wi-Fi networks.
2. Set a screen lock
Setting up a screen lock is the simplest way to protect Android when your phone or tablet falls into the wrong hands. These days you can set a PIN lock, pattern lock, password lock and, if your device supports it, a fingerprint or eye scanner lock. It’s so easy to do you really have no excuse. Head to Settings > Security > Screen lock to get started.
3. Lock individual apps & media
You can add an extra layer of protection to your apps by locking down those you really wouldn’t want to get into the wrong hands with an app such as App Lock. Not only does this let you toggle on and off a PIN lock for individual apps such as Facebook and Gmail, but it has a secure fault for hiding photos and video that shouldn’t be seen by prying eyes.
4. Keep Android & apps up-to-date
Android- and app updates don’t just bring new features, but also bug fixes and patches to security vulnerabilities. You should ensure your apps are set to auto-update over Wi-Fi in Google Play’s Settings > General > Auto-update apps menu, and make sure you have have applied any new operating system updates in Settings > About Phone > System updates. Also see: How to update Android.
5. Don’t download apps outside Google Play
By default your Android phone or tablet won’t let you sideload apps (that is to install them from anywhere other than the Google Play store), but it’s easy to get around this in Settings > Security > Device Administration > Unknown sources. Google has no control over apps outside its app store, so only those who really know what they’re doing should even think about sideloading, and doing so only from trusted sources.
6. Manage app permissions
A benefit of downloading apps only from Google Play is that it will tell you which permissions an app requires before you install it, and if you have a recent version of Android you'll also be prompted to accept permissions as and when they are required.
There is often a good reason for apps needing access to seemingly unrelated facilities on your phone, such as games that want to view your contacts (to allow you to compete against your friends) and messaging apps that want to access your camera (to allow you to send picture- and video messages). However, if you can think of no reason for an app needing a particular permission, don’t install it.
Introduced in Android with Marshmallow is the ability to manage app permissions and control what an app can and can’t do on your phone even after you’ve installed it. Should an app need a permission you haven’t granted, it will prompt you for permission before it does its thing. You’ll find App Permissions in Settings > Apps > App Permissions.
7. Set up user accounts
Since Android Lollipop we’ve been able to set up multiple user accounts on tablets, and more recently on phones. If you are going to be sharing your device with another family member, a colleague or a friend, you can give them access to only the parts of your Android that you are willing to let them see. Set up user accounts in Settings > Users > Add User. Also see: How to set up parental controls on Android.
8. Be careful what information you share
We’ve often complained that people are sharing too much information on social media, such as publicising the fact they are going abroad for a week on Facebook and leaving their home vulnerable to burglars (don’t do that), but with Android you may find you’re sharing too much information with yourself.
Android uses the Chrome browser, which you may well also be using on your laptop or desktop PC. The ability to sync your bookmarks, passwords and more through a Google account (which is also tied and automatically logged into your email- and other Google accounts) is an awesome timesaver, but it could become an issue should you lose your phone or tablet or it gets into the wrong hands. All your logins, passwords and sensitive data within your emails will be available to whoever finds your Android device and knows where to look for that stuff.
You can control what data (particularly passwords) is stored by Chrome by launching the browser, tapping on the three-dot icon at the top right of the window, and choosing Settings > Basics > Save passwords. Also open the Settings menu in Chrome, tap on your account, then choose what data is synched.
Don’t forget Chrome’s Incognito mode, which lets you browse the web in privacy and won’t track you. Open a new Incognito tab from Chrome’s Settings menu. Also see: How to stop Google Search history on Android.
9. Set up remote tracking & wiping
Device Manager is an excellent tool for tracking down and, if necessary, wiping a lost or stolen Android phone or tablet. It’s a free app for your phone or tablet from Google Play, but can also be accessed on any web browser in which you are signed into a Google account. Also see: How to find my phone and How to use Android Device Manager.
10. Consider device insurance
Following on from the last tip, should your phone or tablet go walkies you don’t want to find yourself out of pocket. Given that some devices can cost over £600, it’s worth considering device insurance if losing your phone is something you tend to be rather good at. Insurance2Go offers smartphone insurance from £4.99 per month.
11. Back up Android
It’s not just the fact that our data might get into the wrong hands when our device is lost or stolen that it worrying - it’s also the fact it will no longer be in our hands. Backing up Android is essential, and in doing so you can tie everything to your Google account rather than a piece of hardware that could break at any point.
Backing up Android also means things such as your photos and videos are accessible through any web browser signed into your Google account, and that next time you buy a new phone you won’t have to manually download and install all your favourite apps. Learn more about how to back up Android here.
12. Dealing with Android viruses and malware
Android viruses are few and far between, and you’re more likely to find yourself in trouble by clicking on a dodgy link in Gmail or a text message and giving away too much personal information than you are to download a dodgy app. But it is possible.
Some people like to install an antivirus app such as Lookout, Avast or AVG Free, but we’re not yet at the point where that is strictly necessary and usually all you need do to avoid Android viruses is to stick to downloading apps only from Google Play, and be careful what you click on in private messages.
If you do think your phone or tablet may have contracted a virus, also see our guide on how to remove a virus from an Android phone or tablet.
13. Encrypt Android
Those wanting to secure their Android device will more than likely have spotted the encryption option in Settings > Security > Encryption. This scrambles all the data on the phone - apps, media and more - until you put in the decryption password, which you will need to do every time you turn it on.
Encrypting and decrypting your data takes time, and for the majority of people it’s an unnecessary step that will simply slow things down. However, if your device contains extra-secure information, it’s a possibility you might like to consider.
14. Use a secure messaging app
Where do your text messages go once they’ve left your phone, and can others snoop on them? That all depends on the service you are using.
Popular instant messaging service WhatsApp now offers end-to-end encryption. Another secure messaging app often cited is Signal Private Messenger, which allows you to chat freely with your friends without its server being able to access your communication or data. Just keep in mind that any messages on your phone itself will still be visible to those who have physical access to it.