Saturday, 30 November 2013

Basic security tips for Android

Image: Digital Trends
Security is a major concern many people have in this modern technological era. With so much information in data streams, going back and forth between user devices and servers, with so much of our personal lives online, it shouldn't come as a surprise if some users value the data and information in their devices (or the cloud) more than the actual devices themselves. With more and more people using mobile devices, the mobile industry is becoming more appealing to would-be hackers and data phishers. I believe that anything can be "hacked", to use the term loosely. There's no such thing as 100% security when it comes to something as vast and interconnected as the world wide web. But that doesn't mean we should shun the advancements of technology all together. There are many security measures taken by service providers to ensure the security of their clients' data and information, and there are also many security measures users can take on their end to ensure the safety of their data and devices. Here are 5 of the most basic security measures all Android users can should take to keep their data and their devices safe.

Avoid public WiFi when possible
Not really Android related, but with more people accessing the web via mobile devices nowadays, I think this is quite important nonetheless. I have friends who have smartphones but no data plan. Instead, they hop from one WiFi network to another. Public WiFi is like a goldmine to them, being able to connect to the world for free. Now I'm not saying that public WiFi is a big security threat, it's not. But when I want to do any online banking, I always do so from my own personal WiFi at home. Or my smartphone's data plan. I never do online banking on a public WiFi network, where many other strangers can easily connect to it as well. I'm not educated in the field of cyber security, but when you want to send sensitive information online, like your online banking account password to your bank's servers, it just makes sense to do so from a network you trust (like your home network) rather than a public network that hundreds of people (including data phishers) have access to, doesn't it?

Stick to the Play Store
We all love our apps. Apps are what make our smartphones and tablets useful. Without apps, what would we do with these devices? There are many online sources when it comes to apps, but with over 1 million apps in the Play Store, pretty much every Android user will be able to find what they want without having to go elsewhere. Google have a security system built-in to the Play Store called Bouncer which actively scans apps for malicious code, so you can be sure that any app you download from the Play Store is safe. If for some reason you don't trust Bouncer, or an app manages to squeeze through undetected, you can always check the app's ratings and reviews by other users. They will indicate if an app is safe or not. This will also help you differentiate legitimate apps from fake apps, like what happened during the failed BBM launch a few months ago. As a third security measure if you still don't feel safe, the Play Store lists the permissions an app requests before being downloaded, so you can see exactly what an app will be able to do once you install it on your device. So yeah, stick to the Play Store, it's the best option out there.

Use the built-in security measures in Android
As part of Google's fight against fragmentation, the built-in malware scanner from Android 4.2 was pushed to all Android devices via Google Play Services. What this means is, if you have an Android device, you probably have this feature in your settings, regardless of what phone you are using, and what version of Android it's running. So to access these security features, open the settings on your device, and go into security. Under "Device Administration", you will see two toggle-able settings, "Unknown sources" and "Verify apps". The "unknown sources" setting will allow apps to be installed on your device from unknown sources, i.e., not the Play Store. You'll want to uncheck this option. It can also help prevent apps from being installed from websites you browse on your device, which can happen if you visit sites that want to force their apps onto your device for ad revenue. The second setting as the name suggests, will verify apps as they are being installed on your device, regardless of origin. This is a setting you will want to leave checked. It will warn if an app you are about to install is potentially dangerous, or block it immediately if it is known to be dangerous. With these two settings, no malicious apps should be able to find their way onto your device.
Android's built-in malware scanner has you covered. Image: Google
Use 2-step verification
Passwords aren't really good security measures. If someone manages to figure out your password, there's nothing to stop them from accessing your account. Which is where 2-step verification comes in. 2-step verification adds another layer of security to your Google account. If in the unfortunate event someone manages to get your password, they still won't be able to access your account if you have 2-step verification enabled. This is because the system requires two inputs from the user - the password, and a randomly generated code that is sent to the user's phone. Without your device, the person attempting to access your account won't have this code, which will prevent him from doing so. These codes are randomly generated, and are only generated when you want to sign-in to your account. By activating 2-step verification, any unauthorised attempt to access your account will fail, as long as you have your phone with you. So if you haven't already, go on and activate 2-step verification for your Google account.
2-step verification, an extra layer of protection. Image: Google
Activate Android Device Manager
Losing your device is a double blow. Losing your device is bad enough, but losing the data on the device can be devastating. In addition to the malware scanner mentioned earlier, Google also pushed the Android Device Manager, again via Google Play Services to all Android devices. ADM is a service that aims to help users who have lost their device. It will allow users to locate their device, lock it, or wipe it clean regardless of where it is. Activating ADM on your device is extremely easy. All you need to do is go into the Google Settings app (not to be confused with your device's Settings app), go to "Android Device Manager" and enable both options that are displayed. This will allow you to remotely locate your device, lock it, erase it, and even make it ring on full volume. To access ADM from the web, go to https://www.google.com/android/devicemanager. From there you will be able to use all the features you just activated on your device. You can also access ADM from the Play Store on the web. On the Play Store home page, click the settings button (the gear) located in the top right corner of the page (beneath your user bar) and select Android Device Manager. With this service fully enabled, hopefully you will be able to soften the blow if you unfortunately lose your device. 
Android Device Manager. The only anti-theft service you'll need.
If you're wondering why I'm not recommending installing anti-virus or anti-theft apps on your device, it's because I don't think they are necessary anymore on Android devices. With Bouncer in the Play Store and a built-in malware scanner on your device, you are in no danger of installing malware onto your device. With 2-step verification and ADM enabled, your data and accounts are also more secure, and you can also lock or wipe your device remotely if you lose it. There really is nothing more you need from an app to help you. If you are an average Android user who just uses your phone to browse social media, take pictures of food and chat with friends and family, just follow these steps and you will be safe.