Android security: Six tips to protect your Google phone

The Google Android platform has never been more popular

Google's Android Market mobile software shop was hit last week with its first major malware attack; a popular application called "DroidDream" proved to be infected with malicious code that could steal users' personal information, and Google was forced to use a built-in Android "kill-switch" to do away with the problematic app -- but not until after it had already infiltrated thousands of Android smartphones.

The Google Android platform has never been more popular; in fact, Android now holds a commanding 31 percent of the U.S. smartphone market share, making it the most popular smartphone OS in the country, according to ComScore.

Slideshow: 8 Essential Android Security Apps

Android has also never before represented such a significant target for hackers and other baddies looking to profit off of the platform's popularity. In other words, now is the time to get smart about Google Android security. The following six tips and tricks will help do just that.

1) Protect Your Android with a Password -- Now!

The single most effective security measure you can take to protect your Android device is to lock it with a password. It sounds simple, but a strong password -- or even a weak one -- will protect you and your smartphone from the vast majority of threats; if a malicious party can't get past your password screen, your data and everything else on-device is generally secure.

Depending on the model of your Android smartphone, you'll have a variety of password options, but they're all accessed in mainly the same way. Open up your Android Settings menu and scroll down to the section called Location & Security Settings or something similar. First, enable Screen Unlock Security and you'll then be presented with a number of password options, depending on your device.

For example, my Motorola Atrix 4G provides password options for a Pattern Lock, for which you can set a specific "swipe pattern" to unlock your device; a PIN Lock that uses numbers to secure your handheld; a Password Lock, for which you can employ both letters and numbers; and finally, a biometric-based Fingerprints Lock that employs the Atrix's fingerprint reader for authentication.

Though the Fingerprint Lock is the most secure option...I'm a bit wary of storing my biometric information on Google's servers, so I opt for the Password Lock. In order of "secureness," the Fingerprint Lock is most secure, followed by the Password Lock, PIN Lock and finally, the Pattern Lock. But using any one of these Android password security options is better than not using one at all.

(Note: If you choose to employ the Pattern Lock option, it's a good idea to frequently wipe your touch screen clean, since repeated entry of your pattern lock can leave a "trail" that can be spotted by hackers and used to gain access to your device.)

After you set your Android password, you should set your Screen Timeout options to a relatively low option, so your device display shuts off and locks itself shortly after you last touch it. To do so, open up the Android Settings menu, scroll down and select Display. On the following screen, locate the Screen Timeout option and pick a value -- I suggest one minute or less for maximum security.

2) Customize Locked Home Screen with Owner Info

Imagine you accidentally leave your smartphone at a bar. A good Samaritan locates the device and wants to get it back to its rightful owner...but it's locked and the home screen shows only a beautiful, albeit useless, ocean vista.

This scenario plays out all the time, and if more smartphone owners only added owner information to their devices' home screens, many more lost devices would likely be returned. Unfortunately, Android doesn't have any built-in option that lets you post owner information on your device's locked home screen, like other mobile platforms, including Research In Motion's (RIM) BlackBerry OS. But a couple of third-party applications will do the trick.

My favorite option for adding owner information to your Android home screen: the Phone Found - Owner Info app, which is available for free via the Android Market. To customize the Owner Info app, simply launch the software, hit the Edit menu options and enter in your contact information. You can then open up the app's Settings and choose which information you want to display on your device's locked home screen.

3) Do NOT Root Your Android Device

To "root" your Google Android device means to remove a number of manufacturer- and wireless-carrier-imposed restrictions put on your smartphone to make it easier for said parties to install and deliver the applications and services they want you to employ, among other things.

Rooting also opens up system-level access to your device's core resources, which is not a good thing, at least from a security perspective, since doing so also removes a number of safeguards installed to help protect your device from malware and other potentially dangerous code.

Unless you're a developer or someone who is very familiar with Android and you're simply willing to take your chances, you should NOT root your Android device. Ever. Not rooting might mean limited access to some cool, custom applications and services, and you won't be able to download apps from many unofficial third-party app stores. However, avoiding a root does vastly increase security, because in large part applications can't gain system-level access without a root.

Bottom line: Don't root your Android device. But if do, beware that in rooting your smartphone, you're significantly reducing your device's existing security safeguards.

Join the CSO newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile securityGoogle Androidsmartphones

More about BlackBerryetworkFacebookGoogleMotionMotorolaResearch In MotionResearch In MotionSK

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Al Sacco

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts