Android security is always a hotbed of scandals and criticism among security experts and analysts, thanks to malware like HummingBad for not letting Android OS come out of vulnerability radar.
As per the report, this malware can infect 85 million devices and make up to $300,000 a month.
We have been discussing ad nauseam over the years. The most you have read about this or that malware/virus/brain-eating monster are overly sensationalized accounts with zero chance of actually affecting you in the real world.
But, have you ever look those matters closely?
If not, then you must be missing the key details. Upon close observation, you will come to know that these stories are from those that make their money selling malware protection programs.
Yes, I am not exaggerating!
The reality is that Google has some advanced methods to protect Android PDAs; your common sense is also needed to complement those security measures, even you will be saved in case if the Play Store guards slip up and let the occasional bad app into the gates.
The biggest threat you should be concerned about is the security of your devices and accounts; it takes 20 minutes to audit the Android security, making sure that your setup is sound.
Can’t you spare 20 mins from 525600 mins a year?
Just go through these steps, and set a reminder to revisit them in another 12 months. Then rest easy that the Android malware won’t be banging on your virtual door anytime soon.
Part I: App intelligence
Step 1: Look all the apps and services connected to an account
We grant access to countless apps to sinch with our google account – though it is not a big deal – apps that are not in use can be a good backdoor for malware to enter. So, why not closing those connections once the app gets purposeless.
Don’t know which app/s has access to your google account? Visit Google’s security settings and remove all the useless apps.
Step 2: Revisit your Android app permissions
It is easy to give permission to an app, but the most difficult task to check whether the app is actually doing what it’s intended or breaching their own terms and conditions.
That’s why it is worth checking what permission the app on your phone posses, and see if any app is going beyond limits, control it before it gets infected.
The setup is quite simple.
- Open apps and notification on your system settings
- Tap on advance > app permission; there, you will see all the permissions you give to all the apps.
Note: Be selective and wise for this matter. Make sure if an app genuinely needs access to certain types of data like maps, so taking away that permission would prevent the respective app from performing particular actions.
Don’t worry! The next time you try to use the app that you’ll be asked to access, that time you can allow and then again get the access back – it will hardly take few seconds to restrict access.
Step 3: Make sure you’re using Android’s app-scanning system
Android has numerous spying apps that are secretly monitoring our moves; those apps don’t even need o third-party app or add-ons. And while the system is enabled by default on the current device, it’s a good practice to confirm that everything’s turned on and working as it is supposed to be.
So for this, tap on the Google play protection and make sure that “scan” should be checked for a security threat. That’ll allow Android’s app verification system to keep an eye on all apps, even after they’re installed, and make sure none of are dangerous.
Don’t worry! You won’t be bothered! The scanner will run silently in the background and bother you when found something suspicious.
Part II: Passwords and authentication
Step 4: Double-check some security basics
A no-brainer to mention – if you are not using your device biometric, PIN, password, or facial recognition, so start using it NOW.
Mostly the cause of security failure is simply a mistake made by you. This is done by clicking on any unknown link – if your phone is not password-protected, it means your data is just out there to be easily stolen by cybercriminals; imagine your PDA lost somewhere, and with the device itself, the data will also be gone.
This could be your email, documents, social media accounts, and everything that resides in your Android device.
Android does provide a software Smart Lock function that automatically leaves your phone to unlock in a variety of situations – which means an added security show up when needed.
Let me put it simply, there’s no excuse to leave your data unprotected. Head into the Security & Location section to get started, if you haven’t already.
Step 5: Peek in on Smart Lock passwords
Speaking about the smart lock is one of the less-discussed parts of Google security system, which is able enough to save password from websites or apps access with your mobile.
Part of Android adit, make a routine of glancing at the list of the same passwords and remove any outdated items that are no longer needed.
Step 6: Assess password management system
Google Saved password system is next to nothing, but that doesn’t mean that your passwords remain vulnerable, thanks to some of the best password managers that are securing Android passwords.
Not only this, with the best password manager – LastPass – you can create more strong passwords, even you’ll be recommended too – which password needs to be revived. It automatically fills saved passwords whenever needed and forgets if you command so.
Isn’t it a good thing for this Android audit? You can thank these service providers later for doing all the heavy lifting for you.
Step 8: Evaluate your two-factor authentication situation
Well, a single password is not enough to protect your account – one of the wide-reaching yet valuable examples is your google account. Two-factor authentication is used to protect your personal and sensitive accounts, increasing the level of security while decreasing the possibility of someone getting into your account.
If you haven’t enabled two-factor authentication for your Google account, head over to to get started. And don’t stop with just Google, either: enable it on all the services that offer it.
Speaking of Authy, if you’re using two-factor authentication, open the app and head into the My Account section, tap “App Protection,” and confirm that you’re using a PIN or fingerprint. Then pop over to the Devices section of the same menu to check exactly what devices are authorized to access the app.
If you really want to keep your account secure, Google also now offers a souped-up feature – “Advanced Protection,” but for that, you will be needing to purchase physical security keys and then use those whenever you sign in to your Google account. It severely limits the ways in which third-party apps can connect with your account.
Step 9: Optimize your lock screen security
The lock screen is the obvious interface that can be viewable to anyone hold or peek into your PDA, so make sure your notifications – “Lock screen preferences” – are limited; make sure your messages and Google notifications are off.
And finally, if your phone is running Android 9 Pie, don’t forget to try a newly added option called lockdown mode. Once enabled, it gives you a quick way to lock your phone from all biometric and Smart Lock security options — meaning only a pattern, PIN, or password (you set) could pass your lock screen and get into your device. Enable the option in case you’re being forced to unlock your phone with fingerprint or face — be it by a law enforcement agent or a regular ol’ hooligan, even notifications won’t show up when the mode is activated.
There’s one catch: You have to enable the option ahead of time to be available. But doing so takes a couple of seconds: in the same “Lock screen preferences”, simply activate the toggle next to “Show lockdown option” — and that’s all.
If the need arises, remember this: While your lock screen, press and hold phone’s power button for a second or two, you’ll see the newly present “Lockdown” option.
Hopefully, you’ll never need it — but now you know in case you do.
Oh, and guess what, we’ve almost done with this annual audit. Only a few more cleanups to go!
- Clean up the list of connected devices.
- Clean up the devices in the Play Store.
And the last (not least) consideration is
Step 10: Think about using a VPN
No matter how secure your Android baby is, someone could still snoop on your info if you’re transmitting it over an insecure internet. That’s where virtual private networks, or VPNs, come in.
They encrypt all incoming and outgoing data so that no one could easily intercept it and see what you’re doing, especially, at the network level.
And with that, my security-seekers, consider your Android audited. Set your reminder to revisit these steps this same time next year. The areas I have covered are always evolving, and conducting an annual checkup is the only way to ensure your virtual house is in proper order.