Securing your Android device against evil hands and prying eyes

There has been a recent surge in malware plaguing Android devices, especially very harmful ransomware that encrypt and keep you out of your own files. Some, especially Android critics, might point out how that's not exactly new for Google's mobile platform. But the brazenness and frequency has admittedly increased of late. In this age of near unchecked spying, hacking, and all sorts of unauthorized access to networks, computers, and smartphones, users can no longer remain complacent. We all have to do our small part in keeping our devices secure. You don't have to turn your smartphone or tablet into a tank to keep it safe. Here are a few simple steps you can take, and most of them don't even require money!

Don't root if you don't have to

It's not that rooting is inherently unsafe, but it significantly increases the potential for harm. For all the power that rooting offers, there are equivalent risks. You, the user, becomes even more responsible for the security of your device. No one, not the rooting developer and especially not OEMs and Google, will claim responsibility for your device.

On the flip side, rooting could also give users even more tools to protect themselves, with more powerful software and more powerful safeguards. But it is something that only power users will really be able to utilize, so the burden is still greater than with an unrooted device.

There might be a very valid reason why you need root, like a ROM for an already unsupported that automatically roots itself after installation. In those cases, it is best to learn the tools of the trade and best practices in securing your device.

Only install apps from authorized app stores

Now this is the root of almost all malware infections. Users, for one reason or another, install apps from third party sources, sometimes just downloaded from some website. Perhaps it's just because of unfamiliarity with app stores, thinking that, like Windows, you still download installers off websites. Or perhaps the user is trying to get around some limitation (price or region). Either way, unless you are getting the APK from the source itself, there is a very high chance it will be carrying some malware with it.

So only install apps from Google Play Store or Amazon Appstore. Can't stomach that $1.99 price tag for that game or app? Just keep in mind that the price you'll have to pay when you do get hit by ransomware will be hundreds more than that. Of course, even apps from these markets do sometimes come bearing unwanted gifts. It's rare for most popular apps to be infected, so the risk is higher with less popular ones. Try to check around first before you install. And, as useful as app reviews may sometimes be, they aren't always legit.

There are some app "stores" that offer features or follow principles that don't exactly mesh with the likes of Google's or Amazon's app markets. F-Droid, for example, is a popular app market for open source only apps. You might have the opportunity to check out the source code to check for potential traps, but for regular users, that will simply be gibberish. It's a valid use case perhaps, but do proceed with caution.

Don't be generous with permissions

Android 6.0 Marshmallow finally brought a feature many power users have been clamoring for: fine-grained permission controls. Now you can turn permissions on or off per feature, instead of granting or revoking them wholesale. Although most useful for power users, everybody benefits from it. In particular, it lets users lessen the opportunities for apps to wreak havoc on their devices.

Installed an app that you don't think has any business scouring through your data storage? Found an app that, while nice, suspiciously needs an Internet connection when it shouldn't? Simply go to the app's settings and turn those off. Of course, presuming that app itself hasn't installed any malware yet, App Permissions could prevent it from doing so. One variant of the recently reported "GODLESS" malware, for example, doesn't itself come with the malware but instead "phones home" to download the malware first. Revoking its right to access the Internet would, in theory, block that.

Don't go overboard though. Some apps do need those permissions to function well. Most of the time, they'd crash to let you know anyway.

Security Apps

This is the part that may or may not cost you some money. There is, unsurprisingly, a market for security apps and services that have flourished because of Android malware. And as much as Google might wish it weren't so, it's anti-malware detection and protection software aren't infallible. As a last line of defense, there are tools that try to detect more than what Google can or, if worse comes to worst, clean up your device.

We won't be playing favorites here. There are dozens of these apps to choose from, though only a few come from reputable names that have established themselves in the industry as at least trustworthy. Names like Avira, Avast, TrendMicro, Bitdefender, ESET, AVG, and more come to mind. Different users have different loyalties, though some will base their decision on features.

Most of the time, however, these security suits offer very similar feature sets, differing mainly in the classes of malware they can identify or neutralize. Sometimes, you might even want to install multiple apps just to be double safe. If the apps allow that, though. Almost amusingly, some security apps label their competitors' apps as malware as well.

A word of caution, however. Sometimes even reputable companies go astray. Some of those brands have, at one point or another, been involved in some security or privacy scandal. They aren't perfect and they aren't running charities either. Their bottom line will still be profits, and their actions, or inactions, will be guided by that.

Wrap-up

A good part of security, be it Android, iOS, Windows, or macOS, relies on user vigilance. Users are usually the first line of defense against malware and hackers. Unfortunately, users have proven to be quite terrible at that job. Almost of all these "simple" steps to secure your Android smartphone or tablet fall under the category of "common sense", something that has been proven to be not common at all.

Should you forget four simple rules, you can at least remember just one, oversimplified rule:

"When in doubt, don't."