Android security recommendations¶
Turn on data encryption¶
Turning on Android-level data encryption means when the device is locked, no one can see the data. Unlocking your encrypted device decrypts your data. Encryption can add protection in case your device is stolen. It's an easier alternative to using encrypted forms that offer most of the benefits.
Encryption takes an hour or more to complete. Before you start, ensure that battery is charged and keep the device plugged in until encryption is complete. Make sure your data is backed up, just in case something goes wrong.
- Interrupting encryption process may lead to loss of some or all of your data.
- The process is irreversible. The device cannot be decrypted once the encryption is setup and you will have to wipe out all the data for decryption or removing encryption.
For devices running any version older than 4, you’ll need to either upgrade your operating system or consult the manufacturer’s instructions.
For devices running Android version 4 or later:
Open your device's Settings app.
Tap Lock screen in the Device section. Then tap on Screen lock and create a pin or password.
Encryption cannot be performed until you have setup either a PIN or a password lock. Pattern lock is not allowed with encryption.
Setting a strong passcode is imperative to protect your Android phone. The longer the passcode (or alphanumeric password), the tougher it will be for an attacker to gain access to your device. Even a lock screen won't necessarily prevent a thief or hacker from getting access to your data. You can use apps that destroy all the data after few failed attempts to unlock the device. For more details, see this.
Tap Security in the System section.
Go to Encryption section. Now select Encrypt device to start encryption. Follow the onscreen instructions. During encryption, your device might restart several times.
On some phones, you’ll need to choose Storage, then or to find the Encrypt device option
If you are using SD card for storage, you can encrypt that too by choosing Encrypt SD card in the Encryption section. This not only encrypts the contents of the SD card, but it also means that the card cannot be used on another device unless it is wiped.
You should also ensure that device debugging (via adb) is disabled when collecting data, as that can enable users to pull data from the device after it has been successfully booted (when the sdcard encryption key is entered). i.e., if the debugging interface is enabled, someone could steal the device, connect it to a laptop, and pull data off it as long as it has not been shut down as they don't need to successfully unlock the device's lock screen to gain access.
For more details on encryption, see this.
Adjust Google Play to require a password for every purchase¶
You can set up Google Play to require a password for every purchase, which makes sure that anything you buy is done so with your consent. This can prevent enumerators from installing apps which can bypass certain specified requirements.
Open the Play store app, tap on the left-hand slide-out menu, and then choose Settings.
Look for Require password for purchases and tap on it. You'll be asked to input your password.
Choose the password input frequency as For all purchases through Google Play on this device.
The password will not be set for free downloads. If you want to lock free downloads as well, use an app locking app like AppLock.
Disable cloud-based backup¶
Though storing your data in the cloud is good for backing it up, law enforcement can demand that Google turn over your data. The best way to keep your Android phone from sending your personal data to its servers is to turn off backup. The downside is if you lose your phone, you may lose your data. Remember, you always have the option to manually back-up to your personal computer.
To disable backup:
Go to Settings app.
Then tap Backup & Reset in Personalisation section.
Now switch off the option to Back up my data.
Limit who can use Google Now¶
Google Now is your own intelligence assistant by bringing information to you when you need it but that gives Google a lot of access to your data to know what to dig up. The best way to use it is by turning it off from the lock screen, so only you with your passcode can use the feature and get access to your personal data. The steps to do this are as follows:
Open the Google app, tap on the left-hand slide-out menu, and then choose Settings.
Tap on Voice in the Search section and then choose 'OK Google' detection.
Turn off the feature Say "OK Google" any time.
Lower your phone's sleep timeout¶
Lowering your phone's sleep timeout can prevent opportunistic people from getting access to your unlocked device. The lower the figure, the quicker it locks you out.
Start by going to Settings app.
Tap on Display and wallpaper under the Device section.
Tap on Screen timeout and lower the screen timeout by choosing an appropriate timeout from the list.
Once you've lowered your phone's sleep timeout setting, you need to make sure that your Android device locks and presents the lock screen when it wakes up. Tap on Lock screen in the Device section and then tap on Lock automatically option and choose an appropriate timeout again.
Limit your lock screen notifications¶
Your lock screen can show a lot about your life. Your Android phone or tablet can limit what's shown on the lock screen in order to prevent others from seeing your personal content as it comes in.
Go to Settings app then Tap on Sounds & notifications under the Device section.
Scroll down and tap on Notifications on lock screen under the Notification section. You can change how notifications are shown when device is locked setting. The most privacy conscious setting is to Hide sensitive notification content so that you know which app is alerting you, without showing its contents.
Make sure you keep Android up-to-date¶
Many Android phone makers will now offer monthly security patches to ensure that any known vulnerabilities will be patched. Install these patches every month. It's one of the best ways to ensure that you won't be attacked by hackers and malware.
To periodically check for software updates, go to Settings app.
Then tap on About device under the System section.