You don’t necessarily need to be an android to properly secure your Android device. With a few tips and adhering to a regime of think before you click, we can hopefully demystify some of the otherwise inscrutable security features inherent to the Android platform.

As recent reports of rampant malware and Trojans began to surface via media outlets, the average Android user might not know where to turn to address their security concerns. And with market share on the rise, Android is swiftly becoming more attractive to data miners and thieves alike.

Thankfully for us, the Android operating system is open source, which means there are no constraints on security. You can make your device as accessible or as airtight as you see fit.

Here are some tips you can use to exercise your device’s functionality, spread awareness among other users and — most important of all — increase security:

1.) I shouldn’t have to type this out, but you would be surprised how many people forget to enable a lock screen. Let us not forget that there are still people out there willing to adopt an older form of thievery. Should you realize your phone is suddenly in the physical possession of a third party, a lock screen is essential in providing your data with a first line of defense. Simply browse to ‘Settings’ > ‘Location & security’ to enable a PIN or pattern style lock screen.

“Setup a lock screen pattern that’s unique only to you”

While you’re in ‘Settings’, change your ‘Screen Timeout’ under ‘Display’ to ensure that your lock screen comes on after a delay of phone activity.

2.) In the event that your phone is compromised, the last thing you would want to do is hand over your data on a silver platter. Avoid storing a master password to access resources on your phone. Encrypt your passwords, or better yet, do not store them at all. This practice is indispensible for keeping your personal data under your own authority. As you browse the web on your device, be aware that any usernames and passwords entered could be saved locally. Use your browser settings to remove stored passwords and/or disable storing altogether.

“Configure password settings to suit your security needs”

3.) Recall that your device can sync with your Google account so in essence, your email, contacts, calendar, and now your apps will be stored on the cloud for easy retrieval.

Without your device’s sync feature, it becomes very tedious to populate everything manually. For this reason, there are apps that will take steps further protect your data should the lock screen fail to provide adequate protection. One simple way to do this is with App Protector Pro ($1.99 on the Android Market). You can lock down individual applications such as your Gmail, text messages, and more with simple pattern gestures or passwords. There are free alternatives as well but I cannot vouch for the validity of every app on the market…Which brings me to my next point…

4.) Before you go installing any app you run across be sure to read the applications access request for permissions agreement. This often overlooked agreement contains valuable information regarding specific permissions on how the app is to access your device. These permission requests, such as access to GPS, contacts, external storage, etc; are all coded directly into the Android manifest file. Be mindful of what your application purports to do and what it is that it actually does. Chances are a calculator application does not need access to the Internet or your personal information, so read those permission agreements.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

“The agreements are there for a reason. Read them.”

5.) Those of us without the greatest carrier coverage sometimes rely on Wi-Fi to do most of our heavy internet browsing. This helps keep data usage down and generally speeds up communications. However, remember that the same rules for standard computers still apply to Android on those free Wi-Fi hotspots. The information your device sends across a Wi-Fi network is not anonymous, so avoid any online banking or financial tracking until you have carrier coverage or access to a more trusted network.

6.) Stay anonymous and, thusly, more secure by turning off your geo-location features. Navigate to ‘Settings’ > ‘Location & security’ to disable the use of GPS satellite location and wireless network location. The wireless network location feature will also make you less traceable to authorities in an emergency situation so choose your battles wisely. Since there is a thin line between security and anonymity, I will not elaborate on the benefits and pitfalls of being anonymous (perhaps in a future article). Although, anyone interested in securing their personal data, whether it be their location on Foursquare or tagged photo on Facebook, every measure counts.

7.) Keep all of your applications and operating system up to date. Your device will periodically remind you of updates ready to be installed from the Android market or OTA via your service carrier. Keeping up to date is crucial for security as there are many exploits and methods for gaining access to restricted data discovered every day. If you find a glitch or unintended use of an application, let the developer know! As a developer myself, feedback is critical – we love getting feedback, both constructive and otherwise. Go back to the Android market to find developer contact information and send them an email. Getting apps patched or updated is vital to the growth and success of Android as a whole.

8.) Take proactive steps to ensure your data is safe in the event of a physical theft of your device. While there is no operating system level security for your SD card built into Android, such as the encryption Blackberry users enjoy – there are still a few ways we can prevent external threats from accessing our data. Where’s my Droid (free and donation version available on the Android market) is a great app I would recommend to everyone. It can help locate your phone in the event of a loss or theft by making it ring or tracking its geo-location on a computer. Where’s my Droid also provides built in protection via a PIN to gain access to the app itself. The ‘attention word,’ specified by the user, activates specified instructions aiding in the recovery of a lost or stolen device.

“Be sure to specify a unique attention phrase.”

Even if recovery is impossible, it is far better to have your identity intact.

9.) Common practices and preemptive safety precautions aside, no method is perfect. This is why it is so very important to backup your data. Take the time to create regular backups of your applications and settings. Syncing your phone with Google is one thing, but backing up your pictures, texts, videos, and other important files is another. I cannot stress enough how important it is to have redundancy in storing data. Try out:

  • Titanium Backup (requires root access, “Pro” pay and free version available)
  • MyBackup Pro ($4.99)
  • Lookout Mobile Security (Free)

Of course there are hideous amounts of applications out there that will do all of the above and more, though referring again to step No. 4, be sure to know what you are installing onto your phone before giving up access.

10.) Finally, as far as security goes for your Android device, use common sense! Do not install apps hastily without reading the permissions agreement or customer reviews. Use caution when browsing to sites via randomly found QR codes. Do not store your passwords in a file on your device or in an email linked to your device. Try not to reuse your passwords for added security in the event of a data breach. Do not give our or share personal information to those you do not expressly trust.

These are simple precautions that work for more than just Android devices, that should go without saying.

With new ways to access personal information via pioneering technology such as Near Field Communication [NFC] in Google’s Nexus S, one cannot afford to overlook even the most rudimentary security measures.

Whether your Android device is your social media muse or your dependable business buddy, the above steps should prove useful in reducing the risk of accidental data loss.

Be sure to leave your feedback. (all feedback welcome!)