How to protect your privacy using Android

by: Rob TriggsMarch 11, 2016
1.5K

Android security lock
Shutterstock

We keep an awful lot of personal information on our mobiles these days and they consequently know quite a lot about us. From our location and contacts to our favourite hangouts and hobbies, we happily exchange some of this information for “free” services from the likes of Google and others, but there are plenty of less scrupulous people and businesses out there that would also like to get their hands on this valuable asset.

These days, it makes a lot of sense to look after the data stored on your smartphone and fortunately there are plenty of handy tools available within the Android ecosystem to help keep your data private.

Use the lockscreen

Using a basic PIN, password or swipe gesture really is the bare minimum level of security that everyone should put on their smartphone. As shocking as it might sound, data from earlier in the year suggested that 34 percent of all Android users don’t even make use of the basic lockscreen feature that is built into every Android smartphone.

lock screen lockscreen security

While the talk about malicious software, bugs, and backdoors may often make tech headlines, physical phone theft is still a real issue. If a criminal lacks a conscience enough to steal your phone, they probably won’t have too many qualms about sifting through your contacts, pictures, and emails in an attempt to grab personal data that would be used for further exploitation. There’s a good chance that you’re making use of a banking app on your phone too, and you really wouldn’t want someone to get into those types of important and personal apps.

Enabling a lockscreen PIN is incredibly simple, just head on over to Settings -> Security -> Screen Lock. Here you can pick from your preferred password lock type, which you will then need to enter each time you try to access your phone. Other manufacturers may move this menu to under general settings, if they have their own lockscreen protection alternatives, such as LG’s knock code.

Device Encryption

Applying a password to your phone’s lockscreen is a start, but particularly nefarious and skilled criminals may still be able to access your files, given enough time and access to say a stolen smartphone. Device encryption can be used put all of your files into a format that cannot be understood without first decrypting them with the proper key, or a password that only you will know.

Encryption is a really tough form of security, hence why the FBI doing battle with Silicon Valley companies in an attempt to bypass it. However, it comes with a bit of a performance penalty on some older smartphones, although newer devices shouldn’t notice any issues.

symmetric encryption

Much like the lockscreen, encryption options can be found under the Settings -> Security menu, where you will find options to protect both the data on your smartphone and microSD card, if your device has a slot. Encryption can take a little while, so best to start up the process with a full battery and plenty of time to spare. For more information and a walk through of the steps, check out our encryption guide below.

IMG_0048Read more: How to encrypt your Android device48

Android Device Manager

While we are dealing with taking precautions against stolen smartphones, all Android users should take a little bit of time to check out the Android Device Manager. This service is linked up with your Google account and can be used to manage all of your Android devices remotely, providing that they are connected to the web.

Android Device Manager can be logged into through any web browser via this link. From here you will be presented with a list of your devices, with options to track their location, make them ring in case your phone has stuffed itself down your couch, or to “enable lock and erase”. By enabling this last feature you will be able to remotely lock your smartphone or tablet, and even completely erase all of the data on the device if it’s stolen.

best android apps to find your phone

You can also find these same settings directly on your device. Head on into “Google Settings” and tap Security. Under Android Device Manager you can review and edit options for remote locking and erasing.

Picking tougher passwords

Along with just plain out not using a lockscreen, weak or commonly used passwords are the biggest no-no if you’re looking to keep your data secure, both on device and online. Lists of the most commonly used passwords are published rather frequently and if your password of choice appears on that list, you should really change it. Disappointingly, the most common passwords rarely change, so here are some to definitely steer clear of:

  • 1234567 (and other basic counting variations)
  • password
  • qwerty
  • football
  • welcome

As a general rule, a mix of cases, numbers, and special characters (where allowed) makes for the most secure password, and the longer the better too. 8 characters is really the bare minimum recommended, but moving up to 12 or 16 makes them so much harder to guess.

A strong password is a good start, but using multiple passwords is even better. You’ve no-doubt heard about sites being hacked and passwords exposed, so it’s not very safe these days to rely on the same code for all of your accounts, apps, and websites. Of course, keeping track of all these different passwords can be a nightmare, but there are a number of apps out there that can help manage them all and can even generate very strong random passwords.

Android apps like LastPass, mSecure, oneSafe, and Keepass2Android each offer up their own selection of unique features for additional security. These include secure password storage options, two factor authentication, and multi-device support, among others.

password manager apps for AndroidCompare: The best password manager apps for Android68

VPN (Virtual Private Networks)

So far, we have mostly dealt with offline security and preventing thieves from cracking into your private files. However, it’s also possible for the bad guys out there to track exactly what you’re looking at and downloading online.

One way around this is to use a Virtual Private Network (VPN). Instead of communicating directly with every website that you visit, a VPN service will route your traffic through a different server or selection of servers first. This way, your IP address and device are not immediately connected to an end service, although it doesn’t stop somebody from tracking the chain further back if they are really that interested in what you were up to. Some VPNs will also keep a log of what you’re up to, so always best to check out the terms and conditions before you use any service.

expressvpn-phones

VPN’s add an extra layer of privacy, but they don’t make you completely invisible. They are also commonly used to access websites that are locked to a specific region, such as on demand video streaming services. However, you will often find that your internet speeds slow down quite a bit because of all the diverted traffic.

There are a number of free options out there, but most of these come with a catch. You know the saying, if the service is free then assume that you’re the product. Instead, picking a paid for option will likely result in faster browsing speeds and better privacy. We recommend ExpressVPN, it’s secure, fast and reliable with apps for all your systems including Android/Windows/Mac/iPhone.

 

best free VPN apps for androidTake your pick: 15 best Android VPN apps98

Encrypted Communications

While VPNs can offer some degree of privacy, the only sure fire way to know that no unwanted eyes are snooping in on your communications is to use encryption. Several Android apps have incorporated encryption into their messaging services to varying degrees, with uses ranging from simple text messages to video calls.

Much like device encryption, these apps can scramble up communications into a form that is virtually impossible to decipher without the correct key. This allows for messages and files to be sent between parties over the web and only unscrambled at each end with the correct matching key. This method is very effective at keeping information secure, so much so in fact that law enforcement agencies around the world are rather hostile to it.

A number of commonly used mobile messaging services use some form of encryption, including BlackBerry Messenger, Facebook Messenger, Skype, Snapchat, and WhatsApp. For non-web based communications, you can try the open-source Signal Private Messenger for calls, SMS and MMS.

end to end encryption BBC

However, many of these apps aren’t using end-to-end encryption, whereby the keys are only known to the devices at each end. Instead, a lot of the most popular services use server based encryption. So while outside lookers won’t be able to unscramble any intercepted communications, the service provider likely knows the key to decrypt your messages and will therefore be able to understand and share your communications with third parties, such as law enforcement agencies, if so requested.

You can take a closer look at exactly how secure a number of these encrypted data apps actually are over at the Electronic Frontier Foundation’s handy Secure Messaging Scorecard.

Understanding App Permissions

Now that we’ve dealt with general data privacy, the other major snoopers in the mobile space are actually the apps that we all download. Of course, you should always install software only from trusted sources, such as the Play Store, but even then some apps, especially the free ones, exist to turn your data into profits. Ad supported apps are one thing, but digging through your files is another.

One big hint that an app may be up to something dodgy is to check out the permissions that the app requires upon installation, and think about what makes sense for the features that the app is offering you. A classic example is the range of popular flash-light apps available, with many requesting access to USB storage, WiFi networks, data, and Google services, none of which really have anything to do with turning a flash-light on or off.

flashlight apps permissions chart

Unfortunately this is a rather grey area, with some permissions being required to perform certain tasks that might not immediately seem key to the app’s main purpose. Top notch app developers should explain why certain permissions are needed in the app’s description, but this is not as common an occurrence as it should be.

Android Marshmallow App Permissions 2

With the introduction of Android Marshmallow users can actively manage which features apps have permissions for. To do this, simply head on over to Settings -> Apps -> click the gear icon -> App Permissions. However, not all apps have been updated to comply with the latest Marshmallow API, so disabling some permissions may break older apps. Expect to spend some time on trial and error here.

Anti-virus apps

While the Play Store does a very good job at screening out malicious applications, additional security can be had with the range of anti-virus apps available from the store. This isn’t really necessary for most users, but if you’re big on side-loading apps from other developer websites, then anti-virus is certainly worth looking into.

Of course, the free versions are probably going to be collecting some data to sell for advertising purposes, so those versions defeat the purpose of our article. But there are a number of reasonably priced options available that also introduce some additional features.

Many anti-virus apps pack in anti-theft features these days, including remote phone locking and wiping, much like the Android Device Manager. Furthermore, some of these apps can keep an eye out for broader Android security vulnerability exploits, such as Stragefright, and offer protection from malicious emails and rouge websites, which isn’t so easily covered without an anti-virus app.

best antivirus android appsSee also: 15 best antivirus Android apps and anti-malware Android apps215

Wrap up

That’s quite a list, but there are plenty of little things that you can quite easily do to protect your privacy and help keep your Android devices a little more secure. On top of all the apps and settings listed here, perhaps the most effective change that you can make is to tweak your phone habits. Keep location usage to a minimum, disable or uninstall apps that you don’t use, keep an eye on app permissions during updates, and change your passwords regularly, and you should be safe enough.

If you have any of your own privacy tips and tricks, please feel free to share them in the comments below.

  • Kamalnath Kanthimathinathan

    does tracking the terrorist is more important than exposing the sensible data to hackers…??
    what will happen to online money transfers…?? i don’t think it’s gonna be happy news for people/companies in UK…..

  • Peter Ward

    There’s way too much paranoia around mobile and online privacy. I couldn’t care less who knows what messages I send, who I call or what I browse for. If you’ve got nothing to hide, you’ve got nothing to worry about.

    • Lean In My Cup

      So you dont mind giving me your email adress and password since you’ve got nothing to hide?

    • Scr-U-gle

      Good of you to go around quoting Joseph Goebbels/Eric Schitt

  • BigJohnMan

    I used to think that it
    didn’t matter, until I started to monitor how my data was being used. Target,
    Walmart, and every company you can think of was monitoring me in hopes to get
    my money using specific advertising tactics pointed directly at me. I may not be a major concern to the security of the USA, but I do think that I should be able to drive my car without CEO’s knowing exactly where I am so that they can remind me that I am passing their businesses. If this were a fair and free system, I should be able to track those CEO’s and know everything about them, that they know about me… Agree???

    • My Galaxy Prime

      How were you able to track that?

  • My Galaxy Prime

    I wouldn’t mind encrypting my phone, I just hate that I have to use a pin instead of my fingerprint.

    • Dingus Khan

      If I’m not mistaken, you only need to provide the pin when you turn the phone on—not every time you turn on the screen.

  • Sally Croft

    So true, VPN such as PureVPN can be useful for privacy and protection and for unblocking Geo restricted channels on Android http://www.purevpn.com/vpn-service/android-vpn.php

  • Richard Riker

    Lockscreen? Hell no, I never leave my phone somewhere. All in all, I don’t, put it somewhere else than my pocket often – at least as long as I’m not at home.
    Encryption? When M will feature the new encryption algorithm a Google Developer added to the Linux kernel, definetely. Otherwise I’ll see.
    App-permissions? Sure, using AppOps since it first appeared, currently under 5.1.1. When my feature device will get M – in one or the other way – the new permission management will definetely be helpfull.
    VPN? Ok, there are some good (free) VPNs, but besides it mostly doesn’t work on rooted devices, I can’t life without XPosed anymore, but for some reason VPNs don’t work when it is installed…or CustomROMs all in all. And VPNs aren’t that save than somebody could think. They are mostly vulnearable to the easiest attacks and when you try to tunnel an IPv6 connection through an IPv4 VPN tunnel, you are f***** up. The most VPNs can’t handle IPv6 properly so they say you are safe but in reality you aren’t protected all in all because you are surfing without any VPN tunnel.

  • Omar

    I am obsessed about my privacy as I do not want my personal life to be on a permanent record that could be used against me someday. I use Tor and VPN; my device is encrypted. Yet I would very much like to know how an encrypted device functions when it is connected to Internet. I thought that encryption is merely a useful tool to scramble your data before doing a factory reset and sell the device. I would appreciate any comment or a recommendation as i have not found a good guide on net by myself.

  • DaHai8

    You could build your own VPN Server, cheaply, and be even more secure not having to worry about a corporate VPN Service selling your data or releasing it to ‘authorities’…

    http://www.amazon.com/Build-Smart-Raspberry-VPN-Server-ebook/dp/B00TI7LDWU/

  • Jurasic Baraga

    All Chetah Mobile apps (i.e. Clean master) is a SPY apps that asking too much permision

  • Marius Tomas

    But does it true that when you encrypt your phone your phone slows down? If talking about flagship. I am using S6 Edge.

    • gg

      Yes it is true but the differences of read and write speeds are not that significant (unless you’re constantly read and writing huge files).

  • Rohit Raja

    Cool info…

  • If you want to protect your data in your Android phone then is no other way than does not attach any social media account. and do not install any app from the play store. Because when you attach your account to any application within Android phone your Privacy is nearly done.