Just got hold of a brand new Android smartphone or tablet? Or maybe you took our cybersecurity course and are concerned about the one you already use? New or old, you’ve come to the right place. To make your Android device user-friendly and secure,
it needs to be set up correctly. That’s what this lesson is all about.
We will start by protecting the device and its contents against prying eyes and sticky fingers. There are several options to choose from: PIN code, alphanumeric/graphic password, and biometric screen protection. What to choose? A trusty option is
a PIN code or password at least six characters long and not readily guessable (your name or “123456” won’t cut the cyber-mustard). A graphic key might sound good, but we advise against it — someone behind you, say, in a bus could easily sneak
a peek. If your phone or tablet has a special scanner, you can create a fingerprint lock — it’s convenient and quite secure. By contrast, face recognition technology is mostly unreliable: Many devices can be tricked by simply showing a photo of
you. The exceptions are smartphones which, like the iPhone, are fitted with a special front camera with a depth sensor.
Now let’s talk about Google account. You need one to use the company’s services (Gmail, Calendar, etc.), download apps from Google Play, synchronize data between different Android devices, and much more. So it’s important to protect it. A strong password,
two-factor authentication, and lesson 10 of the Personal Data Protection course will help achieve this.
The next step has to do with apps. Download them only from reliable sources, that is, from Google Play or, failing that, from the developer’s official website if you are sure of its reputation.
Otherwise, you could easily pick up malware. Incidentally, there is a handy function in the Android settings that lets you block the installation of apps from unknown sources (highly recommended). It provides a safeguard in case fraudsters ever manage
to dupe you into downloading and clicking on an installation file — the app will still not install unless you allow it to.
Even if you downloaded an app from Google Play, before installing, see what permissions it wants and think about whether they are really needed. A general rule of thumb is that fewer rights means less risk. Why, for instance, would a calculator need
access to calls and location, or unlimited data transfer? Something smells phishy!
Pay particular attention to Accessibility. It is designed for people with visual impairments and enable apps to read aloud on-screen information, carry out voice commands, and the like. If malware gains access to these functions, it will be able to
spy on you and click any button it wants. So do not give apps Accessibility permissions unless absolutely necessary. An exception is your antivirus — it really does need to click buttons on your behalf to ferret out malware.
If you never previously kept a close eye on permissions, it’s never too late to start. Just go to your phone’s settings, find the apps section, and disable all unnecessary permissions.
On the topic of unnecessary permissions... You may have heard about root privileges — a kind of superpower that allows the owner to change any settings, access any files, remove/install any applications, and generally remodel the system as they please.
Tempting, but here’s the rub: If malware able to use this superpower penetrates the rooted system, it will take full control of your device. By default on all smartphones, root privileges are not available to the user, which is the correct call. We
advise against rooting Android.
The next step is to protect data you transmit online, especially over public Wi-Fi networks. A data-encrypting VPN will help out here. Some VPNs are free, some not, but even then the outlays are not astronomical. Therefore, we strongly recommend using
a VPN when using public Wi-Fi networks.
But don’t forget: A VPN will protect your data from being intercepted, but will be powerless to assist if you download a malicious file or click on a phishing link.
So remain vigilant at all times. Better still, install on your mobile device a robust security solution, such as Kaspersky Internet Security for Android. It will protect you from malware and spyware, and automatically block suspicious files and websites.
Meanwhile, our other solution, Kaspersky Security Cloud, combines three in one (antivirus, VPN, password manager), meaning that you do not have to search for separate applications.
Finally, in the unfortunate event that you lose or have your smartphone or tablet stolen, you can make use of Google’s Find My Device app, available on Google Play or pre-installed on many smartphones. It can determine the location of a lost
or stolen Android device and remotely lock it. Our Kaspersky Internet Security for Android and Kaspersky Security Cloud offer the same feature. If you lose it, use it!
Now you know how to make Android more secure and private by correctly configuring the screen lock and your Google account, monitoring app permissions, not rooting the device, and installing a reliable security solution with a VPN.
Want to configure other devices running iOS, macOS, or Windows? These we discuss in separate lessons.
What should you NOT do on an Android device so as not to compromise security?