Ten Steps to Android Smartphone Security
By Evidence Solutions, Inc.
Computer Technology and Digital Forensic Firm
Computer Technology and Digital Forensic Firm
Smartphones continue to grow in popularity and are now as powerful and functional as many computers. As mobile cybersecurity continues to grow, it is important to protect your smartphone just like you protect your computer. Mobile security tips can help you reduce the risk of exposure to mobile security threats.
1) Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN) on your phone as a first line of defense in case your phone is lost or stolen. Use a different password for each of your important log-ins (email, banking, personal sites, etc.). Configure your phone to automatically lock after five minutes or less when your phone is idle. My personal phone locks in 30 seconds. Use the SIM password capability available on most smartphones.
2) Leave your smartphone’s security settings alone. Do not alter security settings for convenience. Tampering with your phone’s factory settings or rooting your phone undermines the built-in security features offered by your smartphone. Changing these settings makes it more susceptible to an attack.
3) Backup and secure your data. You should backup all of the data stored on your phone – including your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased. (I use: LookOut, GoBackup and SpriteBackup).
4) Only install apps from trusted sources. Before downloading an app, do some research to ensure the app is legitimate. Checking the legitimacy of an app may include: checking reviews, confirming the legitimacy of the app store, and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents. There are also apps that warn you if any security risks exist on your phone. I only install apps from: GooglePlay and Amazon’s App Store.(I use LookOut. It scans apps when they are installed to ensure that they are safe.)
5) Understand app permissions before accepting them. You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone. Make sure to also check the privacy settings for each app before installing. One ‘flashlight’ app that we reviewed allowed the app to “Write to the SD card.” An app that turns on and off the phone’s light shouldn’t need access to the SD card.
6) Install security apps that enable remote location and wiping. An important security feature widely available on smartphones, either by default or as an app, is the ability to remotely locate and erase all of the data stored on your phone, even if the phone’s GPS is off. In the case that you misplace your phone, some applications can activate a loud alarm, even if your phone is on silent. These apps can also help you locate and recover your phone when lost. Visit CTIA for a full list of anti-theft protection apps. (LookOut has these capabilities, but I rely on SeekDroid for anti-theft protection.)
7) Install software updates. Both for your apps and for your phone operating system. You should keep your phone’s operating system software up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.
8) Be smart on open Wi-Fi networks. When you access a Wi-Fi network that is open to the public, your phone can be an easy target for cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information. (I don’t use public Wi-Fi networks.)
9) Wipe data on your old phone before you donate, resell or recycle it. Your smartphone contains personal data you want to keep private when you dispose of your old phone. To protect your privacy, completely erase data off your phone and reset the phone to its initial factory settings. Now having wiped your old device, you are free to donate, resell, recycle or otherwise properly dispose of your phone. Remember to wipe out the SD card or simply remove it.
10) Report a stolen smartphone. Wireless service providers, in coordination with the FCC, have established a stolen phone database. You should report your stolen phone to law enforcement authorities and your wireless provider. This will notify all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.
By Scott Greene
ABOUT THE AUTHOR: Scott Greene of Evidence Solutions, Inc.
For over 30 years, Scott Greene has been helping companies meet the challenges of the swiftly evolving computer technology industry.
Directly from high school, Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.
The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records. Scott then explains the digital evidence in plain English.
Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.
Copyright Evidence Solutions, Inc.
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.