Android devices are getting safer all the time, but they still have a long way to go before they catch up to the standards of Apple’s iOS. That’s because while Apple assumes responsibility for iOS device security, Google farms out much of that responsibility to device makers, wireless carriers and, well, you.
And if you don’t want to be the weakest link in your Android device’s security, here are several steps you need to take.
- Install apps only from the Google Play store
Unauthorized app stores are full of weird and dangerous stuff, much of which can steal your personal information, load malware or even hijack your Google account. Stick to the Google Play store by going into Settings > Security and making sure “Unknown sources” is disabled.
- Inspect apps before you install them
Bad stuff can make it even into the Google Play app store, which isn’t policed as thoroughly as its Apple counterpart. Before you click the “Install” button on a new Android app, read through its lists of permissions and see whether they match what the app says it does. If a flashlight app, for example, needs to be able to make calls and send texts, that should raise some red flags. Don’t install it.
- Enable a screen lock
You don’t want strangers picking up your phone and leafing through it. Any kind of screen-lock code is better than nothing, although patterns and passwords are stronger than PINs, faces or fingerprints. PINs can be cracked through repeated guessing; fingerprints and faces can be fooled. Set up your phone so that the screen locks only after a few minutes of inactivity, or not at all if it’s connected to a trusted Wi-Fi network or your car’s Bluetooth signal.
- Enable screen pinning
Android 5 Lollipop and later versions let you “pin” a specific app to the lockscreen. That way, your younger one can play Candy Crush on your phone without being able to read your email. Go to Settings > Security > Screen Pinning, toggle the on/off switch, and, if available, also toggle “Ask for PIN before unpinning.” Then open an app, tap the Recent button at the bottom of the screen, select the app card and tap the pin icon on the bottom right. Press the Recent or Back button to unpin the app, but you’ll need to unlock the screen to access the rest of the phone.
- Update your Android software when prompted
Google pushes out new security updates to Android every month. Unfortunately, not all phones or tablets will get them, as wireless carriers and device makers have the ultimate say on when a software update is ready. If you have a recent phone from Samsung, Motorola or Google itself, you probably do get the updates. If you have a Google phone running Android 7 Nougat, the updates will be automatic. Go into Settings > About phone > System updates and click “Check for updates.” Some phones also display the “Android security patch level” in About phone; later is better.
- Turn off connections you don’t need
You should turn off your Wi-Fi, Bluetooth and GPS connections when you’re not using them. Some phones can be set up to do so when you leave your home or workplace. This will not only save battery life, but also prevent your device from connecting to random Wi-Fi networks, being tracked by Bluetooth beacons, and from being followed by spy satellites looking for your GPS signal.
- Enable Android Device Manager
Should your phone be lost or stolen, Android Device Manager can make it ring, lock its screen or, if the GPS is turned on, locate it anywhere in the world. The service can even wipe all your personal data from the phone, but that’s a last-ditch option as you won’t be able to find the phone again. Read how to enable Android Device Manager security here, and download the Android Device Manager here.
- Uninstall apps you never use
You probably have a dozen apps installed that you don’t use any more. Uninstall them. Your phone may run faster, and you’ll reduce the risk that malware or an attacker will exploit a hidden flaw in an app. Don’t worry — if you’ve paid for an app through Google Play, you can always reinstall it at no charge.
- Set up two-factor authentication on your Google account
This won’t directly protect your phone, but it will make it much harder for bad guys to hijack your Google account, which is probably deeply intertwined with your Android devices. Log into Google on a desktop web browser by going to myaccount.google.com, click “Sign-in & security,” and then click “2-Step Verification.” After you set it up, you’ll have to enter a number texted to your cellphone once from every device or computer.
- Encrypt your phone
Google lets you encrypt your phone’s entire contents so that they can’t be read without a passcode or PIN. That will defeat a snoop trying to access personal data, but it won’t stop a thief who’s stolen your phone and plans to resell it.
- Lock individual apps
Certain apps, such as email or banking ones, contain sensitive data that should be kept secret. You can lock them individually with a dedicated third-party app such as AppLock; some Android antivirus software also offers app-locking features.
Bonus: If your phone is old, buy a new one.
Many Android devices stop getting security and software updates as soon as 18 months after release. Even Google cuts off its own devices after about 30 months. To make sure you’re getting the safest and swiftest version of Android, get a new phone every two years or so.