Table of contents
- How secure is Android OS?
- Why is Android vulnerable?
- How to secure your Android phone with built-in tools
- 1. Prevent downloads from unknown sources
- 2. Keep Android OS up to date
- 3. Keep your apps up to date
- 4. Lock your Android phone properly
- 5. Set up your phone’s Wi-Fi network security
- 6. Enable purchases with biometric authentication
- 7. Run a Play Protect scan
- 8. Enable Play Protect
- 9. Manage your app permissions
- 10. Use Google’s Find My Device feature
- How to protect your Android phone with third-party tools
- Install an Android antivirus app
- Use VPN to protect your identity
- Disable pop-ups and redirects in Chrome
- Use physical key
- Staying safe online
Google’s Android mobile operating system (OS) arrived on the scene less than 15 years ago. But in that time, it’s gone from strength to strength, becoming the world’s most popular OS for phones and tablets with 72% of the market.
Unfortunately, that popularity also makes it a target for hackers. According to recent estimates, there are more than three billion active Android devices in the world. That’s a lot of potential victims for cybercriminals to attack — and there’s no doubt they’re taking full advantage of the opportunity. There are viruses that spread through fake COVID-19 text messages. There’s malware that pretends steals your personal data. Hackers are even using interest in popular TV shows to trick users into downloading malicious software.
If your Android phone picks up malware, you might have to deal with a hijacked web browser, fake virus pop-up warnings, or a nasty case of ransomware. On top of all these Android security issues, you also need to think about securing your phone from unauthorised physical access, as well as keeping your private data safe.
In the face of all these digital nasties, you might feel like throwing your Android phone into the sea and buying an iPhone instead. But don’t panic. Google is constantly working to improve Android security, and there are steps you can take yourself to limit the chance of picking up malware. In this Android security guide, we’ll look at what you need to know to stay safe. Note, however, that versions of Android will differ, so any instructions in this guide will need to be adapted for your particular device.
Pro tip: Before getting stuck into our Android security tips, take a look at Clario for Android. As well as antivirus, it offers browsing protection and data breach monitor. Plus you get 24/7 support from our team of cybersecurity experts. Running a Clario virus scan is simple.
- Download Clario’s free trial, and set up an account
- Tap the Scan button
- Wait for the scan to finish
In this guide, we’ll cover the essential steps you need to take to get your Android phone security where it needs to be.
How secure is Android OS?
Although it sometimes seems like there’s a new Android virus every day, it’s not quite the disaster it seems to be. These days, Android comes with a variety of security measures baked right in, which protect you from rogue apps and viruses.
Key Android features include:
- Encryption: Android supports both file-based and full-disk encryption. This prevents other people from reading the data on your phone when it’s locked.
- Authentication: Not only can you protect your Android phone with a password or PIN, you can use facial recognition or your fingerprint to unlock your device - if it supports these functions.
- Play Protect: This malware scanning technology keeps an eye on the apps you install from the Play store, protecting your phone from viruses.
- App permissions: Android limits what apps can do without your permission. If an app tries to do certain actions, you’ll be prompted to allow or deny it.
- System-level security: Features like Verified Boot and Security-Enhanced Linux ensure Android is secured from the ground up.
As help as these security features are, though, they’re 100% effective, so you should take a few extra steps to protect yourself from malware. Set up your Android security correctly, follow good security practice and use an antivirus app, and you should remain clear of malware.
Why is Android vulnerable?
There are a few reasons why Android is more likely to pick up malware than other operating systems.
- It’s open source: Android is built on open-source software, which means anyone can make their own version of the operating system. Not only does that include manufacturers like Samsung and Amazon, but also independent developers. And when Google releases new versions of Android to other companies, phone manufacturers need time to add their own spin to the OS. And it’s up to them if and when they release new versions to their users.
- Older devices aren’t supported: When Google, manufacturers and networks decide to stop supporting devices with updates, that means older phones and tablets get left behind in terms of security. These phones and tablets may not even be that old, and that has led to more than a billion unsafe devices.
- Apps can be installed from third-party sources: Android also gives users more freedom about where they download apps from. While Apple locks iOS users into the App Store, Android users can easily install apps from third-party stores and anywhere on the web. That means more potential avenues for malware.
- Rooting is a bad idea: Finally, some users like to ‘root’ their Android devices. This allows them to install their own versions of Android and customise certain aspects they wouldn’t normally be able to. Unfortunately, this can also lead to increased security risks, so it’s usually advisable not to root your phone.
How to secure your Android phone with built-in tools
Securing Android properly is a multi-layered process. As well as changing settings on your phone and installing Android security software, you also need to think about your own behaviour. The actions you take could be the difference between a secure phone and a hacked one. Here, we’ll look at everything you need to do to keep your phone locked up tight.
1. Prevent downloads from unknown sources
Although Android users generally download apps from Play, they can also easily download apps from anywhere on the internet as APK (Android Package) files and install them on their phones. Users will get a warning from Android about installing apps from unknown sources, but they’re given the choice to disable that feature. That’s quite different to iPhones, where users have to jailbreak iOS to install apps from anywhere other than the App Store.
The freedom to install apps from anywhere can be a big plus point for advanced users, but it’s also a potential security risk. So it’s a good idea not to install apps from anywhere other than the Play store or reputable third-party stores like those run by phone manufacturers and Amazon.
By default, Android will warn you if you’re about to install an app from an unknown source. You might also see a warning from your browser when you try to download an APK file. With older versions of Android, you can completely disable protection against unknown sources, but we recommend not doing that. Newer versions let you enable this function per app, but we wouldn’t recommend doing that with your web browser. In some cases, you can enable it on a case-by-case basis.
Here’s how to check your settings for unknown sources on an Android device. Remember, this will differ depending on your device:
1. Go your main Android settings, and open Security
2. Tap More settings
3. Open Install apps from external sources
4. Tap an app you want to change
5. Check if Allow app installs is allowed
2. Keep Android OS up to date
Although Google creates updates for Android, it’s often up to your phone’s manufacturer or your network provider whether they distribute them. And they may also have their own updates too. Wherever they come from, updates often include Android security patches too, so it’s important to check to see if your phone has any.
In any case, here’s how to check if there are any Android updates for your phone:
1. Head to your main Android settings
2. Tap System & Updates
3. Select Software update
4. In many cases, your phone will automatically check for updates. If it doesn’t tap Check for updates
Depending on what phone you have and which network you’re with, you might not need to check. Instead, you might get notified when there's an update available to install.
3. Keep your apps up to date
As well as Android itself, you need to keep your apps up to date as well. Again, this is because developers often issue security patches in their updates. Assuming you get your apps from the Play store, it’s a good idea to set up automatic updates, so you don’t have to manually go through your apps and update them one by one.
Turning on Google Play’s automatic updates is easy:
1. Tap your avatar in the Play store
2. Select Settings
3. Tap Network preferences
4. Tap Auto-update apps
5. Select either Over any network or Over Wi-Fi only (recommended)
6. Tap Done
4. Lock your Android phone properly
Think about all the data you have on your phone. The important websites you visit and log into. If your phone has NFC, you might even use it to make contactless payments. It’s essential, therefore, to lock your phone properly. Don’t just rely on slide-to-unlock. Use a password, a PIN, facial recognition or your fingerprint, if your phone supports that function.
How you change your screen lock settings will depend on what model of phone and version of Android you have. Typically, it will involve a process like this:
1. Go into your main Android settings
2. Tap Biometrics & password
3. Select Change lock screen password
4. Set a password
5. Choose Fingerprint ID or Face Recognition, and follow the on-screen instructions
5. Set up your phone’s Wi-Fi network security
Thankfully, most mobile networks give users a generous amount of data every month for web browsing. But if you’re downloading a lot, or streaming video or music, you can easily run out. And then it might be appealing to connect an open Wi-Fi network while you’re out and about. The problem with that is you can’t guarantee the cybersecurity of that network. In some cases, you could be connecting to a rogue Wi-Fi network, set up to steal data from laptops, phones and other devices.
So unless you know you can trust a particular network, you should think twice about connecting to it. Also, check that your phone isn’t set to automatically connect to open Wi-Fi networks. This setting is only found in some versions of Android, so you might not have it on your phone. If you do, changing it is a good way to protect your Android phone.
Here’s how to check your Wi-Fi settings in Android:
1. Swipe down from the top of your screen to open your Quick Settings
2. Press and hold the Wi-Fi symbol to be taken to your Wi-Fi settings
3. Now select More settings. On some phones, you’ll need to tap on the three dots first, and it might be called something like Advanced settings
4. Look for a setting to do with open Wi-Fi networks and disable it
6. Enable purchases with biometric authentication
If your phone was lost or stolen, could someone use it to buy items from your account? Could they buy apps from the Play store or items from Amazon? Could they make transfers out of your PayPal account? That could certainly happen if they’re able to open your apps, but you can protect yourself using your fingerprint. If you’ve already set up fingerprint security to secure your Android phone, you’ll find many apps will give you the option to use your saved fingerprints to authenticate purchases. It’s a good idea to set this up wherever possible.
Here’s how you can enable fingerprint authentication in Google Play:
1. Press your user avatar in the top-right of Google Play
2. Choose Settings
3. Tap Authentication, and enable Biometric authentication
7. Run a Play Protect scan
If enabled, Google Play Protect will automatically scan apps for malware, protecting your Android device 24/7. If it finds anything, you’ll get a warning, letting you know. But you don’t just have to rely on automatic scans: you can also initiate a scan manually.
Here’s how to run an on-demand Play Protect scan:
- Tap your avatar in Google Play
- Tap Play Protect
- Hit the Scan button
- Wait for the results.
8. Enable Play Protect
Play Protect should already be enabled on your Android phone, but if it’s not, here’s how to turn it on, securing your Android phone in the process. Once enabled, it’ll automatically check the apps on your phone to make sure they’re free from malware.
Turning on Play Protect in Google Play is quick and easy:
- In Play, select your avatar to open the menu
- Select Play Protect
- Tap the gear icon in the top right
- Check that Scan apps with Play Protect is enabled
9. Manage your app permissions
One of the most useful Android security and privacy features is the ability to set permissions. If an app wants to make changes to your phone, access its camera, see your location or do anything else potentially risky, it has to ask you first. You can see what permissions apps require in Google Play, and you’ll get prompted to allow them when you install new apps. You can also edit these settings later, to revoke or allow permissions.
In the vast majority of cases, apps will have good reasons to request permissions. For example, an antivirus app will need permission to access your storage so it can scan for malware. But if an app asks for permissions it shouldn’t need, you should reconsider installing it. You wouldn’t, for instance, expect a basic painting app to need access to your contacts or location.
Here’s how to manage your permissions in Android:
1. In your system settings, select Privacy
2. Tap Permission manager
3. Select the type of permission you want to look at
4. Look through the apps that have been allowed or denied this permission
5. To change a permission, tap an app, and select Allow or Deny. You can also tap the link at the bottom to see all the permissions that app
10. Use Google’s Find My Device feature
Hopefully, you won’t ever lose your phone and no one will steal it. But it can and does happen. Thankfully, Google makes it easy to locate your device with Find My Device. Simply type ‘find my device’ into Google, and assuming you’re logged into the same Google account as you use on your Android phone, it should load up. You’ll be able to see a map, and Google will attempt to locate your phone using its GPS, cellular data and local Wi-Fi connections. You can also choose to make your phone ring, even if the volume is turned down. That’s useful if you’ve put it down somewhere in your vicinity but can’t recall where.
If you can’t get to your phone or it’s been stolen, you can also lock or erase it remotely. That way, you can protect your personal data. In Find My Device, click Recover. If you click Secure Device, you’ll be able to lock your device and make it display a message and your contact details.
If there’s no chance you’re getting your phone back, you should erase it:
1. In Find My Device, click Recover
2. Select Erase device
3. Click the Erase device button
4. Now enter your login details, and follow the on-screen instructions
How to protect your Android phone with third-party tools
Although Android has its own security settings, there are good reasons to use third-party phone security apps like Clario. One of the main reasons is that older phones often don’t get software updates. That’s a big problem, because many people are happy with their phones and don’t want to buy a replacement every two or three years. No updates means no security patches, and that can leave an open goal for hackers to exploit.
Even if you do have a new phone, it’s a good idea to install third-party Android phone protection anyway. It adds another layer to your defences, and because these apps come from dedicated security companies, they’re likely to have more up-to-date virus definitions.
Install an Android antivirus app
There are many good antivirus apps for Android in the Play store. However, there’s also a long history of fake Android antivirus apps too — some which do nothing at all and others that contain malware themselves. So while it’s a good idea to get an Android antivirus solution and run scans every now and then, you should choose one from a reputable company like Clario.
Here’s how to scan your Android phone for malware with Clario:
- Open Clario, and find Antivirus
- Tap the Scan button
- You may need to set up some permissions the first time you run a scan. To get started, tap Start scan
- When prompted, tap Allow
- Clario will scan your phone in search of malware. If Clario finds anything, it will be quarantined, and you can delete it
Use VPN to protect your identity
A virtual private network (VPN) will encrypt your internet traffic and hide your location. Not only does this stop websites from spying on you, it hides your online activity from anyone you share a network with. That’s useful if you’re hooking up to a public Wi-Fi network. So if you’re going to access a Wi-Fi hotspot, securing your Android phone with a VPN is a good idea.
There are many great VPN apps for Android, and they include Clario. What’s more, Clario’s VPN uses a feature called Auto VPN, so it only turns itself on when you’re hooked up to an unprotected Wi-Fi network.
Here’s how to use Clario’s Auto VPN feature:
1. In Clario, tap the Network icon
2. Now enable Auto VPN
3. Tap the Turn on button
4. You’ll need to give Clario permission to access your location to work properly. Tap Next
5. Select Allow while use the app
6. Now just tap Done, and you’re all finished
Disable pop-ups and redirects in Chrome
Pop-ups aren’t just annoying; they can be a sign of malware too. And if your phone’s browser keeps sending you to pages you don’t want, you might have unwanted software redirecting your traffic. We recommend using Android antivirus software to find and remove malware, but you can also use your browser’s settings to prevent these things from bugging you too much.
Here’s how to disable pop-ups and redirects in Chrome:
1. In Chrome, tap the three dots in the top right to open the settings
2. Tap Settings
3. Select Site settings
4. Tap Pop-ups and redirects
5. If Pop-ups and redirects is enabled, toggle it off
Use physical key
With two-factor authentication, your phone is usually your second form of authentication, along with your login details. You get a one-time password sent via text message or to a special app like Google Authenticator. But you can also use physical phone security keys as a second authentication factor. These usually use near-field communication (NFC), so they tend to work just by tapping them against your phone. Once your phone detects your unique key, it will let you into your accounts. Popular keys include Google Titan and the Yubico range. Of course, to use an NFC key, your phone needs to support NFC.
Checking for NFC on an Android phone is usually pretty straightforward:
- Swipe down from the top of your screen to open your Quick Settings
- If you don’t see NFC, swipe down again to see more icon
- If you still don’t see it, tap the pencil icon to edit your Quick Settings
- Hopefully, you’ll be able to find NFC here. If you don’t, you probably don’t have it
Staying safe online
Following the advice in this Android security guide will go a long way toward protecting your phone from malware and other security issues. But that doesn’t mean you should stop following basic internet safety guidance. How you behave online is as important as it’s ever been. Don’t download email attachments from people you don’t know, look out for phishing scams, and always be aware. With any luck, you’ll never fall victim to an Android security breach.
How do I set up security on my Android phone? ›
- Turn on 2-Step Verification and choose a second verification step. ...
- On your Android phone, go to myaccount.google.com/security.
- Under "Signing in to Google," select 2-Step Verification. ...
- Scroll to "Security key" tap the Right arrow .
- At the bottom left, tap Add security key.
- Safeguard communication between apps.
- Ask for credentials before showing sensitive information.
- Apply network security measures.
- Use WebView objects carefully.
- Use intents to defer permissions.
- Share data securely across apps.
- Store private data within internal storage.
- Tap Settings from your devices apps menu.
- Tap on Security (or Security and Screen Lock), this is usually located under the Personal section.
- Under the Screen Security section tap Screen lock.
- You are presented with several choices, from here you can pick the lock type you want for your device.
Android uses the concept of user-authentication-gated cryptographic keys that requires cryptographic key storage and service provider and user authenticators. On devices with a fingerprint sensor, users can enroll one or more fingerprints and use those fingerprints to unlock the device and perform other tasks.What are security settings? ›
Security settings includes changing of password and setting of security questions for the user.Which phone security is best? ›
- Blackphone PRIVY 2.0 – Top-level security.
- Sirin Labs Finney U1 – Best for crypto users.
- Bittium Tough Mobile C – Best for private key management.
- Purism Librem 5 – Best for maximum security.
- Sirin Solarin – Best for preventing incoming threats.
We'd always recommend running regular software and security updates, using a password manager and installing antivirus software for Android. For optimal device security, antivirus protection is by far the best option.How do I know my phone is safe? ›
- It runs a safety check on apps from the Google Play Store before you download them.
- It checks your device for potentially harmful apps from other sources. ...
- It warns you about potentially harmful apps.
Protect Your App's Transport Layer
So, step one in your effort to secure an Android app is simple: protect its data transfer layer by employing strong encryption. You can do this by making use of protocols like SSL and TLS, which are simple to add to your code and are very difficult to compromise.
Android's biggest built-in defense against malware is Google Play Protect. There are a few different components to Play Protect—including the Find My Device tools—but a big part of it is malware scanning. Every Android device that included the Google Play Store has Play Protect.
Does my Android phone need security? ›
We'd always recommend running regular software and security updates, using a password manager and installing antivirus software for Android. For optimal device security, antivirus protection is by far the best option.How do I turn on security settings? ›
- On your Android phone or tablet, open the Chrome app .
- To the right of the address bar, tap More. Settings.
- Tap Privacy and security.
- Tap the feature you want to update.
- Open Apps.
- Tap Google Settings.
- Tap Security.
- Tap Verify apps.
- Tap Scan device for security threats.