In 2007, the Open Handset Alliance (OHA) declared android as a free open source operating system for mobile devices. This made the companies like Samsung, Sony, HTC, LG etc. who were all struggling to foothold in the market at that time; primarily dominated by Nokia, get a new breath of the life in the mobile sector. These companies could now use Android OS for their devices and customize them according to it, which really helped these companies in standing in the market.
The time when the HTC Wonder was launched, the mobile device market was flooded with Android based mobile phones, and the wild popularity of tablets gave android a nitro boost. Another factor that added to the popularity of android was its Linux-based kernel, which gave it the flexibility to be used with other devices (such as TVs, set-tops boxes etc.). As of the second quarter of 2013, approximately 80 % of the smart phones across the world are running on the android operating system.
But are you aware about your security while using android devices. I am going to concentrate on various facts regarding the security of Android device in this article. Let’s have a look:
Is Your Android Device Safe and Secure?
As soon the android OS is becoming more and more popular, the chances of it being affected by malware are increasing and it may cause you to lose high sensitive data to the strangers.
Why to Secure Your Android Device?
We all are well-aware of the fact that in the real world, no system or technology is fool-proof. It will always consist of some vulnerabilities. The chances of such loopholes being discovered grow in direct proportion to the popularity of the technology. The same is with android devices.
Android devices have surpassed Symbian, iOS and BlackBerry devices not only in numbers, but also in terms of features and ease of use. At present, android based smart phones are being used in almost every organisation and at every level. And the popularity which is gained by android in all the factors makes android a likely target for malware aimed at stealing sensitive information.
Google and other device manufactures are putting in their best efforts to make their devices more and more secure, but a curious mind will always find a loophole, which will compromise the security of the device. And hence, every day new malware for android is being unleashed, while only a few of them have the potential to make it to the headlines, even the lesser ones can bite hard at times.
When it comes to mobile devices, malware is not the only thing to worry about. Theft of mobile devices is another concern for users. According to a survey conducted by Symantec, 53 % of Indians have been victims of mobile theft. This is worrying because of the data stored on mobile device, which may be personal, corporate or both. Once the device is stolen or lost, that data is at risk.
Besides these, there are other risks such as the mobile device being used by other people, misplaced devices etc, which are common in day-to-day life. A little precaution goes a long way in mitigating these risks.
Checklist for a Secure Android Device:
If you wish to keep your android device safe and secure against the malware and other kind of risks, here are few ways mentioned for it. Just give a look at them:
Implementing Basic Security (Screen Security):
Every android device provides built-in security features. And users are required to set a screen lock for their devices. This can be done in various interesting ways. Users can choose standard device PIN, password, pattern lock, face unlock and swipe methods for locking their devices and protect them from unusual access. Screen lock can be set from the settings of the device. Users should also fill owner info form and set it to display on the lock screen. This will help in retrieving the device, in case it gets lost.
SIM PIN is a very useful feature. When your device is lost or stolen, this feature stops the access of your SIM, when inserted into other device as to use the SIM, the user will have to provide the PIN first. With the option enabled, the device will ask for the SIM PIN, every time it boots up.
Passwords should not be made visible except if it is really required. Users should make sure that this feature remains disabled at all times.
Android 2.3.4 and later versions support device encryption. Though this is a must-have security feature, yet most of the device manufactures choose to ignore it in their customized android version. In this case this feature is not available, people can use external apps such as Secret Space Encryptor (SSE), Encryption Manager, Droid Crypt etc. for encrypting purpose.
Multiple User Accounts:
Tablets running on Android 4.2 (Jellybean) provide an option to create a separate user profiles for different users. This is helpful if the device is being shared by multiple family members. This feature can be found under Setting>Device>Users.
Device Administrators are applications that can control certain features of the device. For Example, when an antivirus is installed on the device, it becomes a device administrator. It can erase all data on the device, set password rules, etc. on the user’s behalf. But, there is no malicious intent in doing this. Often, these apps provide an option for users to perform these tasks remotely and hence, they need to act as device administrators.
The Unknown Sources feature allows the user to install the apps provide by third party store. Apps installed via these modes may contain some malicious codes, which could pose a risk to the user’s data. This option should remain disabled at all times except for development purposes.
Mobile Security Suites:
Installing a mobile security suite is not only a must and a best practice for securing PCs but also for mobile devices. All the leading antivirus companies provide a mobile version of their product. A mobile security suite provides a wide variety of features along with an antivirus .For example user can trace their phones, lock their devices etc.
Device Back Up:
Users should regularly back up the data on their device. By default, Android provides an option to back up the configuration and settings. This is useful when a device is reset to factory settings and users want to restore the apps and settings without much trouble. However, it does not back up the data stored on the device. Device data can be backed up either by using the desktop software suite for the device or via third party apps installed on the mobile device. Carbon, Titanium Backup, Cloud Backup etc. are some apps that can be used for this purpose. Some of these apps provide an option to store the back-up data on the cloud.
Mobile Device Management:
The increasing trend of Bring Your Own Device (BYOD) has led organisation to hunt for Mobile Device Management (MDM) solutions. BYOD comes with risks like corporate data leakage, corporate data theft etc. To counter such risks, organisations are deploying MDM solutions in their environment. Users should check with IT department of their company if any such solution is deployed. MDM not only provides features to protect corporate data but also enables employees to locate and wipe their device in case of theft or loss. Users of Samsung’s android based devices can use Samsung SAFE for this purpose. Besides this, Samsung has recently launched Samsung Knox under the Samsung SAFE umbrella to provide two environments (corporate and personal) on one device.
This lovely feature of android devices does not allow any app to install automatically without the permission of user. Hence, every user should check if the app, which he/she is going to install is either safe or not.
If you are handing over your device to someone else for a little or more period, you would want to protect your personal data (SMS, pictures, WhatsApp Messages, emails etc.). You can do it by installing the apps which are used to lock the individual apps like AppLock, Smart App Protector etc. You can put a password to apps that stores personal data. Once implemented password protected app will ask the user for a PIN before launching.
Transaction Password for Play Store:
Users who want to purchase Books, songs, movies etc from Play Store required to store their payment information (credit/debit) in their Google Account. Once the information is saved, users can perform transactions in Play Store with just one click. While this is very convenient to use, it poses a risk of credit card information being used for malicious purposes like unauthorised purchases. To prevent this, Play Store provides a feature wherein users can set a transaction password. This can be found in Play Store Settings >> Controls >> Password.
Android ROMs, shipped with devices, is not root access, by default. Most of the users won’t require root privileges on their device, but few advanced users and developers often love to experiment with their devices and hence go for rooting the device. If users wish to opt rooting their device they should only use trusted ROMs (for example, Cyanogenmod). Untrusted ROMs may have malicious apps running in the background.
Besides the above list, Google and Android developers are working hard to enhance the overall security of Android. In Android 4.3(released on July 24, 2013), Google has extended Android’s Verify App feature to verify even the side loaded apps. In addition, Google is all set to launch Android Device Manager for Android 2.2 and above. Android Device Manager can be viewed as a personal Mobile Device Management solution for Android users. With this app, users can locate their device on a map in real-time. It will also allow them to ring a silenced phone at maximum volume.
Google is also working on de-constructing the Android environment. This means that most of the apps that shipped as part of stock Android ROM are now being published by Google as standalone apps (Google Keyboard is the latest addition to this). There may be many more updates in the android versions regarding the security features in the future. Just keep your eyes on these updates and live protected.
At last, we can’t blame any device for being unsafe or unsecured. But, always we can say that the technology will always having some vulnerabilities. So, besides running away from one to another device, just understand the features of your device and protect your device in the best possible manners. I hope, you would have liked the article. If you are an android user, share your experience and any other security tips, I may have missed via comment section.