Secure your Android: five essential measures

Back to the homepage

Less secure than a regular Linux

1. Nowadays, Android is the most widely used operating system for smartphones and tablets.

Not everybody is aware of it, but Android is a Linux. And therefore pretty secure by design. But Google, Android's maker, has disabled a number of security features that are part of regular Linux. In order to make Android even easier to operate.

That's rather a pity of course, because now we, as end users, have to do an extra effort in order to increase security to an adequate level.

The most important security feature of a regular Linux is, that even the system administrator can only log in with ordinary user rights. If you want to do some system administration in a regular Linux, like installing applications, then Linux will always ask for your password. Which is sensible and cautious.

But unfortunately Android doesn't need your password when you install something....

Five measures to improve security in Android

2. With five measures you can create an adequate level of security in Android. I'll describe those below.

Always apply updates for your apps immediately

2.1. Always apply updates for your apps at once; don't wait. When an app reports that there's a new version available, it's best to install it without delay. Because those new versions often contain fixes for security leaks.

Check weekly for updates for the operating system

2.2. Perform a weekly check for newer versions of your operating system.

Often the manufacturer of your phone or tablet, provides an application with which you can put newer versions of the operating system on your appliance. For this, you have to install this application on your ordinary computer, and then connect your appliance with that computer. For example: Samsung has supplied the Windows application KIES for this.

Those updates are a weak point in the security of your appliance, because manufacturers often wait far too long with releasing security updates for the operating system....

Note: some appliances, like the smartphones from Samsung, have a "Software update" feature in the menu. Whilst this should deliver operating system updates to your phone, it often doesn't. Very often it doesn't report an available update, when Samsung's Windows application Kies, does report that!

So don't trust the menu feature for operating system updates, but use the Windows application for that, when the manufacturer offers such a thing.

Install only from known and secure software sources

2.3. Google's Play Store is a so-called software source or repository: a source from which you can download a lot of software and install it on your appliance.

Of course you have to be able to trust this source, so Google has applied several measures to protect this software source against the presence of malicious software. These checks aren't always 100 % effective, but they stop and prevent a lot of bad stuff.

For your security it's very important, crucial even, to be very wary when installing software from other sources. Beware, because there's a lot of malicious software out there...

Even when in the Play Store: install only "trustworthy" apps that have many downloads, a high user rating and a reputable developer.

Antivirus: usually superfluous, but not always

2.4. The only real threat for Android, is malicious software (malware) that you install yourself. Not viruses that infect your system when you visit a website or something like that. Android is not Windows.

When you only install applications from Google's Play Store, and when you even then use your common sense (stay away from obscure apps by unknown individuals, even in the Play Store), then.... you don't need any antivirus at all. And that's actually, by way of security, the best situation.

But if you don't live by that rule, then an antivirus app can offer a limited amount of security. Rather good free antivirus apps are those from Avast and AVG. But remember: you're much safer when you don't use antivirus at all, and only install from the Play Store, using your common sense....

Install a firewall and configure it right

2.5. You can considerably increase the security of your appliance by using a firewall.

A firewall isn't really necessary when you only use mobile internet (data connection) by your phone connection with your provider. Because then you have your own secured internet connection, which you share with no one else.

But this changes when you're connected to a wireless access point (wifi). Especially when it's an open public wireless access point, that can be used by many people at the same time.

That's why it's best to use a firewall for wifi connections. This is how to do that:

a. First of all, you need to root your appliance. By rooting it, you acquire full access to all files of the operating system. Which is necessary in order to let the firewall do its job.

When your appliance hasn't been rooted yet, you can probably find information for your specific appliance here or here.

b. Install Android Firewall by jtschohl, from the Play Store from Google. That's a simple firewall which is suitable for providing simple basic security.

(continued in the column on the right)

This website is being sponsored by Google Ads.

Are you using an ad blocker? Then you're also blocking my earnings from advertisements....

If you wish to support my website, you can configure your ad blocker to make an exception for this website.

Thanks in advance....

c. For this simple basic security, you give internet access to all applications which you've installed on your phone, for both the category Wifi and the category Data.
Start Android Firewall and tick the following line for both categories:
(Any applications) - Same as selecting all applications

The (sensible) default mode is whitelist, which means that all selected applications have internet access.

See the screenshot below (click on the image to enlarge it):

d. Now enable the firewall, because it's disabled by default. Tap the key on the left from the OK button on your phone - tick:
Enable Firewall

See the screenshot below (click on the image to enlarge it):

e. Configure automatic launching with a small delay, to start after the SD card has been read. This prevents malfunctions. And enable a notification when a newly installed application needs internet access.
Tap the key on the left from the OK button on your phone - Settings:
Enable both Notification Support and Apps on SDCard support

See the screenshot below (click on the image to enlarge it):

f. Finally, change some general settings of the Superuser app:

Start Superuser. Tap the key on the left of the OK button (application settings) - Settings:
Scroll down the list and disable Logging (otherwise the logs will grow too big, with useless entries).
In that same list, below Logging, tap Notifications and set it to None. Otherwise you'll be pestered every time the firewall uses root access (which it does very often).

Done! This way you've increased security a lot, with only a small reduction of ease of use.

Note (1): in order to save power and increase performance, because a firewall uses power and system resources as well, you can disable the firewall when you're not using wifi. Or when you're using the wireless access point in your own home, because then a firewall is of course useless.

Note (2): do you want more than simple basic security? Then reduce the number of apps with internet access, for the category Wifi. No need to do so for the category Data as well, because that's a secure connection.

Want more?

3. Do you want more tips and tweaks for Linux? There's a lot more of them on this website!

To the content of this website applies a Creative Commons license.