Hello my fellow forum users! I was reading and doing research on general android security. It seems android has some security issues, so I am writing this to help educate my fellow members on how to stay as secure and clean as possible!
To give you a little bit of background information, I have been a white hat "Hacker" for about 4 years, mostly working on Apple/Linux open source projects. I love open source, and the GNU team, and helping them is helping myself.
This will be split into two sections, One will be "Physical security" focusing on how to lock down your phone to keep it secure in the real world. This will focus on how to secure your phone if the "attacker"(Thief) has physical access to your phone, and what you can set up to help stop him. The other section will focus on "Software security", and as you probably guessed; This focuses on securing your phone's system.
Without further delay, lets move on!
As we all know, we lose things, it just life. But now that we are in the digital age, losing a device is compared to leaving a wallet, your leaving everything an attacker needs to steal enough info to steal your identity! Follow these steps to help secure/track/recover the device.
- CHECK TO MAKE SURE YOUR PHONE IS WITH YOU BEFORE YOU LEAVE SOMEWHERE! This is probably the biggest and simplest mistake someone can make. If you check to make sure you have your phone before you leave somewhere, chances are you will never need to worry.
- LOCK THE PHONE SCREEN WITH A PASSWORD OR PATTERN! Doing this will trump any petty thief's attempt to get access to your phone. This will help keep your data safe and secure about 75% of the time. Most of them just want to sell the device, which is better then selling your identity! They will probably flash the device anyway, so this will really help you out. But there is some who know exactly what they are doing.
- WHEN YOU GO OUT, ENABLE GPS! I cannot stress this enough, even if your a tinfoil hat; DO IT! If you lose it VM can track it and you will have an idea where it is, or at least the last location the phone was at before it was turned off. This will give VM and the Police a better chance to find the thief.
- TREAT YOUR PHONE LIKE YOUR WALLET FILLED WITH GOLD! Your phone has enough data to actually be worth this, treat it as such and you won't forget it!
- ENCRYPT SENSITIVE FILES! If you have an sensitive documents on your phone, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT!!! Everyone has something they want to keep private, keep it private permanently by using encryption. You can get apps on the market that will lock/encrypt Files/Folders. This will always keep your phone secure, as encryption is almost impossible to break.
- DON'T SHARE YOUR SD CARD! It can take seconds for someone to steal the Data off of the SD card.
- THINK BEFORE YOU PLUG! Only plug your phone into a computer you trust, if the computer is infected it could harm your phone.
We all know about malware, and malware that runs on android, but what about android hacks? Anything can be use to exploit your phone for it to leak it contents or even hand root over! Be smart and think before you run any type of software or visit a questionable website. Follow these steps to help keep your phone as "Hack Free" as possible!
- STAY INFORMED! Always keep an eye out for android news, not just to see the coolest apps, but security! When you see a new hack or bad app out, read about it and make sure you have an idea how to identify the hack/app. Common sense is the best security tool!
- INSTALL FROM THE MARKET AS MUCH AS POSSIBLE! No this is not an ad, its to help you! Even though the Market can have hacks, its best to see if someone has noticed anything, read the reviews and check the rating. Look to see if anyone has anything to say about something suspicious or questionable. Like above Common sense is the best security tool!
- DO NOT GO ON QUESTIONABLE SITES! We all know this, but this applies the most to android, most android hacks come from the stock browser. If you hate using 3rd party browsers and prefer the stock, only go on sites you can completely trust. Do not surf the web on it, one bad link could hand your phone over!
- ADS KILL! Free apps can sometimes display ads that can hold hack, to be safe make sure you only install popular free apps. This usually reduces the chance for a hack, as Google and the Dev will really keep their eyes out for that app's security.
- ENCRYPT ALL THE THINGS! If you have something you dnt want copied, ENCRYPT IT! If your phone ever does get rooted(RootKit), your sensitive data will still be seen as encrypted.
- REBOOT! Rebooting clears the RAM from the phone, this not only helps performance, but it clears passwords. This will help reduce the chance of encryption keys, or general passwords from being stolen.
- DNT INSTALL QUESTIONABLE APPS! If you see your app on a google search result, make sure you see it in about 3 - 4 places. If you don't, there is a good chance that site is trying to fool you, google is ALWAYS your best friend!
- DONT JUST HAND OVER ROOT! ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, make sure you know what you are doing when you let an app run as root. If you let an app that is actually malware, it can do ANYTHING to your phone. Make sure you know what the app will do before you run it as root!!!
- COMMON SENSE! STAY INFORMED! DONT FALL FOR TRICKS! <--- That
This is my advice to the people on this forum to keep yourself secure and "hack free" as possible. Always do as much as you can to keep yourself secure, there is always chance you can be hacked, but make it a challenge!