How to "Harden" Your Android phone (2.2 - 2.3)General

Last Updated:

  1. RoujinKarma

    RoujinKarma Well-Known Member

    Hello my fellow forum users! I was reading and doing research on general android security. It seems android has some security issues, so I am writing this to help educate my fellow members on how to stay as secure and clean as possible!

    To give you a little bit of background information, I have been a white hat "Hacker" for about 4 years, mostly working on Apple/Linux open source projects. I love open source, and the GNU team, and helping them is helping myself.

    This will be split into two sections, One will be "Physical security" focusing on how to lock down your phone to keep it secure in the real world. This will focus on how to secure your phone if the "attacker"(Thief) has physical access to your phone, and what you can set up to help stop him. The other section will focus on "Software security", and as you probably guessed; This focuses on securing your phone's system.

    Without further delay, lets move on!

    Physical Security
    As we all know, we lose things, it just life. But now that we are in the digital age, losing a device is compared to leaving a wallet, your leaving everything an attacker needs to steal enough info to steal your identity! Follow these steps to help secure/track/recover the device.

    • CHECK TO MAKE SURE YOUR PHONE IS WITH YOU BEFORE YOU LEAVE SOMEWHERE! This is probably the biggest and simplest mistake someone can make. If you check to make sure you have your phone before you leave somewhere, chances are you will never need to worry.
    • LOCK THE PHONE SCREEN WITH A PASSWORD OR PATTERN! Doing this will trump any petty thief's attempt to get access to your phone. This will help keep your data safe and secure about 75% of the time. Most of them just want to sell the device, which is better then selling your identity! They will probably flash the device anyway, so this will really help you out. But there is some who know exactly what they are doing.
    • WHEN YOU GO OUT, ENABLE GPS! I cannot stress this enough, even if your a tinfoil hat; DO IT! If you lose it VM can track it and you will have an idea where it is, or at least the last location the phone was at before it was turned off. This will give VM and the Police a better chance to find the thief.
    • TREAT YOUR PHONE LIKE YOUR WALLET FILLED WITH GOLD! Your phone has enough data to actually be worth this, treat it as such and you won't forget it!
    • ENCRYPT SENSITIVE FILES! If you have an sensitive documents on your phone, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT!!! Everyone has something they want to keep private, keep it private permanently by using encryption. You can get apps on the market that will lock/encrypt Files/Folders. This will always keep your phone secure, as encryption is almost impossible to break.
    • DON'T SHARE YOUR SD CARD! It can take seconds for someone to steal the Data off of the SD card.
    • THINK BEFORE YOU PLUG! Only plug your phone into a computer you trust, if the computer is infected it could harm your phone.
    Software Security

    We all know about malware, and malware that runs on android, but what about android hacks? Anything can be use to exploit your phone for it to leak it contents or even hand root over! Be smart and think before you run any type of software or visit a questionable website. Follow these steps to help keep your phone as "Hack Free" as possible!

    • STAY INFORMED! Always keep an eye out for android news, not just to see the coolest apps, but security! When you see a new hack or bad app out, read about it and make sure you have an idea how to identify the hack/app. Common sense is the best security tool!
    • INSTALL FROM THE MARKET AS MUCH AS POSSIBLE! No this is not an ad, its to help you! Even though the Market can have hacks, its best to see if someone has noticed anything, read the reviews and check the rating. Look to see if anyone has anything to say about something suspicious or questionable. Like above Common sense is the best security tool!
    • DO NOT GO ON QUESTIONABLE SITES! We all know this, but this applies the most to android, most android hacks come from the stock browser. If you hate using 3rd party browsers and prefer the stock, only go on sites you can completely trust. Do not surf the web on it, one bad link could hand your phone over!
    • ADS KILL! Free apps can sometimes display ads that can hold hack, to be safe make sure you only install popular free apps. This usually reduces the chance for a hack, as Google and the Dev will really keep their eyes out for that app's security.
    • ENCRYPT ALL THE THINGS! If you have something you dnt want copied, ENCRYPT IT! If your phone ever does get rooted(RootKit), your sensitive data will still be seen as encrypted.
    • REBOOT! Rebooting clears the RAM from the phone, this not only helps performance, but it clears passwords. This will help reduce the chance of encryption keys, or general passwords from being stolen.
    • DNT INSTALL QUESTIONABLE APPS! If you see your app on a google search result, make sure you see it in about 3 - 4 places. If you don't, there is a good chance that site is trying to fool you, google is ALWAYS your best friend!
    • DONT JUST HAND OVER ROOT! ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, make sure you know what you are doing when you let an app run as root. If you let an app that is actually malware, it can do ANYTHING to your phone. Make sure you know what the app will do before you run it as root!!!
    This is my advice to the people on this forum to keep yourself secure and "hack free" as possible. Always do as much as you can to keep yourself secure, there is always chance you can be hacked, but make it a challenge! ;)

    musiciansapp, nanzo, Xyro and 6 others like this.
  2. brotherswing

    brotherswing Well-Known Member

    Nice write up. A lot of it should be common sense, which is sadly uncommon. Thanks for taking the time on this, I'm certain it will come in handy for newer users who may not be familiar with smart phones yet.
  3. RoujinKarma

    RoujinKarma Well-Known Member

    Thanks, Think we can get a mod to sticky this?
  4. brotherswing

    brotherswing Well-Known Member

    I'll pm Andy.
  5. sleedeane

    sleedeane Well-Known Member

    Newbie here. Yes, thank you.
    You said always enable GPS when we go somewhere because VM can find it.
    What's VM? I have Lookout. Not Premium.
    What should I have?

    And, I surf with the factory browser all the time.
    But I shouldn't?
    You mean I should use...what? Dolphin or something?

    Please straighten me out here, okay?
    I'll do whatever you tell me to.
    (Except encrypt anything. One, I have nothing that anybody would want. And two, I don't have a clue how. Well, I do have a bank account - Greendot. What encrytion app do you reccommend? I'm sure I could figure it out if I used a simple one).

    Thank you
    I appreciate it.
  6. TheDirectorFur

    TheDirectorFur Well-Known Member

    VM is Virgin Mobile, lookout is fine, no, you shouldn't surf with mobile really at all except for the select sites you know are safe. But if you feel lucky, surf to your hearts content, and a 3rd party is any browser you installed yourself, not stock. Have fun.

    Sent from my LG-VM670 using Tapatalk 2
    sleedeane likes this.
  7. RoujinKarma

    RoujinKarma Well-Known Member

    VM = Virgin Mobile

    Stock browser is known for being targeted for attacks. If you like to randomly browse and surf the net, you can put yourself at risk for using the stock browser. You can prevent this by using 3rd part browsers, Opera Mobile is the best(imo), it is the full opera desktop browser, but for Android :).

    And if your just checking your bank account on your phone using the browser you are fine, the bank's servers encrypt your connection :).
    sleedeane likes this.
  8. brotherswing

    brotherswing Well-Known Member

    Dolphin HD is also an excellent browser.
    sleedeane likes this.
  9. SuppliedRelic

    SuppliedRelic Well-Known Member

    ninesky browser is also an excellent browser it features built in URL safety checking.

    Sent from my LG Optimus V running OM_MLS v2.2.2-EXT using Tapatalk 2 Beta-6
    sleedeane likes this.
  10. sleedeane

    sleedeane Well-Known Member

    Hey guys, me again.
    I can't really tell what the difference is between Opera Mobile and Opera Mini.
    I do most of my web browsing sitting in front of my wifi, so I guess I don't care about how "compressed" anything is as far as racking up any data.
    And I don't have a computer to "link" up to or anything like that.
    Which one should I use?

    Thank you
  11. RoujinKarma

    RoujinKarma Well-Known Member

    I prefer opera mobile, just because its the full opera browser.
    sleedeane likes this.
  12. SuppliedRelic

    SuppliedRelic Well-Known Member

    I prefer ninesky browser myself.

    Sent from my LG Optimus V running OM_MLS v2.2.2-EXT using Tapatalk 2 Beta-6
  13. sleedeane

    sleedeane Well-Known Member

    Yeah, I heard you the first time.
    I'll check it out after I play with Opera for a few days.
    Thank you.
  14. TheDirectorFur

    TheDirectorFur Well-Known Member

    Someone sure is snappy today.
  15. AndyOpie150

    AndyOpie150 <strong> <a href=" Contributor

    Please be nice. It's hard for members to help each other if their not being nice.
  16. MacFett

    MacFett Well-Known Member

    I use the stock browser just because thus far every browser I've tried sucks as much as it. So I figured I'd go with the one that takes up the least space. I have been meaning to try something else again, if for no other reason than to make backing up book marks easier.
  17. SuppliedRelic

    SuppliedRelic Well-Known Member

    Deleted by SuppliedRelic
    AndyOpie150 likes this.
  18. Thorsten

    Thorsten Well-Known Member

    Very nice summary. (Really! :))

    My only suggestion (esp. if this thread does get
  19. RoujinKarma

    RoujinKarma Well-Known Member

  20. Phil42

    Phil42 Well-Known Member

    I've got a better solution - don't put any sensitive documents on your phone.

    On my home computer I've got documents with my passwords, bank information, credit cards, etc. But not on any portable computers or my Android. It just isn't worth the risk, even if it is encrypted. I consider it an axiom that anything portable could "grow legs" and get lost or stolen.

    There's a couple of other common sense things you should do -

    Any financial transactions should be done at home using a hardwire connection, or at minimum WPA2 encryption if you're using a WiFi network. While I could transfer money from savings to checking using my Android I don't - even if the bank says the transaction's secure. Why take the extra risks?

    Use separate passwords for your phone, especially ones which may need to be used on a strange computer. For example, Lookout is one of the best free apps for helping you find a lost phone. One time I realized that I had misplaced my phone and was able to borrow a computer. I logged on to the Lookout website with my phone number and password and it gave me the GPS coordinates for my phone (not surprisingly the most recent stop that day). I was glad that I used a separate password for Lookout. While it's not likely that the computer I borrowed was logging my keystrokes the fact that the password was different from my other passwords gave me some added assurance. If i was really paranoid in tin-hat mode I would have changed the Lookout password afterwards.
  21. sleedeane

    sleedeane Well-Known Member

    I do apologize.
    AndyOpie150 likes this.
  22. sleedeane

    sleedeane Well-Known Member

    I apologize. That came out wrong.
    AndyOpie150 likes this.
  23. sleedeane

    sleedeane Well-Known Member

    Thank you.
    I'm using ninesky right now.
  24. RoujinKarma

    RoujinKarma Well-Known Member

    Well some people live on their phone more then their computer, so they need to use their phone as that device, not trying to hate on you, just stating.

    Also when you visit and encrypted webpage any transmission that is contacting that server will be in an encrypted TCP packet, so you can do it on 3g without worry of packet sniffers. Would love to see someone try to crack a 256 AES :p
    sleedeane likes this.
  25. aldamon

    aldamon Well-Known Member

    You can help kill two birds with one stone by rooting and running DroidWall. Really helps with apps that shouldn't need Internet access and only have it to load ads. Also, who doesn't love a good firewall?
    brotherswing likes this.

Share This Page