How to "Harden" Your Android phone (2.2 - 2.3)

RoujinKarma

RoujinKarma

Member
Mar 26, 2012
60
16
18
Hello my fellow forum users! I was reading and doing research on general android security. It seems android has some security issues, so I am writing this to help educate my fellow members on how to stay as secure and clean as possible!

To give you a little bit of background information, I have been a white hat "Hacker" for about 4 years, mostly working on Apple/Linux open source projects. I love open source, and the GNU team, and helping them is helping myself.

This will be split into two sections, One will be "Physical security" focusing on how to lock down your phone to keep it secure in the real world. This will focus on how to secure your phone if the "attacker"(Thief) has physical access to your phone, and what you can set up to help stop him. The other section will focus on "Software security", and as you probably guessed; This focuses on securing your phone's system.

Without further delay, lets move on!

Physical Security
As we all know, we lose things, it just life. But now that we are in the digital age, losing a device is compared to leaving a wallet, your leaving everything an attacker needs to steal enough info to steal your identity! Follow these steps to help secure/track/recover the device.


  • CHECK TO MAKE SURE YOUR PHONE IS WITH YOU BEFORE YOU LEAVE SOMEWHERE! This is probably the biggest and simplest mistake someone can make. If you check to make sure you have your phone before you leave somewhere, chances are you will never need to worry.
  • LOCK THE PHONE SCREEN WITH A PASSWORD OR PATTERN! Doing this will trump any petty thief's attempt to get access to your phone. This will help keep your data safe and secure about 75% of the time. Most of them just want to sell the device, which is better then selling your identity! They will probably flash the device anyway, so this will really help you out. But there is some who know exactly what they are doing.
  • WHEN YOU GO OUT, ENABLE GPS! I cannot stress this enough, even if your a tinfoil hat; DO IT! If you lose it VM can track it and you will have an idea where it is, or at least the last location the phone was at before it was turned off. This will give VM and the Police a better chance to find the thief.
  • TREAT YOUR PHONE LIKE YOUR WALLET FILLED WITH GOLD! Your phone has enough data to actually be worth this, treat it as such and you won't forget it!
  • ENCRYPT SENSITIVE FILES! If you have an sensitive documents on your phone, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT!!! Everyone has something they want to keep private, keep it private permanently by using encryption. You can get apps on the market that will lock/encrypt Files/Folders. This will always keep your phone secure, as encryption is almost impossible to break.
  • DON'T SHARE YOUR SD CARD! It can take seconds for someone to steal the Data off of the SD card.
  • THINK BEFORE YOU PLUG! Only plug your phone into a computer you trust, if the computer is infected it could harm your phone.
Software Security

We all know about malware, and malware that runs on android, but what about android hacks? Anything can be use to exploit your phone for it to leak it contents or even hand root over! Be smart and think before you run any type of software or visit a questionable website. Follow these steps to help keep your phone as "Hack Free" as possible!


  • STAY INFORMED! Always keep an eye out for android news, not just to see the coolest apps, but security! When you see a new hack or bad app out, read about it and make sure you have an idea how to identify the hack/app. Common sense is the best security tool!
  • INSTALL FROM THE MARKET AS MUCH AS POSSIBLE! No this is not an ad, its to help you! Even though the Market can have hacks, its best to see if someone has noticed anything, read the reviews and check the rating. Look to see if anyone has anything to say about something suspicious or questionable. Like above Common sense is the best security tool!
  • DO NOT GO ON QUESTIONABLE SITES! We all know this, but this applies the most to android, most android hacks come from the stock browser. If you hate using 3rd party browsers and prefer the stock, only go on sites you can completely trust. Do not surf the web on it, one bad link could hand your phone over!
  • ADS KILL! Free apps can sometimes display ads that can hold hack, to be safe make sure you only install popular free apps. This usually reduces the chance for a hack, as Google and the Dev will really keep their eyes out for that app's security.
  • ENCRYPT ALL THE THINGS! If you have something you dnt want copied, ENCRYPT IT! If your phone ever does get rooted(RootKit), your sensitive data will still be seen as encrypted.
  • REBOOT! Rebooting clears the RAM from the phone, this not only helps performance, but it clears passwords. This will help reduce the chance of encryption keys, or general passwords from being stolen.
  • DNT INSTALL QUESTIONABLE APPS! If you see your app on a google search result, make sure you see it in about 3 - 4 places. If you don't, there is a good chance that site is trying to fool you, google is ALWAYS your best friend!
  • DONT JUST HAND OVER ROOT! ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, ALWAYS, make sure you know what you are doing when you let an app run as root. If you let an app that is actually malware, it can do ANYTHING to your phone. Make sure you know what the app will do before you run it as root!!!
  • COMMON SENSE! STAY INFORMED! DONT FALL FOR TRICKS! <--- That
This is my advice to the people on this forum to keep yourself secure and "hack free" as possible. Always do as much as you can to keep yourself secure, there is always chance you can be hacked, but make it a challenge! ;)
 
  • Like
Reactions: musiciansapp, nanzo, Xyro and 6 others
brotherswing said:
Nice write up. A lot of it should be common sense, which is sadly uncommon. Thanks for taking the time on this, I'm certain it will come in handy for newer users who may not be familiar with smart phones yet.
Click to expand...


Thanks, Think we can get a mod to sticky this?
 
Newbie here. Yes, thank you.
You said always enable GPS when we go somewhere because VM can find it.
What's VM? I have Lookout. Not Premium.
What should I have?

And, I surf with the factory browser all the time.
But I shouldn't?
You mean I should use...what? Dolphin or something?

Please straighten me out here, okay?
I'll do whatever you tell me to.
(Except encrypt anything. One, I have nothing that anybody would want. And two, I don't have a clue how. Well, I do have a bank account - Greendot. What encrytion app do you reccommend? I'm sure I could figure it out if I used a simple one).

Thank you
I appreciate it.
 
sleedeane said:
Newbie here. Yes, thank you.
You said always enable GPS when we go somewhere because VM can find it.
What's VM? I have Lookout. Not Premium.
What should I have?

And, I surf with the factory browser all the time.
But I shouldn't?
You mean I should use...what? Dolphin or something?

Please straighten me out here, okay?
I'll do whatever you tell me to.
(Except encrypt anything. One, I have nothing that anybody would want. And two, I don't have a clue how. Well, I do have a bank account - Greendot. What encrytion app do you reccommend? I'm sure I could figure it out if I used a simple one).

Thank you
I appreciate it.
Click to expand...

VM is Virgin Mobile, lookout is fine, no, you shouldn't surf with mobile really at all except for the select sites you know are safe. But if you feel lucky, surf to your hearts content, and a 3rd party is any browser you installed yourself, not stock. Have fun.

Sent from my LG-VM670 using Tapatalk 2
 
  • Like
Reactions: sleedeane
sleedeane said:
Newbie here. Yes, thank you.
You said always enable GPS when we go somewhere because VM can find it.
What's VM? I have Lookout. Not Premium.
What should I have?

And, I surf with the factory browser all the time.
But I shouldn't?
You mean I should use...what? Dolphin or something?

Please straighten me out here, okay?
I'll do whatever you tell me to.
(Except encrypt anything. One, I have nothing that anybody would want. And two, I don't have a clue how. Well, I do have a bank account - Greendot. What encrytion app do you reccommend? I'm sure I could figure it out if I used a simple one).

Thank you
I appreciate it.
Click to expand...

VM = Virgin Mobile

Stock browser is known for being targeted for attacks. If you like to randomly browse and surf the net, you can put yourself at risk for using the stock browser. You can prevent this by using 3rd part browsers, Opera Mobile is the best(imo), it is the full opera desktop browser, but for Android :).

And if your just checking your bank account on your phone using the browser you are fine, the bank's servers encrypt your connection :).
 
  • Like
Reactions: sleedeane
Hey guys, me again.
I can't really tell what the difference is between Opera Mobile and Opera Mini.
I do most of my web browsing sitting in front of my wifi, so I guess I don't care about how "compressed" anything is as far as racking up any data.
And I don't have a computer to "link" up to or anything like that.
Which one should I use?

Thank you
 
sleedeane said:
Hey guys, me again.
I can't really tell what the difference is between Opera Mobile and Opera Mini.
I do most of my web browsing sitting in front of my wifi, so I guess I don't care about how "compressed" anything is as far as racking up any data.
And I don't have a computer to "link" up to or anything like that.
Which one should I use?

Thank you
Click to expand...


I prefer opera mobile, just because its the full opera browser.
 
  • Like
Reactions: sleedeane
sleedeane said:
Hey guys, me again.
I can't really tell what the difference is between Opera Mobile and Opera Mini.
I do most of my web browsing sitting in front of my wifi, so I guess I don't care about how "compressed" anything is as far as racking up any data.
And I don't have a computer to "link" up to or anything like that.
Which one should I use?

Thank you
Click to expand...

I prefer ninesky browser myself.

Sent from my LG Optimus V running OM_MLS v2.2.2-EXT using Tapatalk 2 Beta-6
 
I use the stock browser just because thus far every browser I've tried sucks as much as it. So I figured I'd go with the one that takes up the least space. I have been meaning to try something else again, if for no other reason than to make backing up book marks easier.
 
RoujinKarma said:
  • ENCRYPT SENSITIVE FILES! If you have an sensitive documents on your phone, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT, ENCRYPT!!!
Click to expand...

I've got a better solution - don't put any sensitive documents on your phone.

On my home computer I've got documents with my passwords, bank information, credit cards, etc. But not on any portable computers or my Android. It just isn't worth the risk, even if it is encrypted. I consider it an axiom that anything portable could "grow legs" and get lost or stolen.

There's a couple of other common sense things you should do -

Any financial transactions should be done at home using a hardwire connection, or at minimum WPA2 encryption if you're using a WiFi network. While I could transfer money from savings to checking using my Android I don't - even if the bank says the transaction's secure. Why take the extra risks?

Use separate passwords for your phone, especially ones which may need to be used on a strange computer. For example, Lookout is one of the best free apps for helping you find a lost phone. One time I realized that I had misplaced my phone and was able to borrow a computer. I logged on to the Lookout website with my phone number and password and it gave me the GPS coordinates for my phone (not surprisingly the most recent stop that day). I was glad that I used a separate password for Lookout. While it's not likely that the computer I borrowed was logging my keystrokes the fact that the password was different from my other passwords gave me some added assurance. If i was really paranoid in tin-hat mode I would have changed the Lookout password afterwards.
 
Phil42 said:
I've got a better solution - don't put any sensitive documents on your phone.

On my home computer I've got documents with my passwords, bank information, credit cards, etc. But not on any portable computers or my Android. It just isn't worth the risk, even if it is encrypted. I consider it an axiom that anything portable could "grow legs" and get lost or stolen.

There's a couple of other common sense things you should do -

Any financial transactions should be done at home using a hardwire connection, or at minimum WPA2 encryption if you're using a WiFi network. While I could transfer money from savings to checking using my Android I don't - even if the bank says the transaction's secure. Why take the extra risks?

Use separate passwords for your phone, especially ones which may need to be used on a strange computer. For example, Lookout is one of the best free apps for helping you find a lost phone. One time I realized that I had misplaced my phone and was able to borrow a computer. I logged on to the Lookout website with my phone number and password and it gave me the GPS coordinates for my phone (not surprisingly the most recent stop that day). I was glad that I used a separate password for Lookout. While it's not likely that the computer I borrowed was logging my keystrokes the fact that the password was different from my other passwords gave me some added assurance. If i was really paranoid in tin-hat mode I would have changed the Lookout password afterwards.
Click to expand...

Well some people live on their phone more then their computer, so they need to use their phone as that device, not trying to hate on you, just stating.

Also when you visit and encrypted webpage any transmission that is contacting that server will be in an encrypted TCP packet, so you can do it on 3g without worry of packet sniffers. Would love to see someone try to crack a 256 AES :p
 
  • Like
Reactions: sleedeane
RoujinKarma said:
It seems android has some security issues...
Click to expand...
  • ADS KILL! Free apps can sometimes display ads that can hold hack, to be safe make sure you only install popular free apps. This usually reduces the chance for a hack, as Google and the Dev will really keep their eyes out for that app's security.
    Click to expand...
You can help kill two birds with one stone by rooting and running DroidWall. Really helps with apps that shouldn't need Internet access and only have it to load ads. Also, who doesn't love a good firewall?
 
  • Like
Reactions: brotherswing

Similar threads

beingbeetle
New Android Features - Google
Replies
0
Views
442
Smartphones
beingbeetle
beingbeetle
R
Cyberstalked - Blackview A52 phone hacked, how can I reset?
Replies
4
Views
1K
Smartphones
Dannydet
Dannydet
K
How to give someone a temporary (for a few hours/days) possibility to ring your your Android phone? and possibility talk with him?
Replies
13
Views
1K
Ask a question
mikedt
mikedt
iamashrafulbd
[Free] [App] Secure VPN - Unlimited Proxy
Replies
0
Views
2K
Apps & Games
iamashrafulbd
iamashrafulbd
E
  • Poll
Help Been hacked
Replies
5
Views
5K
Smartphones
jbrownwtf
J
Top Bottom
Back