I wanted to step away from pure accessibility for a moment to cover a very important we all need to be aware of – security. The key to staying safe on Android (or indeed any platform), is primarily about having the knowledge and common sense to take reasonable precautions. In this first of a three part series I’m going to introduce some of the key aspects to mobile safety Android users should be aware of and some tips to hopefully keep you one step ahead of the bad guys.
Anti-virus / Anti-malware.
Anti-virus was the buzzword for PCs – for Android, it’s not so much viruses but malware – for instance apps which try to steal your banking information or text premium SMS numbers without your knowledge (Technically a virus tries to replicate itself into other programs, which isn’t generally possible on Android – see: https://www.lookout.com/resources/know-your-mobile/android-virus )
Are anti-malware apps worthwhile? There are arguments on both sides of the fence. Personally I err on the side of caution and use one, however it’s important not to be complacent and rely solely on it to protect you. I’m currently using the paid version of AVG which does come with additional features of warning about intrusive adware, tracking a lost phone and a task killer.
One of the biggest ways malware infects devices is through malicious apps – often apps which may appear legitimate but from a strange website rather than the official Play store, and asking for unusual permissions (like the ability to make phone calls). The first recommendation here is to stick to official channels for downloading apps. Personally I only download things from the Google Play store. There is a setting under security called “Unknown sources” to allow installation of apps from sources other than the play store. I highly recommend leaving this option unchecked.
Probably the single most important point around Android security, is app permissions. When you download an app you are presented with the permissions it wants and you can either accept them all and download the app, or not download the app. It is vital to at least browse this list before hitting accept as this is often the biggest clue to an app which may not be what it seems. The three things you really want to check are:
– Does the description explain why the app needs the permissions it does? A dialer replacement like Big Dialer needs to be able to directly call phone numbers, but if you are downloading a card game, this permission would be unexpected to say the least.
– Do I trust the developer? This can be hard to answer, but look for things like how old the app is (a malicious app uploaded in 2011 would almost certainly have been detected and removed by now, but one uploaded yesterday may have slipped through), how many times it’s been downloaded and what else the developer has been involved in.
– What are the potential consequences of these permissions? A voice-memo app legitimately needs the ability to record audio, however paired with internet access, a malicious app could record your phone calls and upload them to the internet. A malicious app trying to remain undetected might do both.
There are a number of apps which will scan your phone and look at what permissions all your apps want and can highlight potential concerns. I’m currently using App Permission Watcher by Eric Strusse – (https://play.google.com/store/apps/details?id=de.struse.apewatch ) which not only lists which permissions apps have, but also lists suspicious apps and has a list of all permissions and what they are. There are a number of similar apps (which often don’t require any permissions at all).
Life Hacker has a good article on app permissions: http://lifehacker.com/5991099/why-does-this-android-app-need-so-many-permissions which links to lots of other great reading material on the subject. Android Pit has a page with some of the most requested and potentially dangerous permissions at: http://www.androidpit.com/app-permissions-explained
Locking your device.
While the biggest and most widespread threats come from having your data or money stolen remotely, it’s important not to forget the physical safety of your device. Think of all the things you can access on your phone and the information that someone would have access to if they stole or found your device. Even if you don’t buy things or access internet banking from your phone, you still have your email, your social media accounts, maybe GPS apps with your home address or even just your browsing history.
The first step to ensuring your device’s safety, is a screen lock password. Yes it’s annoying, but if you use your device regularly like me, then entering it soon becomes habit and much less of a chore, and suddenly your device is protected from at least casual snooping by others – just don’t use 0000 or 1234 ok?
Apps and features which will track or even wipe your phone if you lose it are great, but if you are going to use one, then make sure you do know how to use it BEFORE you lose your phone. Test out the device location or remote ringing features and make sure they work how you think they will work.
Finally be aware of which apps and websites you use on your phone, and particularly which ones auto log in (eg your email, facebook, eBay or any shopping sites and any other web sites you let the browser remember your password for) – if someone does get access to your phone and can unlock it, they will instantly have access to all that information, not to mention any photos you have taken, notes or information kept only on the phone. If you ever do lose your phone, it may be wise to reset the passwords for any of those services (and from many of them, such as facebook, you will also need to revoke access to your phone)
The best ways to protect yourself and your device are:
– Consider using an anti-malware app but remember they are not infallible.
– Only download apps from the Google Play store.
– Always double check the permissions before installing an app – do you know why the app needs them? Do you trust the developer? And do you know what those permissions do?
– Always lock your device.
– Be aware of what services can be accessed automatically from the phone and therefore what steps you will need to take if you ever do lose your phone
Next post I will cover keeping your phone running smoothly, and as well as detecting invasive or system draining apps and features.