Recently, we asked you, our valued readers, to tell us which topics you would like to see on AndroidPIT in the future. The results showed that about 90% of you were interested in learning more about security and privacy. With that in mind, here are three things you can do today to make your Android device more secure.
1. Encrypting your device
Encryption is a process which encodes your private data on a device, so that it can't be read by anyone unauthorized. Once you encrypt your Android smartphone, any new data becomes encrypted automatically. Decrypting takes place automatically for you as well.
Android has two methods for encrypting your device:
Full disk encryption on Android (5.0 and up)
According to Google, "full-disk encryption uses a single key—protected with the user’s device password—to protect the whole of a device’s userdata partition. Upon boot, the user must provide their credentials before any part of the disk is accessible." This is secure, but when you reboot your phone, your data isn't accessible until your credentials are entered. Which means, things like alarm notifications and phone calls can't take place.
File-based encryption on Android (7.0 and up)
For those who have Nougat already, Android's file-based encryption "allows different files to be encrypted with different keys that can be unlocked independently." With the Direct Boot function, devices can "boot straight to the lock screen, thus enabling quick access to important device features like accessibility services and alarms."
2. Secure messaging on Android
The Secure Messaging Scorecard by the Electronic Frontier Foundation (EFF) is a great resource for evaluating all the complex ways a messaging service can be secured or unsecured. There are a lot of factors to take into account, and if you're not a security expert, you may not have considered something like whether or not your messages were encrypted during transit. Nevertheless, these details are still very important.
Their scorecard evaluates messengers based on the following criteria:
- Encrypted in transit?
- Encrypted so the provider can’t read it?
- Can you verify contacts’ identities?
- Are past comms secure if your keys are stolen?
- Is the code open to independent review?
- Is security design properly documented?
- Has there been any recent code audit?
With these factors in mind, there are many apps which meet all the criteria on the scorecard. Since security and usability are often at odds with each other, some apps which meet these criteria aren't the most user-friendly or widely adopted.
For both security and usability, I recommend the average person to try Signal for secure communications. It's user-friendly and popular among the security-conscious crowd. You can download it from Google Play here:
3. Enable Two-factor Authentication on everything
Two-factor authentication, also called two-step verification, requires two authentication methods, like passwords, PIN numbers, fingerprints or physical access to your cell phone. This method of securing your accounts works on many services, and you may already have used it with your online banking platform. 2FA, as it is sometimes known, even works with various social media platforms to prevent other people from hijacking your online identity. Facebook, Twitter and LinkedIn all have the feature. Major payment platforms like PayPal and cloud storage services like Dropbox also usually support 2FA. And, very importantly, you should enable it on your Google Account as well.
What other security topics are you interested in? Have you tried any of the above methods before?