Android Smartphone Security — What you need to know

[Father]

Android security does not lose its relevance, since smartphones running on this operating system are extremely widespread in Russia. However, many users do not take any measures and believe that the built-in protection is sufficient.

This article will analyze the main information security risks that are relevant for Android smartphones, user errors during the operation of devices, as well as ways to protect yourself while using an Android smartphone or when buying a used device.

What threatens Android smartphones​

To create a secure virtual space on Android, it is important to consider all possible threats:

• Unwanted ads with disguised phishing links and malware.
• The threat of compromising personal data if the device is lost or stolen, as well as unauthorized access to it by third parties.
• Smartphone security vulnerabilities that occur due to the use of outdated software and neglect of updates. As a result, the attacker has a short path to any data.
• Use open Wi-Fi networks that can be used to intercept data being sent.

Sergey Polunin, Head of the Infrastructure IT Protection Group at Gazinformservis

The biggest problem is that on the one hand, the list of threats has not been significantly expanded recently, but the old threats have not disappeared either. This suggests to us that the situation is not really moving forward, despite the efforts of vendors and the information security community. On the one hand, we have application developers who use very questionable practices in their applications and make data on your smartphones vulnerable, on the other hand, we have device manufacturers who release security updates for a very short time, and then offer to buy a new device. And third, we have users themselves who, not finding the right application in the store, run to download it from questionable places, and then immediately install it. And of course, neither viruses, nor phishing, nor everything that we know from past threat tops has gone away. And to make it completely scary, smartphones are usually associated with threats to use unprotected WiFi networks, poor digital hygiene, and even the loss of devices.

All these threats are particularly relevant in the corporate use of smartphones, which is universal in modern companies. By intercepting the information, the attacker creates a fake user profile and then obtains the necessary corporate access using social engineering methods. Thus, the complexity of one employee turns into a big problem for the whole company, since a cyber attacker gets direct access to any data.

Safe use of your Android smartphone​

Often users are sure that their device is protected by default, and therefore do not even delve into the factory settings of Android security. If the smartphone owner actively clicks on links from ads, installs all applications indiscriminately, and performs other rash actions related to the device's security, incidents will not be long in coming.

Discussions are also often caused by the question " Is it worth putting an antivirus on Android?". However, like any device whose owner actively uses the Internet, the smartphone needs additional protection.

Roman Laminin, Leading Information Security Specialist at eXpress

Built-in tools are obviously not enough. Antivirus software is a must have. Without it, sooner or later a malicious program will get on your smartphone. Another mandatory tool is the reverse firewall. This is a lightweight application with thousands of rules that blocks traffic from leaking out. From my personal experience, this is an extremely useful utility that you can't help but install.
It is important that both of these tools work together as efficiently as possible. The antivirus blocks external threats, and the reverse firewall does not release data to the outside. This results in layered protection that apps can't provide individually.

If you already have the virus on your smartphone, it may not be easy to get rid of it. Malware can prevent later installed antivirus programs from working properly or block access to your phone's settings altogether. How do I remove the virus from my phone if the settings don't open? The most effective option is to reset to factory settings, but of course not via the smartphone itself, but via a PC after connecting via a USB cable. In this case, the banner that closes the screen will not interfere with the necessary actions. Before manipulating an infected phone, you should make sure that the antivirus is installed and updated on your computer.

However, not only antivirus software is designed to protect smartphones. What other Android security apps exist? You can consider installing those belonging to the following types:

• password managers that will save the user from having to remember dozens of combinations or set the 12345 option everywhere;
• call encryptors that are designed to prevent them from being listened to;
• smartphone blockers in case the device falls into the wrong hands;
• monitoring the consumption of mobile traffic by other apps, and so on.

But before you upgrade security for Android by installing each type of application, you should make sure that such functionality is not available for programs already on the device. Many applications now work on the principle of "all in one", and therefore provide the necessary protection.

Root access and its dangers​

The smartphone was created, among other things, so that the user can customize it as much as possible to suit their needs. If the device's customization options are not enough, it starts looking towards unlocking administrator rights. Despite the convenience, Ruth is right — it's dangerous. On the one hand, the user gets unlimited opportunities to install and configure any applications. There are quite a few programs for rooted phones that simply won't work otherwise.

On the other hand, the user also assumes full responsibility for the security of the phone. Many apps will stop receiving updates, including those related to security. In addition, root access disables certain built-in functions of the Android smartphone and makes it more vulnerable to attacks.

In some cases, users unlock access to administrator rights not through the smartphone settings, but install a special application — jailbreak. Since the result of unlocking will be similar to rooting, the answer to the question: "Is jailbreaking dangerous" will also sound identical.

What to do when buying an Android smartphone with your hands​

A great way to save money on a new mobile device is to buy a used one. But to ensure that the purchase does not disappoint, such an acquisition requires more attention to security. How do I check my smartphone when buying with my hands?

Alexander Vayner, Chief Expert Analyst at Vekus Group
Here are some steps you can take to check your smartphone if you're buying it hand-held::

• Check the software version: Make sure that your device is running the latest version of the Android operating system (available for this smartphone model) and has received the latest security updates.
• Check for signs of malware: install a reliable antivirus application on your device and scan for malware or other potential threats.
• Check your device history: Check your smartphone's IMEI number or serial number to make sure it wasn't stolen. You can do this by contacting the manufacturer or using the online IMEI verification service.
• Reset your device to factory settings: If you are still unsure about the security of your smartphone, perform a factory reset to erase all data and settings and start with a clean slate.

Conclusions​

A modern Android phone is protected if the user is careful, does not install programs from unverified sources, and updates security-related applications in a timely manner. You should not resort to root access without imagining all the possible security implications.

At the same time, you should not be afraid of buying used smartphones either. A factory reset and a few other manipulations minimize the existing risks.

The main means of protection, however, are not software solutions, antiviruses and firewalls, but the user's attention to the links that they follow and the app stores from which they download programs.