Jun 5th, 2020 publishUpdated   Jul 11th, 2020, 10:11 am

Previously Forbes reported about a security vulnerability that impacts every Samsung Galaxy smartphone user using it from 2014 and onwards. But this time, the vulnerability has taken a new form. It is applied not just to Samsung devices but to all versions of Android devices too. 

Security teams have researched a significant flaw in almost all Android versions that allow the malware to enter legitimate apps to steal app passwords along with other sensitive data. The weakness is raising questions over the security of Android devices. There are approximately two billion Android users, and one billion Android devices are potentially at significant risk.

Such susceptibilities mean to risk the user’s privacy over their phone. All you must do is to follow these nine easy practices to keep your Android device safe and secure from cyber-attackers. Many of these things sound simple to you. But remember security is more about doing safe things than exposing yourself to security threats. So, let’s read on and get more insight related to this topic.


Enable Two-Step Verification


Regardless of the purpose, you’re using your phone for, your Google account is the center of all everything that happens within your device. As the name suggests, with two-step verification, you add a layer of security and protection, so if your phone gets stolen or someone steals your password, they are unable to get access to your account. The verification methods work in a way that, after you enter your Google password, a code is sent to your default phone either through call or text that you enter to access your account.

Even though this won’t necessarily safeguard your phone against theft, it protects what’s on it. For instance, if anyone attempts to log in to your Google account from other devices remotely, you get to know by a two-step message on your phone, and then you can change your password. With the advent of remote work, Covid scams have become an unfortunate reality today. Thankfully, many companies have mandated 2FA solutions to protect their mobile app users.


Disable Smart Lock for Auto Sign-in and Passwords


Smart lock for passwords is convenient; however, if you want to lock your phone, then you need to manage your passwords on your own. This means that you’ve to turn off the smart lock for passwords. It is because Google’s method does not use any authentication on every site or account basis as password managers do. Thus, after signing into your account for the first time, all your passwords become available. It is an obvious problem when someone swipes your phone.

To stop this, visit the security settings for your Google account. After getting there, click on Security, scroll down to Signing in to other sites, and tap on Saved Passwords. Here you have two options; Auto sign-in and offer to save passwords. It is entirely up to you to either turn off the whole thing or select any specific site that overlooks the auto sign-in. Requiring a biometric authentication every time a password is entered is a much better solution, so, till that happens, you must switch it off if you’re doubtful.


Use Password Managers


If you turned off the smart lock, then the only way to make your passwords safe and protected is by organizing and locking them with a password manager. Google offers a password manager that is stronger than the smart lock password sync. It creates complex passwords and allows you to organize multiple logins and retain credit card details, sensitive notes, and anything you want to keep in a digital locker. It is all protected by a password of your own choice.

As your password manager is a separate service, you can access your passwords on any browser or device so, even if someone steals or compromises your phone privacy, your valuable data remains secured.


Find My Device


There are several different ways to track a mobile phone. However, if you sign in to your Google account on your Android device, it gets tracked automatically. This gives attackers an entry point to your phone, but you can prevent it too. Visit Find my device in a web browser on any device and sign in to your Google account to view the last known location of your phone. If it is connected to a mobile network or Wi-Fi, then the position is current. 

Use Google’s Find my device to lock your phone, ring it, or even delete all your data. If you find someone harming you this way so, instead of confronting those on your own, contact your local authorities.


Avoid Unknown Downloads


Android’s significant benefit is one of its biggest risks as well, i.e., downloading apps that are not available on the Play Store. When you install an app outside from Google’s store, you lose out on Play Protect and open your phone to possible malware. 

Given Google’s ongoing foray into the world of FinTech, these vulnerabilities could be very costly to users – many of whom store financial information on their Android devices.

To keep yourself safe, Google has built an effective way to suspend any accidental or unintentional downloads. By visiting the Special app access settings, you find an Unknown source or Unknown apps tab that allows you to shut off the installation of apps from sources other than Play Store like Google Chrome or some other browsers.


Set a Screen Lock


The foremost vital step to secure your Android device is by setting up a screen lock. Every Android smartphone supports this option. It helps in preventing people from accessing your phone. There are three standard options for a screen lock. It includes PIN code, password, and pattern. Most of the phones also offer biometric practices like facial recognition, fingerprint scanners, and iris scanning. The level of security they offer varies, but all of them are more secure than any screen lock protection.

For robust protection, select a long password, pattern, or PIN code, but make sure you memorize it. Go a step further to require an unlock option when you turn on the device before your phone boots are up. It offers an extra layer of complexity for the hackers to access your data if your phone is off when stolen. To enable this feature, tap on Security> Secure startup > Pattern to turn on the phone. 

If you are an Android user, go Settings> Security > Screen lock. Samsung Galaxy users must visit Settings > Lock screen and security > Screen lock type.


Uninstall unused apps


Every application comes with its security problems. Android software vendors do a great job of updating their programs. Experts suggest that if you’re not using an app, get rid of it. It may harm your device even if you are not using it. Fewer applications mean lesser chances of an attacker to invade your phone.


Use a VPN


Many of the Android smartphones by default, encrypt your data which means your data is readable when you unlock your device with the screen lock you choose. However, if you are doubtful so, check by going to Settings > Security in Android devices and Settings > Lock screen and security on a Samsung device. If it’s not encrypted, then you see an Encrypt phone option.

However, for more robust encryption and protection, use a virtual private network (VPN). A VPN acts like a reliable and trusted intermediary among you and the public internet.

All the things you upload and download first go through a VPN that encrypts your data, hides your IP address and location, and keeps all the information private.  

The most reputable VPN services come with encrypted Android apps, so using one is simple and easy. Install the VPN app and sign in with your username and password and lastly, enable the VPN whenever and wherever you want to use it.


Use a Malware Scanner


It is just a false illusion that there are no viruses for Android devices. There is malware out for every smart device, and your Android phone is among one of them. Google plays an active role when it comes to policing malware in the Play Store

You hear about apps that become a target by falling into the cracks. But when you consider more than two billion active users and over one million apps, it is easy to see how Google fails to scan everything before someone downloads it. For this reason, you need some malware scanner of your own choice, so scan your local files.

The good news is that it is now easy to scan for malware because many applications are custom-built for Android OS devices. The Google Play Protect regularly scans files to detect the known threats and read what apps are up to without any interference.

If you want to scan manually, open the Play Store app and search for Play Protect on the menu. You can also install a second malware scanner, but before you do that, first disable Play Protect. 

Final Thoughts

To conclude, Android security has become a necessity now. As cyber-criminals are looking for sophisticated ways to invade users’ privacy, all you need to do is follow the measures mentioned above to enhance your security and stay safe while using Android devices.