10 Android Security Settings For High Profile And Paranoid People
A pragmatic and quick-to-implement guide to native (free) Android phone security settings that will improve your personal cyber security in 2023.
Share This Article:
I was going through my routine personal cyber security checks today and realised that my process may be useful for others less fluent in digital self-protection.
In today’s fast-paced world, we are constantly being pressured to raise our online profiles and be recognised as leaders in our respective domains of expertise. Whilst this is great for those who enjoy being at the forefront of public conversation, such professional recognition and publicity also comes with downsides that must be managed – particularly in the domain of cyber security.
The risk is yours, why bother?
The internet gives everyone access to everything all of the time. As convenient as this is, it also means that your internet-connected devices become a doorway to the world; including all the thieves, fraudsters, spies, soldiers, and other threats that may take interest in who you are and what you do (or more accurately, who you represent and what you have access to).
Doors and windows make a house usable in the same way that ports and permissions make a mobile phone usable. But, like doors on a house, these features also allow strangers to enter uninvited, if you are not careful about it. The bad news is that the door on a house is connected to a single street of stranger danger, whereas a mobile phone is constantly connecting to hundreds of different services and servers without you even realising it. To make matters worse, apps and devices are constantly updating their settings and tend to erode your security controls over time.
The good news is that it doesn’t take much effort to significantly improve your Android device security. It is therefore imperative that high-profile individuals and leaders (or anyone and everyone, really) lock down their devices to avoid being used as a conduit for the worst. This is particularly important for those working in high-stakes industries like defence, critical infrastructure, research, national security, or big commerce.
Why these 10 controls?
Before we dive in, just a quick note that there are virtually infinite ways you can improve your personal cyber security beyond what I’ve written here. I focus on the mobile phone because it is far too overlooked for an internet-connected, GPS-tracking, video recording device that has access to all your sensitive work files, calendars (i.e. your plans and frequented places), contacts, conversations, and very likely is able to link any saucy secrets of your personal life directly to your position of trust in your professional community.
This list comes from my own checklist that I go through a few times a year on my mobile phone to keep both my security and anxiety in check. You should probably do more, most of us don’t. So hopefully this checklist helps to make the little time you have a bit more effective.
Okay, noting that this article is written for busy people, I’m going to cut to the chase and list my top 10 Android security settings as succinctly as possible. Estimates of time to implement are provided in brackets.
1. Updates (1 minute)
This one seems obvious, but sometimes when I do my routine checks I am surprised to note that some things haven’t updated automatically as I might have expected them to. Apps can also lose technical support for software updates and fall out of service over time, increasing your risk of harbouring backdoors into your phone.
In short, go to Settings > System > System Update and click Check for updates to ensure your Android operating system is up to date.
For your apps, you’ll need to go to the Google Play Store app. Click on your profile settings in the top right corner and then select Manage app and device from the menu. From here you should be able to see a button to update all your apps if needed.
2. App permissions (10-20 minutes)
The permissions that apps ask for are crazy. More often than not it’s way more than they need to function, and way more than you should be comfortable with sharing. Keep in mind that any permissions you share are available to anyone who has backend access to that app, including hackers who hijack them. In my opinion, this is the #1 way to reduce your phone’s attack surface besides security updates.
So this is what you’re going to do to assert control over your information:
- Go to Android Settings
- Click on Apps
- Click See all apps
- This is where it gets tedious. Click through each app, one by one, selecting the Permissions option in the submenu.
- Do you still need each app regularly? If no, then it is always best to Uninstall so that you limit software vulnerabilities and backdoors to your device.
- For the apps you need, remove all permissions that you can by choosing Don’t allow and limit the rest to Ask every time. If you need the function within the app regularly then select Allow only while using the app.
Another aspect of app security that you should consider in your review is notifications. Notifications provide a tonne of useful information at a glance, but when displayed on your lock screen this information can also be accessed by anyone else within reach of your device. Limit which apps deliver notifications (this also protects your sanity) and especially which apps can display full notifications on your lock screen.
3. Google Play Protect (1 minute)
Play Protect is Android’s native end-point protection software that continuously scans your installed apps for suspicious indicators. It should be enabled by default, but I always double check because as I said earlier, security settings are constantly changing behind your back and you can never take anything you think you’ve sorted for granted.
Double check that Google Play Protect is enabled by going Settings > Security & Privacy > App Security. From here you should (hopefully) see that it is enabled and can run a quick manual scan of your device to be sure.
4. Chrome enhanced protection (1 minute)
Google Chrome is the default Android browser and a long time favourite of many. Your browser is a notably weak point in your security as it is enabled to run code from all over the internet, download stuff, and a whole lot more.
Luckily there is an inbuilt enhanced protection mode for Chrome. Unluckily it is not enabled by default. Luckily it is easy and I’m about to tell you how.
- Open Chrome
- Click on Settings
- Click Privacy and Security
- Click Safe Browsing
- Click Enhanced protection
5. Suspicious message alerts (30 seconds)
I actually love this feature on my phone. It saves my ears from thousands of misdirected sales calls and scammers claiming to need immediate payment or else “jail time”. Sure, buddy.
Let’s save these guys from a life of crime by blocking their calls:
- Open Settings
- Search for Suspicious
- Click on either of the options that are returned
- Allow alerts
6. Lock screen (1 minute)
We’ve probably all got some kind of lock screen enabled, even if it is simply to prevent those dreaded pocket dials. But locks are always evolving and some are superior to others, so it’s always worth checking if you still have the best option available at the time.
Go Settings > Security & Privacy > Device Lock and peruse your options.
At the time of writing there are six options available to me. I have listed these below, in order of most secure to least secure:
- Fingerprint
- Pattern
- Password
- Facial recognition
- Pin
- Swipe.
Sometimes less secure methods will be enforced by your workplace to accommodate the plethora devices the company’s staff may have (e.g. every device supports pin codes). This becomes your problem when you have a mixed personal and work device. Nothing you can do about that unless you’re willing to carry two phones around with you like a businessman from the 90s. In some industries this might be unavoidable.
7. NFC protection (30 seconds)
NFC is that awesome tech that lets you buy your morning coffee with a simple tap of your phone. Unfortunately it may also buy your attacker’s new TV set if you don’t put proper controls around it.
Go back to Settings and search for NFC. Enable the option that says Require device unlock for NFC.
This will stop you from losing hundreds of dollars when you brush past an NFC hacker on your next crowded bus ride. Note that this setting may not be available if you are running a Samsung phone. Poor form Samsung.
8. Google account (5-10 minutes)
Android is a Google operating system and as such is inherently tied to a Google account. Losing control over your Google account could therefore spell the end of access to your phone (this happened to me once and let me assure you that the recovery process is very long, very painful, and often not even possible).
You’ll want to pay some attention to your Google account security settings by going:
- Settings
- Scroll down and click Google
- Click Manage your Google account
- At the top there should be some tabs with one labelled Security. Click it.
- Scroll through the security settings and double check everything. Particularly the 2-Step Verification. I know multi-factor authentication is a royal pain in the proverbial, but it is truly one of the most important security measures to enable. It ensures no-one can access your stuff with only a compromised password they bought off the dark web.
- Double check where you’re signed in under Your devices > Manage all devices. If there’s anything you don’t need or don’t know, click on it for more info and then press Sign out.
- Check your information is still accurate. If you have changed your mobile number, update it. This is critical in restoring access to a compromised account. One time I reset my Google password just after I moved countries and I forgot to update my mobile number first – a costly mistake that I will never make again.
- Save your backup codes somewhere safe if you haven’t already. Double check you still have them where you thought you left them.
9. Device encryption (1 minute)
Always a good idea. Encryption protects sensitive data from being sucked out of your phone by some a**hole that ends up with physical access against your will. Do the following:
- Settings
- Security and Privacy
- Scroll to the bottom and click More security settings
- Click on Encryption and credentials
- Click Encrypt phone.
10. Device administrators (2 minutes)
Android applications can be designated as ‘device admin apps’ that have total control over your phone, including the ability to remotely wipe it clean or monitor all activity. This is something you’ll want to keep a keen eye on to make sure nothing nefarious slips in.
Go to: Settings > Security and Privacy > More security settings > Device admin apps
You should be able to see a list of applications that have the ability to take administrative control over your phone. Unselect anything that isn’t absolutely necessary.
Some apps that you may want to allow as device admin include:
- Outlook Device Policy (as set by your place of work)
- Find my device (if you have the app enabled and configured)
- Any other mobile device management software that your employer or organisation needs to enforce their security policies on your device (and grant you access to your emails+).
Conclusion, don’t be an easy target
Hopefully this article provided a useful starting point for locking down your data and protecting yourself from the growing number of malicious actors targeting your phone (either purposefully or opportunistically).
Cyber security is often said to be an individual responsibility, but no one ever tells you what that means in practice. This process should help get you started, but don’t forget to harden every other personal device that would make you cry if it was hacked.
Don’t be an easy target, make them work for it!
A pragmatic and quick-to-implement guide to native (free) Android phone security settings that will improve your personal cyber security in 2023.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.