Shelter In Computers
Use a password to protect access to your mobile devices, especially if they are frequently carried outside the house. It’s also a good idea to have a tracking service that enables the device to be wiped remotely, because once the bad guys have the hardware, it’s very hard to keep them out.
Obviously you should have backups of all the personal data on your devices, including photos and emails. Back up and delete anything you don’t really need on your tablet or smartphone.
People tend to back everything up to online services (“the cloud”), sometimes without knowing it. However, you may be able to do it by plugging the device into a PC (where it should appear as an external hard drive), plugging an SD card into a PC, connecting the device to your home network, or using a program such as Sand Studio’s AirDroid. Any data in the cloud is outside your direct control, and – unless it’s encrypted – vulnerable.
Keep the number of apps as low as you can, and try to avoid giving them unnecessary permissions. Yes, I know this is impractical, but in a rational system, an app would never ask for a permission unless it needed it, and at that point, you are in the best position to decide if you want to grant it. If you’re going to let trivial apps access your location and your address book then you may as well give up.
If you only download apps from Google Play, or the equivalent Apple or Microsoft store, then you will probably be pretty safe – though I’d avoid apps like Snapchat, Secret, Whisper etc. Otherwise, keep an eye open for dodgy-looking apps with names that are almost but not quite the ones you’re looking for. Also, be extra careful if you turn off this element of protection to install apps from alternative stores.
As when using Windows PCs, you should never accept files from strangers, or click on links in unsolicited emails or SMS messages. Their almost irresistible offers are the bait through which many malware operators snare their prey.
Cellular data is a finite and expensive resource based on erecting tens of thousands of phone masts and (usually) charging users over Ł100 per year. It’s therefore very tempting to use free Wi-Fi whenever it’s available. This is fine when the Wi-Fi service is trustworthy – eg your own – but you can’t trust public hotspots. As for your workplace, it may have trustworthy Wi-Fi, but it may also be monitoring network traffic.
As with laptops, one solution is to use a VPN (virtual private network) that encrypts all your data to protect it from Wi-Fi snoopers. Android has a VPN client built in: see “VPN settings” on the wireless and networks page. Otherwise, try to use secure web addresses – ones that start with https:// etc.
Some phones may connect automatically to any handy Wi-Fi network, and if so, make sure this feature is turned off. Alas, even if you’re not connecting to random Wi-Fi networks, they may still be tracking you. This includes retailers who track your movements through their stores. Some people have even been tracked by London rubbish bins.
If you can do without Wi-Fi and Bluetooth when away from home, turn them off. If you must do mobile banking from a phone without a VPN connection, use your cellular phone connection instead.
The Android operating system has only one core function, which is to collect data about you and use it to deliver targeted advertisements. In order to use the Android name, phone suppliers are obliged to bundle it with Google software and services, including access to the Play store. The path of least resistance is to use all Google’s services, which is what it wants. For your further convenience, other companies may want to join in the fun, adding access to Facebook, Twitter, LinkedIn and other services to their apps. This creates the problem that if a single service is hacked, the bad guys may get access to a lot of your private data.
So, don’t put all your eggs in one basket. You will help to protect your privacy and increase your security if you avoid the defaults and use alternative apps and/or services. This is true for Apple and Microsoft users, too.
Many of these alternatives are well known. For example, you can have your photos automatically uploaded to Dropbox and downloaded to your PC, and you can use an alternative app (eg K-9 Mail) or mail service (eg Outlook.com) instead of Gmail. Instead of Google’s browser, you can use Firefox or Dolphin etc.WhatsApp is good for messaging as it uses your phone number as your user identity, encrypts messages, and does not store messages on a server. There are loads of articles about alternatives to Google apps and services, which you can find by searching DuckDuckGo.
Android security is always a hot topic on these here Nets of Inter -- and almost
always for the wrong reason.
Most of the monthly missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. In fact, if you look closely, you'll start to notice that most such stories come from studies commissioned by companies that -- gasp! -- make their money selling malware protection programs for Android phones. (Pure coincidence, right?)
The reality is that Google has some pretty advanced methods of protection in place for Android, and as long as you take advantage of them and use a little common sense, you'll almost certainly be fine. The biggest threat you should be thinking about is your own security surrounding your devices and accounts -- and with the end of the year in sight, it's a prime time to perform a personal audit and make sure your setup is all up to date and kosher.
So take a few minutes and perform these quick and easy steps. Then you'll know you're ready to start the new year lean, clean, and secured as can be.
You've probably granted countless apps access to parts of your Google account over the months and years -- which is no big deal in general, but if you're no longer using those apps, you might as well close and lock the doors.
Visit this page in Google's security settings to see a list of everything that's authorized and what exactly it can access. If you see anything you don't recognize or that you no longer use, click it and then click the blue "Remove" button to give it the boot.
Anytime you sign into a new device with your Google account -- be it an Android phone or tablet, a Chromebook, or even just the Chrome browser on a regular PC -- that device is added to a list and associated with your account.
Click over to this page in Google's security settings and give your list a once-over. If you see any old devices you no longer use, click on them and then click the bright red button to make sure they no longer have access to your account. And if you see any devices you've never used, remove them right away -- and then go change your account password immediately.
This one isn't directly related to security, but it's a good bit of housecleaning to perform while you've got your cleaning hat on: Head over to the Google Play Store settings and look at your list of available devices. These are the Android devices that show up as options every time you install a new app from the Play Store Web interface -- and also the devices that show up as options in the Android Device Manager (more on that in a sec).
Go ahead and uncheck the box next to "Show in menus" for any devices you no longer use. And if you see any devices with weird cryptic codenames, click the "Edit" button alongside them and rename them to something you'll recognize.
You might not realize it, but Google has its own utility for tracking, finding, and remotely wiping an Android devicein case you ever lose it -- and the whole system is built right into the operating system.
So what are you waiting for? Make sure all of your phones and tablets are enrolled now, before it's too late. Just head into the Google section of each device's main settings menu (or look for the app called Google Settings), then tap Security and verify that "Remotely locate this device" and "Allow remote lock and erase" are both checked.
You'll also need ensure that location access is enabled on your device -- which it probably is, but it's worth double-checking by pulling up the Location section of your system settings and confirming that the toggle at the top-right is activated.
Now bookmark the Web version of the Android Device Manager and/or download the Device Manager app to your various Android devices. If you ever can't find your phone or tablet, open the app (from the Web or from another device), and you'll be able to pinpoint precisely where the missing gadget was last seen. You can also force it to ring, remotely lock it, or -- in a worst-case scenario -- erase it entirely.
Another often-overlooked fact: Android has the ability to monitor your device for harmful code or suspicious activity -- no third-party apps or add-ons required.
Mosey on back to the Security section within the Google menu of your system settings (or within the Google Settings app) and make sure "Scan device for security threats" is checked. That'll allow Android's Verify Apps system to keep an eye on all apps on your device, even after they're installed, and make sure none of them is doing anything dangerous. The scanning will run silently in the background and never bother you unless something suspicious is found.
Odds are, you'll never even know it's there. But it's a valuable piece of protection and peace of mind to have.
(And remember, too, that this on top of Android's long-standing ability to watch your device for newly installedapplications and instantly check them for potentially harmful code -- and to remotely scan and monitor all apps uploaded to the Play Store before you ever get there. There's also a built-in system for detecting SMS abuse and blacklisting sources that have exhibited shifty behavior in the past. All in all, the bases are pretty thoroughly covered.)
This one should be a no-brainer, but it's important to mention: If you aren't using a security PIN, pattern, or password on any of your devices, start using one. Now.
The most likely cause of a security failure is simply a failure on your behalf to secure your stuff. You are the weakest link, as the cool kids said 10 to 15 years ago.
Embarrassingly dated pop culture references aside, think about it: If your phone has no passcode protecting it, all of your data is just out there and waiting for the taking anytime you leave the device unattended (intentionally or otherwise). That includes your email, documents, social media accounts, and entire photo collection (yes, even those pictures -- hey, I'm not here to judge).
The best part: Android makes it impressively painless to keep your devices secure nowadays. The software's Smart Lock function makes it possible to automatically keep your phone unlocked in a variety of preapproved "safe" conditions -- like when you're at home, when a specific trusted Bluetooth device is connected, or even when the phone is being carried in your pocket -- so the extra security shows up only when it's really needed.
There's no excuse to leave your stuff unprotected anymore. Head into the Security section of your device's settings to get started, if you haven't already.
One of the newer parts of Android's Smart Lock system is the ability to save passwords for websites and apps accessed on your mobile devices. As part of our audit, glance over the list of saved passwords Google has for your account so you'll know what's there -- and while you're at it, take a few seconds to remove any dated items that are no longer needed and don't belong.
A single password isn't enough to protect an important account these days -- especially one as wide-reaching and important as your Google account. Two-factor authentication makes it so that you have to put in a special code in addition to your password in order to get into your account. That increases your level of security significantly and decreases the odds of anyone ever being able to break in and access (or even delete) your personal data.
If you don't yet have two-factor authentication enabled for your Google account, head over to this site to get started. Once you have things configured, you'll use an app like Google's own Authenticator to generate single-use codes from your phone or a third-party alternative like Authy that can run on your phone as well as on other devices.
Speaking of Authy, if you're already using that for two-factor authentication, open the app right now and head into the Devices section of its settings. Look and see exactly what devices are currently authorized to access the app, and remove any that are dated and no longer in use.
Take a deep breath: We're almost done! This last step will take you through a broad security check that'll confirm some of the steps we've already taken and check up on a few lingering odds and ends.
Just go to this Google security site and go through the various steps it presents. It'll make sure you have a current phone number, email, and security question in case you ever lose access to your account and then check a handful of other areas to be 100% sure everything's in good shape.
Consider it your confirmation that your personal security setup is A-OK.
Now that you've made sure your Android security situation is shipshape, think about any third-party security tools you're using (whether you installed them or they came preinstalled on your phone or tablet) and what they're actually adding to your device. I'm talking Lookout, Avast, Norton, McAfee, AVG, Kaspersky -- all those sorts of things.
You've already verified that your device is protected. Android is actively scanning for threats on several levels, both on the server side at the Play Store and on your phone as new apps arrive (from any source) and continuing over time. The operating system is even looking out for SMS-based scams, and the Chrome for Android browser is keeping an eye out for Web-based threats as well.
Beyond all of that, your devices are all enrolled in a sophisticated cross-platform system for remotely tracking, pinging, and erasing as needed. And it's all happening on the native OS level.
So given all of that, is the third-party security app on your phone doing anything that isn't redundant and/or unnecessary? It's probably eating up system resources and impacting performance for no real reason -- and quite likely also costing you money you don't need to be spending -- but is it actually accomplishing anything of value that Android itself isn't already handling in a more direct manner?
The answer is almost certainly no. If having an extra security app makes you feel safer, hey, do what works for you. But if you've completed every step of this audit, there's really no reason you need it -- and every reason to send it packing.
Developed by Webmaster Abbas Shahid Baqir
Webmaster Feedback: firstname.lastname@example.org
All Rights Reserved Copyright, 2010-2020 Student Shelter In Computers ®