Let’s introduce this post with two principles:
- The less you take care of your settings, the more you let Android and apps spy on you.
- The more apps you have, the more you are exposed to hack and data leakage.
Now we have said that, let’s see what you can (must) do to reduce the attack surface.
We’ll give you here many tips, and recommend great free apps.
Protect from lost / thief
Activate the encryption, including on the SD card.
Define a strong password
Don’t be satisfied with a 4-digit code, that could be broken in a few minutes. Define password at least 7 characters long.
Enable screen lock settings
Enable the screen lock after a few minutes inactivity.
Limit information displayed on the screen lock
Don’t popup messages on lock screen through the lock screen privacy options.
Control access to sensitive apps
Request a code to access sensitive app, using Norton App Locker (free) for instance.
Disable voice control
Disable ‘Ok Google’ trusted voice.
Back up your data
Prefer app which back up or synchronise data on the cloud, so if you lose your phone, or need to erase it remotely, you’ll still have your data (especially your passwords, and your pictures).
Enable ‘find my mobile’
Enable “Find my mobile” and make sure you can erase your mobile remotely if needed.
Protect from trackers
Disable location services
Unless you are using it, disable location services.
Disable personalised advertising
Don’t serve Google all your personal information on a platter.
Don’t share any data with developers.
Review and revoke permissions of apps
When not absolutely needed, don’t authorise apps to access your pictures, your location, etc…
Use progressive Web apps instead of apps
Native apps can just help themselves in your phone, which is not the case when you use a browser to access their content (ex newspapers, twitter…).
Use a VPN to hide your IP address
If you have decided to not use a Firewall (which installs as a VPN), you can use a VPN like ProtonVPN (free) to hide your IP address.
Use a browser respectful of you privacy
Use a respectful search engine
Search the web with an engine that doesn’t log all you behaviour. Replace Google Search by DuckDuckGo (free).
Use a secure encrypted mailbox
Use a secure mailbox like ProtonMail or CTemplar (free)
Use secure encrypted messenger
Use a secure encrypted app to chat, like Signal (free)
Protect from hackers
Don’t root your system
Don’t root your system. And only install apps from official stores like Play Store. Make sure automatic download and install are deactivated in the setup.
Update the OS and the apps
Enable auto updates for your operating system. These updates often include critical patches and protections against security threats. Make sure your apps also auto-update to mitigate vulnerabilities.
Activate Google play protect
The scan of all installed app by Google is not an absolute security measure, but it is better than not having it.
Use an antivirus
Use an antivirus like BitDefender (free) as a secondary check of your apps. It is not 100% secure, but it is better than not having it. BitDefender is efficient, light and contains no ad.
Use a firewall (optional)
The Netguard Firewall install itself as a VPN and check all data sent and received by each of your apps. Be aware you can only have one VPN slot active at a time.
Use a password manager
Disable Smart Lock for Passwords and Auto Sign-in. And use a vault like Bitwarden (free) to generate and remember complex and different password for each account you have. It will also synchronise you passwords on all you devices.
Activate TOTP everywhere
Activate two factor authentication (2FA) through TOTP, and use an authenticator app like Authy (free).