Chances are that you have either an Apple or an Android-based smartphone. Smaller chances include a windows phone. However, most of the people don’t care about anything more than knowing how to call, send SMS and install Facebook after Candy Crush…

This post is telling about things you should pay attention to if you are an Android user.

You will probably use your phone more than anything else to connect to the world: online banking (even if just  receiving SMS TAN codes to authorize payments), chatting about your love life with your partner(s), taking personal and sometimes highly private pictures, and putting that all on some kind of Social Media – we do all that daily, almost contantly.

Check the phone’s specs before buying it

Sometimes you can get cheap phones from China or Christmas sales. These are sometimes older models (couple of years old). Those will probably be end of the possible life from a software point. Unfortunately this is not always the fault of the phone vendor…

Your smartphones run on a SoC (one chip that contains cpu, graphics, memory, phone modem, GPS etc), and they have proprietary driver, dedicated to an Android version’s kernel. No newer driver means no updates to a fresh Android version.

Would you buy a car you cannot buy new winter tires for?…

You can have bad luck and getting something with Android Kitkat 4.4.x, which still had 75%+ market share as of mid of last year, and is like a Swiss cheese.

Well, at least you can choose from a lot of methods how to root the phone easily if you want…

Secure the access

I see a lot of people just using swipe unlock. Your phone can be stolen or lost. Happens some. Just think about it, when I would borrow you’re phone, would you like me to check out all your emails, browsing history, personal contacts, SMS, Facebook? Probably not.

Use a secure unlock code or pattern.

I use the subway a lot. Most people use their phones to kill time. I have whitenessed countless L or I shaped unlock codes. Yeah… Or 1234, 2570 etc. It works as long I don’t see you use it once. I might be your colleague during you grabbing a coffee.

I could recommend using a password over keyboard, but seriously, nobody is going to type that in 20x a day. Best is to disable visual display of the input, some Android versions have that feature available hidden in the settings…

Sometimes you can also make the 3×3 pattern matrix to a 4×4 or 5×5. Helps to confuse the remote eye a bit, and you can still get used to it.

Encryption: on!

If you have switched off the phone, there are still good chances to get all your data-at-rest from the SD card dumped…

Newer Android versions come with default FDE (full disk encryption), but use a default well-known password if you don’t use a numeric pin or password or pattern to unlock the device.

Keep your updates installed

Even having the latest version of Android means you are everything month more and more vulnerable to the almost weekly found issues in the Android OS.

Depending what device you own, you can have either a caring provider, who keeps up with the recent monthly security patches from Google, or at least quarterly/yearly is highly recommended.

For those concerned about Internet security, I will write a next post on how to secure communication between actors and their devices.

(Android icon from official website)