With more phone manufacturers extending the Android update support period to four versions, more users will need the following tips…

According to Check Point Research, some threat statistics about the Android threat landscape from their own research are:

  • Among victims of mobile malware, those using Android 11 have been the most prevalent, followed by users of versions 8 and 5.
  • Newer versions of the operating system typically present more challenges for malware to work, or require more actions from the victim before being able to function as intended.
  • More than 87% of malware victims were running outdated Android versions that are no longer supported and, consequently, not receiving security fixes. (Editor’s note: Device sustainability issues are worth addressing, as this article shows.)

Staying safe with Android devices

The following tips also apply to users of non-Android smart devices, but in general, some unique Android market characteristics are also addressed:

  • Install apps from trusted sources: Download and install apps from reputable sources such as official app stores. For Android devices, this would be the Google Play Store. However, even this store is no guarantee of safety. Therefore, many or all of the other aspects of device security measures below are needed to fill any gaps left by the official app stores.
  • Avoid third-party app stores, and be cautious with apps that have few downloads or multiple fact-based poor reviews. Nowadays, even good reviews can be faked. Therefore, focus on the bad ratings and use your discretion in sieving out possibly disingenuous rants. Real, useful poor reviews typically contain actual references to the version being rated; the faults or bugs involved; the circumstances that can replicate the problem; and whether the software firm has responded to the rant.
  • Do not be tempted by hacked versions of popular apps: Unless you know what you are doing, steer clear of hacked/modified popular apps distributed in bespoke websites or social media forums as APK files.
  • Not running an app does not mean it cannot spy on you: People who may have inadvertently installed a malware app may feel relieved that they had not launched it yet when informed, but in fact, installed apps can lurk in the background unless they are put into deep sleep by the most recent versions of Android. It is your responsibility to tweak your phone’s customized build of Android to allow it to monitor all app activity and suggest apps that should be put to sleep or deep sleep, and which apps are using too many resources or too much power in the background.
  • Keep your Android device’s default settings for app permissions restrictive. During the app installation process, beware of required permissions that do not seem to make sense. For example, why would an e-book reader app require permission to access your phone camera? General rule: when in doubt, deny the app’s request. If this breaks the app, then find a replacement that does not need this permission.
  • Keep your system software and apps updated: Regularly update your Android operating system and extraneous apps. Updates often include security patches that protect against newly discovered vulnerabilities. Enable automatic updates to ensure you receive the latest protections without delay. However, note that major system or app version updates themselves have been known to contain new bugs and zero day vulnerabilities! Therefore, monitor the device after all updates, for signs of unusual behavior. Check if any new feature(s) in the update could be causing the behavior. Sometimes, an unwanted feature could be set to ON by default, and you will need to turn it OFF. Finally, scan the app with a cybersecurity software, or better still, always have a malware detection app running in the background to alert you of unusual app or system behavior.
  • Use a dispensable “burner phone” for peace of mind: In other words, if you can spare the resources, use a phone with maximum cybersecurity measures in place — for the most sensitive and critical activities such as financial transactions. Nothing else should be installed on it, and it should be OFF or in Airplane mode when not in use. All other non-critical activities can be performed on a cheaper, dispensable phone for general use. (but it still needs to have strong cybersecurity and privacy measures activated.)
  • Use a reputable mobile cybersecurity app: This useful watchdog can offer real-time protection against malware, bugs or other unintended outcomes of your device usage patterns/mistakes. Such apps can scan for malicious software, detect suspicious activity, and provide additional security features like anti-theft measures and safe browsing. Beware of new apps/authors distributing “free” software masquerading as VPN or other cybersecurity services that are actually trojans!

On top of actual cybersecurity related measures, users are also advised to be circumspect about maximizing privacy on their Android device.

  • The more apps you install, the higher the risk of the apps — however legitimate — sending your personal data to third party storage servers that could become infiltrated. Therefore, minimize the number of apps installed on your Android device for maximum privacy.
  • What you ask generative AI Chatbots can come back to haunt you: Did you know that if you are not careful, what you ask of ChatGPT is stored in external servers, and this can be used to train the chatbot’s models for responding to future queries? If any personally identifiable information ever gets used in future chatbot quirks and freak incidents, you (as the originator of a sarcastic comment or a bad joke) may become famous globally! Fortunately, AI firms are fixing the problem now.
  • Ever heard of the term “degoogled phones”? For people who do not trust even legitimate apps from Android’s creator Google, and apps from phone manufacturers — who add bloatware that could sometimes contain privacy-intrusion features activated by default — it is time to dig into every privacy and location-tracking-related settings to get them turned off. Degoogling is a more extreme process, but you can find out more online.