You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.
So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.
1. App permissions
A rarely spoken reality of Android security is that your own negligence — either in failing to properly secure your device in some way or in leaving open too many windows that allow third-party apps to access your info — is far more likely to be problematic than any manner of malware or scary-sounding boogeyman.
So let’s address the first part of that right off the bat, shall we? Despite what some sensational stories might lead you to believe, Android apps are never able to access your personal data or any part of your phone unless you explicitly give ’em the permission to do so. And while you can’t undo anything that’s already happened (unless you happen to own a time-traveling DeLorean — in which case, great Scott, drop me a line), you can go back and revisit all your app permissions to make sure everything’s in good shape now.
That’s advisable to do periodically, anyway, and particularly now — as the last couple Android versions included some important new app permission options. Specifically, you can now let apps access your location only when they’re actively in use, instead of all the time (as of Android 10) and approve certain permissions only on a one-time, limited-use basis (as of Android 11). But any apps that were already on your phone by the time those upgrades arrived would’ve already had full, unrestricted access to those areas of your device. And it’s up to you to revisit ’em and update their settings as needed.
So do this: Head into the Privacy section of your system settings and find the “Permission manager” line. That’ll show you a list of all available system permissions, including especially sensitive areas such as location, camera, and microphone — the same three areas, incidentally, that can be limited to one-time use only on any phone running Android 11. (And if you don’t see a “Permission manager” option on your phone, try looking in the Apps section instead. You can then pull up one app at a time there and find its permissions that way.)
Tap on a specific permission, and you’ll see a breakdown of exactly which apps are authorized to use the permission in what way.
You can then tap on any app to adjust its level of access and bring it down a notch, when applicable, or remove its access to the permission entirely.
If there’s one section of Android security settings worth spending the time to revisit, this is without a doubt it.
2. Google Play Protect
Speaking of apps on your phone, this is a fine time to talk about Google Play Protect — Android’s native security system that, among other things, continuously scans your phone for any signs of misbehaving apps and warns you if anything suspicious emerges.
(And yes, it does sometimes fail to detect shady players immediately — something that gets played up to a comedic degree in those misleading marketing campaigns — but even in those instances, the real-world threat to most folks is typically quite minimal.)
Unless you (or someone else) inadvertently disabled it at some point, Play Protect should be up and running on your phone already — but it certainly can’t hurt to double-check and make sure.
To do so, just open up the Security section of your Android system settings. Tap the line labeled “Google Play Protect,” then tap the gear icon in the upper-right corner and make sure the toggles there are activated.
Back on the main Play Protect screen, you’ll see a status update showing you that the system is active and working. It works entirely on its own, automatically, but you can always trigger a manual scan of your apps on that same page, if you’re ever so inclined (or maybe just feeling slightly bored).
3. Safe Browsing
Chrome is typically the default Android browser — and as long as you’re using it, you can rest a little easier knowing it’ll warn you anytime you try to open a shady site or download something dangerous.
While Chrome’s Safe Browsing mode is enabled by default, though, the app has a newer and more effective version of the same system called Enhanced Safe Browsing. And it’s up to you to enable and opt in to it.
You can read more about what exactly Enhanced Safe Browsing is, why it might be advantageous to activate, and how you can get it up and running on your own device in this Chrome security column of mine from last week.
4. Lock screen limitations
If someone else ever gets their sweaty paws on your phone, you don’t want them to be able to access any of your personal information — right?
Well, take note: Android typically shows notifications on your lock screen by default — which means the contents of emails or other messages you receive might be visible to anyone who looks at your device, even if they can’t unlock it.
If you tend to get sensitive messages or just want to step up your security and privacy game, you can restrict how much notification info is shown on your lock screen by going to the Privacy section of your system settings, tapping the line labeled “Notifications on lock screen,” and then changing its setting from “Show all notification content” to either “Show sensitive content only when unlocked” (which will filter your notifications and put only those deemed as “not sensitive” onto the lock screen) or “Don’t show notifications at all” (which, as you’d expect, will not show any notifications on your lock screen whatsoever).
If you’re using a Samsung phone, you’ll find those same options within the dedicated Lock Screen section of the system settings — though, unfortunately, with less nuance involved (as Samsung has for no apparent reason removed the “sensitive” notification differentiation from the settings on its version of Android).
And speaking of the lock screen…
5. Smart Lock
Security is only useful if you actually use it — and given the extra level of inconvenience it often adds into our lives, it’s all too easy to let our guards down and get lazy after a while.
Android’s Smart Lock feature is designed to counteract that tendency by making security a teensy bit less annoying. It can let you automatically keep your phone unlocked whenever you’re in a trusted place — like your home, your office, or that weird-smelling restaurant where you eat barbeque sandwiches almost disgustingly often — or even when you’re connected to a trusted Bluetooth device, like a smartwatch, some earbuds, or your car’s audio system.
Look for the “Screen Lock” option in the Security section of your system settings — or the Lock Screen section, on a Samsung phone — to explore the possibilities. (And if you ever find the Trusted Places part of Smart Lock isn’t working reliably, by the way, here’s the 60-second fix.)
6. Two-factor authentication
This next one’s technically a Google account feature and not specific to Android, but it’s very much connected to Android and your overall smartphone security picture.
You know what two-factor authentication is by now, right? And you’re using it everywhere you can — especially on your Google account, which is probably associated with all sorts of sensitive data? RIGHT?!
If you aren’t, by golly, now’s the time to start. Hustle over to the Google section of your phone’s system settings, tap “Manage your Google Account,” and then scroll across that top row to select the “Security” tab. Find and tap “2-Step Verification” and follow the steps to set things up.
For most people, I’d recommend using your phone’s own “Security Key” option as the default method, if it’s available, followed by “Google prompts” and an authenticator app as secondary methods. For that last part, you’ll need to download and set up an app like Google’s own Authenticator or the more flexible Authy to generate your sign-in codes.
It’ll add an extra step into your sign-in process, but this is one area where the minor inconvenience is very much worth the tradeoff for enhanced protection.
7. Lockdown mode
Provided you’re using a phone with Android 9 or higher (and if you aren’t, switching over to a current phone that actually gets active software updates should be your top security priority!), an option called lockdown mode is well worth your while to investigate. Once enabled, it gives you an easy way to temporarily lock down your phone from all biometric and Smart Lock security options — meaning only a pattern, PIN, or password can get a person past your lock screen and into your device.
The idea is that if you were ever in a situation where you thought you might be forced to unlock your phone with your fingerprint or face — be it by some sort of law enforcement agent or just by a regular ol’ hooligan — you could activate the lockdown mode and know your data couldn’t be accessed without your explicit permission. Even notifications won’t show up on your lock screen when the mode is activated, and that heightened level of protection will remain in place until you manually unlock your phone (even if the device is restarted).
The trick, though, is that on certain phones — particularly those that shipped with earlier Android versions and were upgraded to Android 9 at some point — you have to enable the option ahead of time in order for it to be available. To confirm that it’s activated on your device, open up your system settings, search for the word lockdown, and make sure the toggle alongside “Show lockdown option” is set into the on position.
With that enabled, you should see a command labeled either “Lockdown” or “Lockdown mode” anytime you press and hold your phone’s power button. With any luck, you’ll never need it. But it’s a good added layer of protection to have available, just in case — and now you know how to find it.
8. Screen pinning
One of Android’s most practical security options is also one of its most hidden features. I’m talking about screen pinning — something introduced way back in 2014’s Lollipop era and rarely mentioned since.
Screen pinning makes it possible for you to lock a single app or process to your phone and then require a password or fingerprint authentication before anything else can be accessed. It can be invaluable when you pass your phone off to a friend or colleague and want to be sure they don’t accidentally (or maybe not so accidentally) get into something they shouldn’t.
To use screen pinning, you’ll first need to activate it by opening that trusty ol’ Security section in your main system settings and then finding the line labeled “Screen pinning.” (You’ll probably have to tap a line labeled “Advanced” or “Other security settings” in order to reveal it.) Turn the feature on and also make sure the toggle to “Ask for unlock pattern before unpinning” is activated.
Now, the next time you’re about to place your phone in someone else’s hands, first open up your system Overview interface — either by swiping up from the bottom of your screen and holding your finger down, if you’re using Android’s gesture system, or by pressing the square-shaped button, if you’re still hanging onto the old-school three-button nav setup.
On any phone running reasonably recent software, you’ll then tap the icon of the app you want to pin, directly above its card in that Overview area. And there, you should see the Pin option.
Once you’ve tapped that, you won’t be able to switch apps, go back to your home screen, look at notifications, or do anything else until you exit the pinning and unlock the device. To do that, with gestures, you’ll swipe up from the bottom of your screen and hold your finger down — and with the old three-button nav setup, you’ll press the Back and Overview buttons at the same time.
9. Guest Mode
If you want to go a step further and let someone else use all parts of your phone without ever encountering your personal information or being able to mess anything up, Android has an incredible system that’ll let you do just that — with next to no ongoing effort involved.
It’s called Guest Mode, and it’s been around since 2014, despite the fact that most folks have completely forgotten about it. For a detailed walkthrough of what it’s all about and how you can put it to use, see my separate Android Guest Mode guide from a few weeks back.
10. Find My Device
Whether you’ve simply misplaced your phone around the house or office or you’ve actually lost it out in the wild, always remember that Android has its own built-in mechanism for finding, ringing, locking, and even erasing a device from afar.
Like Play Protect, the Android Find My Device feature should be enabled by default. You can make sure by heading into the Security section of your system settings and tapping the line labeled “Find My Device.” Double-check that the toggle at the top of the screen is turned on.
Using a Samsung phone? Samsung provides its own superfluous, redundant service called Find My Mobile, but the native Google Android version will bring all of your devices together into a single place — not only those made by Samsung — and is also more versatile in how and where it’s able to work. On a Samsung device, the easiest way to find the Android Find My Device setting is to search your system settings for the phrase Find My Device.
Once you’ve confirmed the setting is enabled, if you ever need to track your phone down, just go to android.com/find from any browser or do a Google search for “find my device.” (There’s also an official Find My Device Android app, if you have another Android device and want to keep that function standing by and ready.)
As long as you’re able to sign into your Google account, you’ll be able to pinpoint your phone’s last known location on a map and manage it remotely within a matter of seconds.
11. Emergency contact info
Find My Device is a fantastic resource to have — but in certain situations, you might get a missing phone back even faster with the help of a fellow human.
Give people a chance to do the right thing by adding an emergency contact that can be accessed and dialed with a few quick taps from your lock screen. To start, go to the About Phone section of your system settings, then find and tap the line labeled “Emergency information.”
Tap the appropriate line and follow the prompts to add an emergency contact — a close friend, family member, significant other, random raccoon, or whatever makes sense for you.
Easy peasy, right? Well, almost: The only challenge is that the emergency contact info isn’t exactly obvious or simple to find on the lock screen — go figure — so anyone who picks up your phone might not even notice it.
But wait! You can increase the odds considerably with one extra step: Head into the Display section of your settings, tap “Advanced” followed by “Lock screen,” then tap the line labeled “Add text on lock screen” and enter something along the lines of: “If you’ve found this phone, please swipe up and then tap ‘Emergency’ and ‘View emergency information’ to notify me. Thank you!” (Hey, it can never hurt to be polite.)
That message will then always show up on your lock screen — and as an added bonus, if there’s ever an actual emergency, you’ll be ready for that, too.
Using a Samsung phone? For no apparent reason (sensing a theme here?), Samsung has removed the direct emergency contact system and instead offers only the ability to place plain text on your lock screen. You can find that, though, by making your way into the Lock Screen section of your system settings and looking for the line labeled “Contact information” — and there, you can just type in your emergency contact info directly and hope that someone finds it and then dials it from their own phone.
One more thing…
Now that you’ve got your Android security settings optimized and in order, take 10 minutes to perform an Android security audit. It’s a throughout checkup I’ve created for the state of security on both your phone and your broader Google account — and it’s well worth doing at least once a year.
The best part of this checkup? It’s completely painless — and unlike with most preventative exams, removing your pants is entirely optional.
Want even more Googley knowledge? Sign up for my weekly newsletter to get next-level tips and insight delivered directly to your inbox.
[Android Intelligence videos at Computerworld]
Copyright © 2020 IDG Communications, Inc.