Let’s get one thing out of the way right off the bat: If you’re looking for recommendations about Android security suites or other malware-scanning software, you’ve come to the wrong place.
Why? Because, like most people who closely study Android, I don’t recommend using those types of apps at all. Android malware isn’t the massive real-world threat it’s frequently made out to be, and Google Play Protect and other native Android settings are more than enough to keep most devices safe.
There are, however, some areas where third-party apps can add valuable layers onto your Android security picture. They’re less about fighting off theoretical boogeymen and more about proactively protecting your accounts and data.
These are the apps that’ll actually bring a meaningful boost to your privacy and security on Android.
Enhance your Android privacy basics
Android 12 brings a new streamlined app-assessing Privacy Dashboard into the operating system, but if you’re still hanging onto a phone with an older Android version, you don’t have to miss out.
An app called Privacy Dashboard emulates the official Android 12 feature of the same name and gives you a helpful overview of exactly which apps have accessed which permissions on your phone and when. It also makes it as easy as can be to find and adjust any app’s permissions and scale back what sort of data it’s able to access — right from that single streamlined interface.
Beyond that, Privacy Dashboard provides universal access to another Android-12-inspired privacy advantage: the ability to see in real time whenever an app is accessing your camera, microphone, or location via a special icon in the upper-right corner of your screen. It actually offers an improvement over the default Android setup in that area, too, as it shows you persistent icons for camera, microphone, and location access instead of showing only cryptic and difficult-to-decipher dots after the first couple seconds.
Privacy Dashboard is free. The app does inevitably require its own series of advanced system-level permissions in order to do what it needs to do, but it’s all perfectly justifiable for its purpose (and the permissions are explained clearly upon installation). The app is open source, too, and it doesn’t even ask for the ability to access the internet — so it couldn’t transfer information off of your device if it wanted to.
Apps often require sensitive system permissions in order to perform their full range of functions — but if you tap into some of those functions only on occasion, you might not want to leave the associated permissions active forever.
The aptly named Bouncer app is an easy way to make your permission decisions more nuanced. With Bouncer on your phone, every time you give an app a new permission — be it for accessing your location, getting on the internet, viewing your phone’s storage, or whatever the case may be — you’ll see a notification appear at the top of your device. You can tap that notification to tell Bouncer to remove the permission as soon as you exit the app (by switching to another app or returning to your home screen) or after a set amount of time.
Say, for instance, you’re tasked with tweeting from a professional conference, and you want your location to be associated with any tweets you send during the event — but you don’t want Twitter to retain access to your phone’s location eternally. Just grant Twitter the needed location permission, look for the Bouncer notification, and give Bouncer the order to take the permission away when the day is over.
You can even have Bouncer remove a permission automatically every time it’s granted — so something like that Twitter location access can effectively become a temporary permission instead of an ongoing authorization.
Notably, Google added a similar option into the operating system itself that lets you grant a one-time-use-only permission for location, camera, or microphone access if you have Android 11 or higher. But Bouncer brings that same power to any Android device, regardless of its version, and it expands the system to work with permissions beyond just those three as well.
Bouncer costs a dollar to download.
Protect your passwords, accounts, and transactions
LastPass, Keeper, or 1Password
Your passwords are the gatekeepers to your digital life — for the moment, at least — and it’s up to you to make sure they’re properly armed. The secret? Let a password manager serve as your muscle. A good password manager makes it easy to create and maintain strong, unique passwords for however many apps, sites, and services you use.
And on Android, you’ve got some excellent options. LastPass, Keeper, and 1Password all offer exceptional experiences that are easy to use on any Android device as well as any other type of phone, tablet, or computer you rely on.
Each of the tools will do the heavy lifting for you when it comes to both creating secure passwords and then filling ’em into apps or websites as needed, simply by touching a pop-up prompt that appears over the sign-in form and then providing a fingerprint or some other form of authentication.
LastPass provides a solid all-around password management package, while Keeper adds in some useful enterprise-specific security touches, and 1Password offers the advantage of multiple storage options — including your own direct local network connection — for securely syncing your info across different devices.
All three services cost around $35 a year for a fully featured individual tier of service, and all also have team-level pricing options available.
Aside from using strong passwords, the smartest thing you can do to keep your online accounts safe is to use two-factor authentication everywhere it’s offered. Two-factor authentication requires you to have a second form of identifying information — like a code generated by an app on your phone — in addition to your primary password, thus making it substantially more difficult for a modern-day ruffian to get into your account.
The best app for managing two-factor authentication on Android is Authy. The Twilio-owned program outshines Google’s own Authenticator, offering with a modern, intuitive design that makes it a cinch to find and copy codes for any number of 2FA-enabled accounts. It has handy advanced features like support for app-level fingerprint protection, too, and you can even set Authy up to function on multiple devices — including, if you’re so inclined, your desktop computer.
Authy is free.
In addition to protecting your actual accounts, there’s something to be said for safeguarding your email address. Every business wants to get its grubby hands on your address these days, after all — and while most reputable organizations are respectful of your privacy, all it takes is one ethically compromised company to sell your address somewhere questionable and sentence you to an eternity of spam hell.
An app called Blur offers a clever way around that. Blur lets you create a variety of special masked email addresses — random, nonsensical things like firstname.lastname@example.org — and then set ’em up to forward to whatever actual email address you want.
That means anything sent to those addresses will arrive in your regular inbox, as if it had been sent directly to your normal address. But if you ever start noticing spam or excessive marketing material coming into one of your Blur-created addresses, all you’ve gotta do is go into the app’s settings and disable or delete that specific forwarding address to get the noise to stop.
Blur has a bunch of other unrelated features, some of which require a paid subscription to use, but this particular function is free.
Pay by Privacy.com
Compromised credit cards are an all-too-common reality in this modern world of ours. The risk is almost unavoidable, as every time you make an online purchase, you’re putting your card number out into the universe. And all it takes is a single unfortunate breach for that number to fall into the wrong hands.
A thoughtful app called Pay by Privacy.com reduces that risk substantially (though only for folks in the US — sorry, international pals!). The app lets you create single-purpose virtual card numbers for all of your online purchases. You can set specific limits for how much can be charged to each number — per charge, per month, per year, or total — and you can even set cards to be locked down to one-time use only.
That means if any of the numbers do get stolen, they won’t work beyond your legitimate assigned purchases — and all it takes is a flip of a switch within the app to disable the number entirely without affecting any other part of your purchasing setup.
The core Privacy service is completely free, with a limit of 12 virtual card creations per month. If you need more than that, a pro-level plan triples that limit and adds in some other extra options.
And while Google is planning to bring a similar virtual-card feature into Android this summer, it’s (a) much more limited in which specific sorts of credit cards are compatible and (b) far less powerful in terms of the control it gives you over limits, recurring payments, and other such potentially useful options.
(For full transparency, Privacy sponsored three issues of my Android Intelligence newsletter last year. I don’t have any active business relationship with the company as of this writing, and it did not in any way pay for (or even know about) this recommendation. I became personally aware of the service because of that sponsorship and then started to use it myself, and I’ve stuck with it — at the free level — ever since.)
Add in extra layers of encryption
NordVPN or ExpressVPN
Virtual private networks, or VPNs, can be an effective way of keeping your phone-based data transmissions private and secure — particularly when you’re using public Wi-Fi networks, which are notorious for letting outsiders “snoop” and see all sorts of sensitive info from your sessions.
Your best bet for work is to use your company’s own VPN service, assuming one is available. If you use Google’s Fi wireless service or pay for extra storage via the Google One program, you also have access to a trustworthy VPN at no extra cost through Google itself.
In any other situation, NordVPN and ExpressVPN are among the most widely recommended third-party options, earning strong praise from privacy guru (and frequent Computerworld contributor) Steven J. Vaughan-Nichols and landing within the top VPN picks of Computerworld sister site PCWorld along with Android Central, PCMag, TechRadar, Tom’s Guide, and numerous other prominent outlets.
Both services promise heavy-duty encryption for all of your mobile traffic, and both cost around 12 bucks for a single month of access or $100 for a year-long subscription. And both are about as reputable and well-reviewed as you could ask for in this arena.
When you need to know your emails won’t be intercepted, ProtonMail is the app you want to use. Founded by scientists at CERN (the European Organization for Nuclear Research), ProtonMail uses an open-source method of end-to-end encryption to keep your messages safe from prying eyes. You don’t have to provide any personal information, and the company says it keeps no records of IP addresses or anything else that could link you to your account. In fact, the company says even its own employees couldn’t read or access your messages if they wanted to.
The best part about all of ProtonMail’s security is that it requires next to no effort on your behalf: You simply create an account with the service and then email away. If you’re emailing someone else with a ProtonMail address, encryption is automatic. If you need to contact someone with a non-ProtonMail address, you can tap an icon in the app’s compose tool to create a password and a hint; the recipient will then be sent only that information and will have to use the password to decrypt your message.
Security aside, ProtonMail’s Android app is cleanly designed and pleasant to use. The app has customizable labels and folders and even allows you to define custom swipe gestures for your inbox (swiping left on a message to mark it as read, for instance, and swiping right to archive or delete). It even has an option for creating self-destructing messages, should the need ever arise.
ProtonMail is free at its most basic level, which includes one address, 500MB of storage, and up to 150 messages a day. You can get more storage, more messages per day, and additional features — including email filters, an auto-responder system, and support for custom domains — starting at $48 a year.
Signal Private Messenger
Signal does for texting what ProtonMail does for email: The open-source service allows you to communicate securely with contacts, using end-to-end encryption and without any of your data ever being accessed or stored on a remote server. The app also allows you to conduct encrypted voice and video calls with other Signal users.
On the surface, Signal looks and feels just like any other texting app: You can find people from your regular contacts database or simply enter a phone number to start a conversation. If the other person also uses Signal, the conversation will be secure — and you’ll see the option to launch a secure voice or video chat as well. If your recipient isn’t using Signal, you’ll still be able to text normally and will see a prominent “Unsecured SMS” warning in the message field.
Signal is free, and no accounts are required; you just open the app, input and then verify your phone number, and you’re ready to roll.
Solid Explorer File Manager
Pretty much all current Android phones come with encryption enabled out of the box at this point, but if you want an extra layer of protection for certain files or folders, Solid Explorer will get the job done.
As an Android file manager, Solid Explorer lets you browse and manipulate the files on your device’s local storage as well as on a variety of third-party cloud storage services — including Dropbox, Google Drive, and Microsoft OneDrive — if you choose to connect them. When you have a file or folder you want to protect, you just find and highlight it within the app and then select “Encrypt” from the main menu.
After that, all you have to do is type in a password and optionally activate fingerprint authentication, and the file will then be viewable only after your credentials have been entered.
Solid Explorer costs $3 after a free two-week trial.
Most note-taking services use encryption, which means any data you send and receive from the service as you’re using it is protected and not visible to anyone who might be trying to snoop on your activity.
But most don’t use end-to-end encryption, which means it’s theoretically possible for someone within the providing company to access your data while it’s sitting on the server. Realistically, with a company you know and trust, the odds of that happening are pretty darn low, and most privacy policies explicitly promise it won’t happen. But it’s still technically possible, and your data isn’t as protected as it could be.
If you want the maximum privacy protection for your notes, a privacy-first and impressively polished service called Notesnook is exactly what you need. Notesnook uses heavy-duty end-to-end encryption that makes it virtually impossible for anyone other than you to see your information. It also offers a special vault feature on top of that to add multilayer encryption onto especially sensitive notes and require a fingerprint or passcode to unlock ’em.
In addition to Android, Notesnook makes all your stuff available via its web app as well as in native apps for Windows, macOS, iOS, and Linux. Its core service is free, while a $5-a-month or $50-a-year pro upgrade gives you a bunch of extras — including the ability to encrypt attachments, create unlimited notebooks for organization, and use a full range of advanced note formatting tools (such as checklists, tables, and embedded images and videos).
Just like with note-taking services, most document and photo apps — including Google’s Docs and Photos services — encrypt your data while it’s being transferred. And for most practical purposes, that’s plenty fine.
But those sorts of services don’t typically use full end-to-end encryption, which, again, ensures that no one (including artificial intelligence layers, like those that do impressive things with your images in Google Photos) could ever access it anywhere.
If you have exceptionally sensitive stuff in your document or photo collections, a service called Cryptee will provide it with the maximum amount of protection. Cryptee applies a healthy helping of extra encryption onto all of your material, making sure it could never be visible to anyone you haven’t explicitly authorized.
Cryptee can work for any sort of file storage, but it has its own fully featured document editor and photo gallery, which makes it especially well-suited for those two areas. And while the service isn’t available as a traditional Android app, it can be installed as a progressive web app — which looks and works just like an app and even functions when you’re offline. (Fittingly enough, Cryptee says it went that route because of — why else? — optimal privacy protection.)
Cryptee is free at its base level, which gives you 100MB of space. If you need more (and you almost certainly will!), you can upgrade to 10GB for roughly $3 a month and then onward from there.
Consider privacy-minded app alternatives
Firefox Focus provides the simplest and most effortless private browsing experience on Android. Quite literally, all you do is open the app and go: No history, cookies, or passwords are ever saved, and the app automatically blocks trackers and ads across the web. When you’re done with a page, you tap a trash can icon in the corner of the screen, and poof: It’s gone forever, with no trail left behind.
Firefox Focus, which is free, has a handful of settings for controlling the nuances of its blocking features, but there’s really not much more to it. If you want to browse the web without leaving a trace (at least, as far as the browser itself is concerned), this is by far the easiest way to do it.
Gboard may be the best all-around Android keyboard app for most people, but like most contemporary keyboard options, it invariably requires ongoing network access in order to operate.
To be clear, that’s perfectly sensible: Without network access, there’s no way Gboard (or other similar keyboard apps) could perform various types of built-in searches or translations and connect to the internet to transmit the info they need.
Still, while Google and other major players are adamant about the fact that they’ll never do anything dubious with your data, you might want a keyboard where privacy is a core part of the package. And that’s exactly what Simple Keyboard is. The keyboard requires no network access permission and has no way to transfer any sort of data off your device even if it wanted to — giving you complete assurance that every last letter you tap is 100% private all the time.
The tradeoff, of course, is functionality: Simple Keyboard is, as its name suggests, quite simple. You won’t get text correction, next-word prediction, or even the often-network-requiring voice typing capability.
But if privacy is paramount for you, it’s a supremely minimalist option that’ll absolutely get the job done.
This article was originally published in April 2018 and most recently updated in June 2022.
Copyright © 2022 IDG Communications, Inc.