Basic security for Android

Updated 1 February 2021

Table of Contents

...Loading Table of Contents...

    This guide lists steps you should consider taking when setting up your Android phone (or device). However, before implementing below changes, it is strongly recommended that you read How to use mobile phones as securely as possible and How to use smartphones as securely as possible. Those two guides will help you make informed decisions about what you store on your Android device and how you communicate with it.

    Required reading

    1. Security-related settings for Android

    1.1 Access to your phone

    Enable Lock SIM card, found under Settings -> Personal -> Security -> Set up SIM card lock. This will mean that you must enter a PIN number in order to unlock your SIM card each time your phone is switched on, with out the PIN no phone calls can be made.

    Set up a Screen Lock, found under Settings -> Personal -> Security -> Screen Lock, which will ensure that a code, pattern or password needs to be entered in order to unlock the screen once it has been locked. We recommended using the PIN or Password option, as these are not restricted by length. You can find more information on creating strong passwords in How to create and maintain secure passwords.

    Set the security lock timer, which will automatically lock your phone after a specified time. You can specify a value which suits you, depending on how regularly you are willing to have to unlock your phone.

    1.2 Device Encryption

    If your device uses Android version 4.0 or newer, you should turn on device encryption. This can be done in Settings -> Personal -> Security -> Encryption. Before you can utilise device encryption, however, you will be required to set a screen lock password (described above).

    Note: Before starting the encryption process, ensure the phone is fully charged and plugged into a power source.

    1.3 Network settings

    Turn off Wi-Fi and Bluetooth by default. Ensure that Tethering and Portable Hotspots, under Wireless and Network Settings, are switched off when not in use. Settings -> Wireless & Networks -> More -> Tethering & Mobile hotspot.

    If your device supports Near Field Communication (NFC), this will be switched on by default, and so must be switched off manually.

    1.4 Location settings

    Switch off Wireless and GPS location (under Location Services) and mobile data (this can be found under Settings -> Personal -> Location).

    Note: Only turn on location settings as you need them. It is important not have these services running by default in the background as it reduces the risk of location tracking, saves battery power and reduces unwanted data streams initiated by applications running in the background or remotely by your mobile carrier.

    1.5 Caller Identity

    If you want to hide your caller-ID, go to Phone Dialler -> settings -> Additional Settings -> Caller ID -> hide number.

    1.6 Software Updates

    To ensure that you phone remains secure it is strongly recommended to keep your software updated. There are two types of updates that need to be checked:

    1. The phone operating system: go to: settings -> About phone -> updates -> check for updates.

    2. Apps you have installed: Open the Play store app, from the side menu select My Apps.

    Note: When updating your phones software it is important to do it from a trusted location such as your internet connection at home instead of somewhere like an internet cafe or coffee shop.

    2. Apps for Android

    We have a number of Tools Guides for Android apps that we recommend installing on your device. These guides will walk you through installing, configuring and using the apps on your Android Devices.

    2.1 Secure communications, email, text messaging, voice and video calls

    Delta Chat

    License: FOSS GNU General Public License v3.0 / Requirements: Android 4.1 and up.

    Details: Sends text; voice memo; sending files or photos. Can be self-hosted in any email server. Phone number not required, but to communicate with others you need to let them know your email.

    Element

    License: FOSS (Apache 2.0) / Requirements: Android 5.0 and up

    Details is a free open source messaging app that can be self-hosted or 3rd party hosted (on matrix.org server). Voice/video calls are only available from the phone; There is no group voice/video calls available; It is always important to check if end-to-end encryption is activated. This is indicated by a black shield on chat lead icon. You can manually activate it in the chat settings.

    K-9 Mail

    License: FOSS (Apache 2.0) / Requirements: Android 4.0.3 or newer

    Details: K-9 Mail is a mail client that integrates with Open Key Chain to allow you easily send and receive GnuPG encrypted emails.

    Open Key Chain

    License: FOSS (GPL v3) / Requirements: 4.0.3 or newer

    Details: Lets you encrypt your Files and Communications. Compatible with the OpenPGP Standard.

    ProtonMail

    License: FOSS (MIT License) / Requirements: Android 5.0 or newer

    Details: is an encrypted email service that is seamlessly integrating PGP end-to-end encryption.

    Signal Private Messenger

    License: FOSS (GPL v3) / Requirements: Android 4.4 and up.

    Details: Allows you to exchange encrypted messages, voice/video calls, images and files. Requires email or phone number registration.

    Wire

    License: FOSS (GPL v3) / Requirements: Android 4.4 and up.

    Details: Allows you to exchange encrypted messages, voice/video calls, images and files. A valid phone number is required to register.

    2.2. Passwords management and two-factor authentication

    Aegis Authenticator

    License: FOSS (GPL v3) / Requirements: 5.0 or newer

    Details: is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.

    KeePassDX

    License: FOSS GPL v3 / Requirements: Android 4.0 and up

    Details: is a free open source password manager for Android, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key and/or a key file.

    2.3. Data encryption and removal

    Boxcryptor

    License: Proprietary License / Requirements: Android 5.0 and up

    Details: allows you to encrypt your files locally and access them via your smartphone or tablet.

    CCleaner

    License: FOSS (GPL v2) / Requirements: Varies with device

    Details: allows you permanently delete traces of your activities and temporary files.

    EDS Lite

    License: FOSS (GPL v2) / Requirements: Varies with device

    Details: is a free and opensource virtual disk encryption software for Android. It allows you to store your files in an encrypted container. VeraCrypt(R), TrueCrypt(R), LUKS, EncFs container types are supported.

    Open Key Chain

    License: FOSS (GPL v3) / Requirements: 4.0.3 or newer

    Details: Lets you encrypt your Files and Communications. Compatible with the OpenPGP Standard.

    Tella

    License: FOSS (GPL v3) / Requirements: 4.0.3 or newer

    Details: Lets you encrypt your Files and Communications. Compatible with the OpenPGP Standard.

    2.4. Malware, virus and phishing

    Avira Antivirus

    License: Proprietary License / Requirements: Android 6.0 and up.

    Details: Anti-Virus software that will scan your phone for malicious apps and files. It will also allow you to locate your phone if lost.

    Malwarebytes

    License: Proprietary License / Requirements: Android 6.0 and up

    Details: scans for viruses and malware, and aggressively detects ransomware, PUPs, and phishing scams.

    Glasswire

    License: Proprietary License / Requirements: Android 6.0 and up.

    Details: is a mobile firewall and data usage monitor.

    2.5 Secure browsing and network circumvetion

    Firefox

    License: FOSS / Requirements: Android 6.0 and up.

    Details: brings the experience of Firefox Browser for the desktop to your mobile phone.

    OpenVPN for Android

    License: FOSS (GPL v2) / Requirements: Android 4.0 and up.

    Details: Allows you to tunnel your apps, that connect to the internet, over OpenVPN based VPNs, protecting you from monitoring.

    Psiphone

    License: FOSS (GPL v3) / Requirements: Android 4.0 and up.

    Details: helps you to try and circumvent censorship and monitoring by tunneling your internet connection over a number of different encrypted tunnel types such as VPNs and Proxies.

    Tor Browser for Android

    License: FOSS (3-clause BSD) / Requirements: Android 5.0 and up.

    Details: is the only official mobile browser supported by the Tor Project.

    2.6. Others

    Applock

    License: Proprietary License / Requirements: Android 4.0 and up

    Details: Allows you to password protect apps on your phone so that they can not be run with out entering the correct passphrase. For example protect your Mail app with additional passphrase.

    Haven

    License: FOSS (GPL v3) / Requirements: Android 4.1 and up

    Details: is an Android application that leverages on-device sensors to provide monitoring and protection of physical areas. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders.

    Obscuracam

    License: FOSS (GPL v3) / Requirements: Varies by device.

    Details: is a free camera application for Android devices that has the ability to recognize and hide faces. It allows you to blur or delete the faces of those you photograph in order to protect their identities.

    OsmAnd

    License: FOSS (GPL v3) / Requirements: Android 4.0.3 or newer

    Details: is an offline navigation application with access to the free, worldwide, and high-quality offline maps using OpenStreetMap Data.

    Parallel Space

    License: Proprietary License / Requirements: Varies with device

    Details: Makes apps invisible on device through Incognito Installation.