Mobile Device Support - Android Phone Security Recommendations

Navigation

Select a link below to jump to that section:

Update Operating System to the Latest Version

Android devices ship with various versions of the operating system, determined by both the selected carrier and handset manufacturer. New versions of the Android operating system frequently address security vulnerabilities in addition to providing bug fixes and adding new features. Not all devices will support the most recent version of Android and not all carriers will make upgrades available for all handsets, even ones that are capable of running the newer software. Upgrade to the latest available and supported version for your device.

Back to Top

Do Not Root the Device

"Rooting" an Android device often takes advantage of known vulnerabilities in the operating system to disable the security controls. Once these security controls are bypassed, any application can have the ability to break out of its sandbox and act maliciously (perhaps unintentionally).

Back to Top

Do Not Install Applications from Third Party App Stores

Google manages applications distributed through the Google Play store and has the ability to remove malicious applications both from the store when discovered and directly from any devices that have installed the applications from the Google Play store. Installing applications from other sources is riskier since you have no way of knowing how the stores are managed and whether or not the applications available in it can be trusted to not be malicious in nature.

To disable application installation from unknown sources:

  1. Press the Menu button
  2. Tap System settings
  3. Tap Security
  4. Scroll to Device administration
  5. Uncheck Unknown sources

Back to Top

Encrypt the Device:

When enabled, Android uses your passcode or password to generate an encryption key that is then used to encrypt the device. This passcode/password is then required every time the device is powered on. This protects the data stored on the device from unauthorized access in the event that it is lost or stolen. The encryption process may take an extended amount of time, depending upon the amount of storage in the device. The device needs to remain plugged in and the encryption process should not be interrupted.

To encrypt a device:

  1. Press the Menu button
  2. Tap System settings
  3. Scroll to Personal
  4. Tap Security
  5. Scroll to Encryption
  6. Tap Encrypt [device]
  7. Tap Encrypt [device] again
  8. Enter lock screen passcode or password when prompted
  9. Tap Continue
  10. Tap Encrypt [device]

Back to Top

Disable Developer Options

Android provides a number of features that allow developers to interact with the device through the built-in USB power/data port to change its behavior, read and modify local storage, and issue commands. When enabled, it is possible to completely control a device through this interface. These features should be enabled only as needed and only for the duration required for testing.

To disable developer options:

  1. Press the Menu button
  2. Tap System settings
  3. Scroll to System
  4. Tap Developer options
  5. Uncheck USB debugging
  6. Uncheck Stay awake
  7. Uncheck Mock locations

Back to Top

Use an Application or Service to Provide Remote Wipe Functionality

The intent with this is to ensure that if the device is lost, the data can be erased remotely. There are a few ways to accomplish this with Android:

  • MS Exchange Server has the ability to remotely wipe devices. Work with your MS Exchange server administrator to enable this feature.
  • Google Play provides this functionality through the free Android Device Manager (link) service.
  • Many third party applications provide this functionality. Some options include:
    • Norton Mobile Security,
    • Wave Secure,
    • Lookout,
    • Security Shield, and
    • Theft Aware.

The exact feature set of each application varies; some do much more than just provide remote wipe functionality. At a minimum, users should look for the ability to:

  • lock the device remotely,
  • wipe the device remotely, and
  • wipe the device after too many failed unlock attempts

when evaluating products for this requirement.

Back to Top

Enable Android Device Manager

Android Device Manager (link) is a free service provided by Google that allows users to track and remotely lock or erase an Android device. A free Google account is required to use this service. If a device is lost or stolen, having this service enabled may allow the owner to find and recover the device with the assistance of the University Police department . Even if recovery of the device isn't possible, the ability to remotely erase may protect any sensitive data that was stored on it.

To enable Android Device Manager:

  1. Press the Menu button.
  2. Tap System settings.
  3. Tap Security.
  4. Scroll to Device administration.
  5. Tap Device administrators.
  6. Check Android Device Manager.
  7. Tap Activate.

Back to Top

Be Wary of Unknown SSD Cards

Use antivirus to scan SSD cards before accessing or saving data to SSD.

Back to Top

Print Article

Related Services / Offerings (1)

Mobile Device Support