Essential security for Android phones to stay safe

Should you install antivirus on your Android phone? What security precautions are necessary on your mobile? How risky is it to use Android devices? This is what you must do to stay safe.

These are questions that many people ask and the answers are complicated. There is certainly malware for Android but how much of a risk is it? What are the chances that you will be affected by malware, scams, spyware and so on?

Security depend a lot on you, the user, and how you use your phone and not just whether you have an Android antivirus app and other security software installed. Your mobile activities can be risky or safe, you can avoid malware or hit it head on, depending on what you do on the device.

Learn how to avoid malware and security issues.

1 Stick to the Google Play store

One of the most risky activities you can engage in is to install apps from outside of the Google Play Store. Google’s store is not perfect and is not as tightly controlled as Apple’s for iPhones and iPads, but apps that are in the store have at least had some checking to make sure they are safe.

If and when problems with apps are detected, they are fairly quickly ejected from the store. Are the apps on your phone still in the store? If not, they could have been banned because of a security or privacy issue.

Google Play Store is the safest place to get apps for Android phones, tablets and other devices.

Normally you cannot install apps from outside of the store, such as by na website download, but a simple change in the Settings app on a phone allows this. Some people go to Settings > Lock Screen and Security and turn on the switch next to Unknown Sources (menus vary with Android versions). This enables them to install apps from links on websites, via emails, and so on.

The problem is, and it is a serious one, that there may be few checks as to whether the app is safe. Apps in alternative stores may contain malware – do you know if the store even checks the apps? Even if it does check, how thorough is the process?

Some alternative sources of apps list cracked apps, which are paid apps hacked to make them free. However, the hacker may have added some extra code of their own, such as malware, adware, or spyware.

Avoid alternative app stores to stay safe.

2 Scan your apps for malware

The Google Play Store app includes a malware scanner and it should be enabled, but is it? Best check.

  1. Open the Google Play Store
  2. Tap the menu button
  3. Press My apps & games
  4. At the top is the latest scan results and time it was performed

If you do not see this notification at the top of My apps & games, enable Google Play Protect.

Google Play Store built in malware scanner for Android

  1. Open the Google Play Store
  2. Tap the menu button
  3. Press Play Protect
  4. At the bottom, enable the two switches, Scan device for security threats and Improve harmful app detection

Scans are usually daily and they do not have any noticeable effect on the phone because it works in the background.

3 Avoid new or low-use apps

Some bad apps have found their way into the Google Play Store in the past by sneaking past the security checks and no doubt it will happen in the future. How do you avoid them?

Bad apps tend not to stick around for very long because sooner or later their bad behaviour is discovered. The apps are then removed from the store. For this reason, be wary of new apps and those with very low numbers of installs.

If a million people have installed an app (the number is shown on the app page in the store), and no-one has reported anything bad about it, you can be as sure as you can that it is safe.

If only a few hundred or a even a few thousand have installed an app, then treat it with suspicion. It may be fine and it may be a great app, but you cannot be 100% certain it is safe.

Mature apps with many users are usually safer than new and untested apps.

4 Read the app reviews

It is useful to read the app reviews in the store to see what other people are saying about it. Sort the reviews with the most recent first rather than the default Most Helpful, otherwise you might miss comments on the latest version which might have fixed problems or even introduced them.

5 Should you use Android antivirus?

There are many antivirus and malware scanning apps in the Google Play Store. Some of them are excellent but some are not. The problem is that it is not possible for ordinary users to determine which apps are useful and which are not. Is an app protecting you or does it have security flaws itself?

A few security apps are actually scams themselves and they claim to find problems and tell you to pay for the full product in order to fix the them. If  a dodgy app finds a problem, it can be difficult to tell a scam from the real thing.

Be cautious about the developer’s security claims and check websites that specialize in testing security software like these:

Both of these reports say that Google Play Protect, the malware scanner in the Google Play Store app, was the least effective of apps tested. It offers some protection, detecting around 52% of malware according to AV-Comparitives, but it is far from perfect. It may have improved since then and hopefully it is better.

Bear in mind that getting malware into the store in the first place is difficult, so a security scanner is a second line of defence. Also be aware that it does not protect so well from other threats and malware outside of the store.

There are many types of malware and security threats, and many different ways in which the phone can be exposed to them. For this reason, there are also many ways malware and security tests can be performed. The results of one test do not always perfectly match the results of another and there are some differences between AV-Test and AV-Comparatives results. When looking for antivirus and malware protection for your Android phone, it is best to choose a product that does well for both testing companies.

Bitdefender and Trend Micro Android security apps did well on both tests for example.

Scan Android phone for malware with Trend Micro security app

There are dozens of security apps for Android that do not appear in these tests, which are really quite limited. We cannot know how good they are and they may be excellent or not worth installing. Until they appear in a security test by a reputable testing company they should be treated with suspicion.

Antivirus apps use some battery power, so the phone will not last as long on a charge. Mostly they use very small amounts of battery power and are not something to worry about, but a few apps use a lot of power. AV-Test and AV-Comparatives show the good and bad apps.

6 Use a VPN for Android phones

Security threats are not only from within apps on the phone, they also come from external sources. A phone travels everywhere with you and it will automatically connect to wireless networks.

If you are at a public Wi-Fi hotspot you might want to check your email, browse the web or update your social networks. These activities can be spied upon when using public Wi-Fi and you need to take care. Never bank or shop on your phone without a secure connection.

A good way to increase the security of your phone is to install a VPN. Visit the VPN provider’s website and sign up (avoid free VPNs). You can then download the VPN for your computer, tablet and phone. Often up to five devices can be protected with one VPN subscription.

NordVPN app for Android phones adds security and privacy

As with other security software, there is a large number of VPN apps in the Google Play Store and it is hard to know which to choose. Here are three that I recommend and have used.

Tip: Avoid paying monthly for a VPN, the best VPN deals are on the long term plans.

7 Check the security settings

Open Settings on the phone and then go to the security section, it is called Lock screen and security on some phones (different phones and Android versions have slightly different menus).

There are several options here that increase the security of the device and the phone can be locked with a password, fingerprint or PIN. This is essential for a device that is carried in public places and can be lost or stolen. In fact, some features, such as Google Pay, require the phone to be locked. (Don’t remove the lock or Google Pay will stop working.)

There are options in the security section to show information on the lock screen and putting your name and email or home phone number on it might help if you lose the phone and someone finds it. They will naturally power on the phone and will see your contact information – ‘If you found this phone, call XYZ’ or something similar.

In the security section of the Settings app is the option to allow installation of apps from unknown sources. The phone is much safer and more secure if this setting is off.

Encryption is an option on all modern phones and this scrambles the contents of the phone so that only you can access its contents. A thief or anyone else that accesses the phone cannot make sense of the scrambled data and this protects it from unauthorised access. Enable encryption for the device.

Find the Device Administrators and see what apps are listed. These can access parts of the phone that are off-limits to ordinary apps. Make sure that only trusted apps are set as Device Administrators.

8 Remove unused apps

Apps that are never used should not be left on the phone. Apart from using up storage space, memory and battery power, they could be exploited by hackers if they contain security flaws.

An app may be sold and the new owner could update it with malicious code, which then gets pushed out to devices as an update. Don’t risk it, delete unused apps.

9 Check app permissions

Apps may request more permissions than they actually need. Review the permissions each app has and adjust them if necessary to limit what they can access. Stop them from accessing personal information like contacts and messages if they don’t actually need to.

Open Settings and press Apps. Tap an app and then press Permissions to see and adjust what an app can do. Disable all but the essential permissions for an app.

10 Emails and texts

Email and text messages are used by scammers to try to trick you into revealing passwords and login details, and they may try to redirect you to malicious websites or get you to install malware on the pretense that it is some essential utility.

Be suspicious of emails and text messages from unknown senders that you are not expecting, especially if they try to get you to tap links, install things or reveal login details. Security software can help with these, but you make the biggest difference.

Be wary and avoid email and messaging scams.

11 Turn off Wi-Fi and Bluetooth

As you walk around with your phone, it will automatically connect to Wi-Fi and Bluetooth networks and this is a slight security and privacy risk. For maximum security and privacy, don’t let it do this.

Turn off the Wi-Fi and Bluetooth in the Settings app. There may be a shortcut to do this on your phone that makes it easy to toggle these radios on an off.