The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change the privacy and security settings on their Android devices. As we become more reliant upon mobile devices to store, access, and manage our personal and sensitive data, it has become increasingly important to properly secure these devices and maintain awareness of which settings and apps could compromise our privacy.
Lock Your Phone
This is one of the most important steps you can take to secure the data within your mobile device and prevent unauthorized access. For Android devices, there are multiple ways to lock your device.
On your Android device, go into the app menu and find Settings and then select the Lock Screen and Security option.
On the following menu, the Screen lock type selection provides users with several options to lock and unlock their devices including swipe, pattern lock, PIN, password, fingerprint and, for some newer phones, facial recognition. Any of these options will help provide some level of security; however, choosing a lengthy PIN or password, or using a biometric option is recommended.
To protect the data stored on your Android device such as contact information, emails, pictures, and SMS messages, enable the encryption option. This will encrypt all of the data stored on your device, preventing anyone who does not have the passcode from being able to view the data even if it is extracted from the device using malware, external hardware, or data recovery software. In some devices, users can enable a setting designed to erase all data on the device if the incorrect passcode is entered too many times.
In the Settings menu, locate Lock Screen and Security and then Secure Startup. Depending on the type of Android device you are using, this feature may be located under Storage > Storage Encryption or Storage > Lock Screen and Security > Other Security Settings.
You will need to follow all of the on-screen instructions in order to begin encrypting the data on your device, and it may need to reboot several times during this process.
Reviewing App Permissions
Before you download and install a new app onto your Android device, do you carefully scrutinize what permissions and device access that the app requests? Does it request access to your device’s camera or microphone? Does it ask to access the contacts stored in your device or request permission to read your SMS messages? Is that access required for the app to work properly according to its advertised function? If not, the app could be using that access to harvest your data without your knowledge. As privacy and data protection is becoming an increasing concern for many, it’s important to know how to access, view, and change the permissions settings within your device.
In Settings menu, select Privacy and Emergency and then App Permissions.
You will see a list of permissions available to installed apps, along with the number of apps that are currently granted those particular permissions. Select each permission in the list to view what apps have access and, to grant or revoke access to any app, simply toggle the on-screen switch to your desired setting.
- Android provides information on their Android Security Center page.
- Information on Android’s Google Play Protect can be found here.
- Android users are encouraged to visit the NJCCIC Android Malware page to learn more about threats facing devices running the operating system.
The NJCCIC recommends all Android users regularly review their device security and app permission settings to prevent unauthorized access and the theft and misuse of personal and potentially sensitive data.