Thursday, March 9, 2017

Android-iPhone-iPad-AnyPad Security Essentials

Although, in the following, I am going to use Android and the example, you can plug in your own personal smartphone operating system and the information will be about the same.

Before reading this, see this overview.
  • Disable app downloads from unknown sources.  (Settings.Security.  Under "Device Administration" is a slider:  "Unknown sources.  Allow installation of apps from unknown sources.") The easiest way to get infected with malware on an Android phone or tablet is to start installing apps from outside the official Google Play app store. 
  • Upgrade to the latest version of operating system that works with your phone.  Identified security issues will have been resolved and the latest security features implemented.
  • Encrypt your device.  The current operating systems have built-in encryption.  For Android, the settings are in Setting.Security, Encryption section.  There are two options:
    1. Encrypt phone.  I don't see a way to change this setting, so your on-board information is encrypted.
    2. Encrypt SD Card.  This has a slider.  You will get a message to OK that gives some warnings:  only future files will be encrypted and various descriptions that say that you won't be able to read the files if you want to read your SD card on another device.  With my Droid, this hardly seems like a problem because I can't remove my SD card.    
  • Download an anti-malware app.   Now that Android malware and viruses are a widely-recognised part of the smartphone world, there are many solutions to combat them. Most of the big antivirus (AV) companies have their own Android anti-malware apps, including Kaspersky, AVG, Avast and Norton. Recommended free Android AV apps include Lookout (where there is also a premium version available) and TrustGo.  Example ratings web page:  http://www.techradar.com/news/top-10-best-antivirus-apps-for-android-in-2017
  • Do not connect to unsecured, unknown Wi-Fi networks. An unsecured Wi-FI network can seem like free internet, but  there is obvious danger.  Imposter Wi-Fi networks can be used to stage a ‘middleman’ attack, where any inputted data can be intercepted by a third party – including passwords and personal details, such as credit card numbers.
  • Install a firewall for use in unsecured Wi-Fi situations.  Even if you know the wifi network you are using, you should have a firewall to provide both inbound and outbound protection.  Most firewalls work as an unlocked app, which is the typical situation for most of us.  A few require the phone to be unlocked.  (When a phone is unlocked, all software and files on the phone are accessible; a locked phone has a security layer that does not allow users to gain access to system software and files.)  Here is a review of some android firewall apps:  https://www.techjunkie.com/best-firewall-apps-android/   I use Comodo Firewall on my laptops, so I prefer using Comodo Android on my smartphone.  It has a complete suite of features. including private SMS.  If you are using a Security Suite, check your Suite to see if it has a firewall and check its settings. 
  • Install a remote wipe/lock app. If an Android device is lost or stolen, it is sensible to have a way to wipe or lock it. There are apps available from Google Play that will do just that, reacting to either a command from a web interface or via text. Popular remote wipe and lock apps include Cerberus and Avast Mobile Security.  Most of the security suites offer this feature.
  • Be aware of SMS threats.  SMS threats are partly responsible for the surge in Android malware. The Obad threat, which was brought to light earlier this year, can send premium rate SMS texts, install other malicious apps and execute other code. If there is mysterious activity on a phone bill, check it is not down to this type of attack.  Several security suites protect your SMS messages.
  • Use the Chrome browser for browsing.  (or optionally Opera) Since Android 4.1 was introduced, phones and tablets have come with the stock Android browser as well as Chrome installed as standard. Chrome is marginally more secure than the stock version, having been subject to fewer publicised insecurities in recent months. It is also likely that Chrome for Android is better supported.  As a benefit of Chrome, if you sign into Chrome itself then the Chrome environment on your phone will be the same as the Chrome environment on all your other devices.  Having identical bookmarks on all environments is particularly convenient.
  • Use your lock screen.  Anyone with a concern about Android security should put some lock screen protection on their phone. Virtually all Androids come with optional security measures pre-installed, accessed in the security submenu of settings.  The latest Androids have a fingerprint reader.  This is very convenient.
  • Install a Password Manager, like Lastpass, that runs on all your platforms.  
  • Stolen phone? Many Apps, including ones installed by your cellphone provider, can locate a lost phone on a map, even if the phone is off.  It works by logging on to the app-related web site.  The site will show either where the phone is on a map or show where it was the last time it was on.  You can wipe your phone.  Some apps will take a selfie to catch the thief.  
  • Install a Router Control App, such as Netgear Genie:  Video
  • Be Aware of Fake "infection" and/or "running out of memory" messages.  These seem to be very common and are associated with legitimate web sites; ie, they show up on the bottom of your phone screen.  For more information, google search "fake iphone android infection lost memory infections".  An example result is:  https://www.onlinethreatalerts.com/article/2014/3/13/your-android-has-been-infected-with-a-virus-tap-ok-to-remove-now-spam-message/

No comments:

Post a Comment

Printfriendly

Print Friendly and PDF