Android security considerations and 4 tips for a safer Android phone

You could call mobile devices the new frontier for malware. Malware can infect mobile devices in a variety of ways such as through an app, phishing email, or SMS text message. Common types of mobile malware include ransomware, worms, trojans, and spyware.

How secure is the Android operating system?

Android’s operating system has layers of protection which make it quite secure, and it requires a user to provide permission for nearly all functions which could compromise your system or data. However, it can also be vulnerable to malware because of the openness of its platform.

The flexibility that makes for so many awesome apps has the slight downside of leaving some security vulnerabilities open. But fear not. It’s possible to help protect your Android device by adjusting the security settings for your device and your apps, and taking a few easy steps.

Common Android security threats

All sorts of malware and other security threats target Android phones and the Android operating system. Here are some of the most common Android security threats to consider.

Man-in-the-Middle attacks

A man-in-the-middle attack is a vulnerability that can be found on unsecured networks. This kind of threat requires three players: the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who’s intercepting the victim’s communications. The goal of these types of threats are usually to steal information.

Mobile ransomware

A cybercriminal can use mobile ransomware to lock a device and demand payment to unlock the device or return the data to the user. Victims usually are tricked into downloading mobile ransomware through social networking schemes, phishing scams, fake text messages, or by clicking on pop-ups containing embedded viruses. Victims may think they’re downloading innocent content or useful security software.

Useful Android security settings

Android phones come with useful security settings built into the operating system that can help you surf the web, download content, and protect your device with ease. In addition to the security settings, most Android phones come with the Smart Lock suite, which allows you to unlock your phone in different ways, including On-Body Detection, Trusted Places, Trusted Face and Trusted Voice Recognition.

Google Play Protect

Google Play Protect is Google’s built-in malware protection for Android devices. It scans apps in the Google Store daily to verify they remain free from malware. It also identifies and removes malicious apps from the store before they are downloaded onto devices. Every app and developer is vetted before their apps are available in the Google Play store. Google Play Protect can also automatically scan your apps for malware before and after you install them.

Safe Browsing in Google Chrome

The Safe Browsing feature in Google Chrome and other web browsers helps protect against websites that contain malware or phishing content.

On-Body Detection

Google’s On-Body Detection feature detects if you have your device on your person or in your hand and will keep it unlocked. Once you put your phone down, it will automatically lock. However, it cannot detect if your phone is passed to another person.

Trusted Places

The Trusted Places feature allows you to configure your phone settings so it remains unlocked while you’re at home or in other locations you enable.

Trusted Face Recognition

This feature, part of Android’s Smart Lock suite, allows you to unlock your device with facial recognition.

Trusted Voice

If your device has voice detection set up, you can use this feature on your phone to unlock when it hears a trusted voice.

Here’s what to do to turn on the Android Smart Lock suite of features mentioned above:

  1. Go into Settings > security or Lock screen and security > Advanced > Trust agents and make sure that Smart Lock is turned on.
  2. Under settings, search for Smart Lock.
  3. Tap Smart Lock and enter your password, unlock pattern, PIN code, or your fingerprint.
  4. Then you can enable On Body Detection, add Trusted Places and Trusted Devices, and set up Trusted Voice.

3 Steps to help enhance your Android device security

Step 1: Read all app requirements before installing an Android app

Before downloading an app, read its permission list, which lists what parts of your device the app wants to access. In addition to understanding what the app wants to access in your device, always check out the privacy policy. What kind of data does the app want to collect and, if it plans on keeping that information, how will it be stored and secured? And what will they do with it; some apps sell info to third-party marketers.

Step 2: Ask, ‘Is the Android app reasonable?’

Once you have reviewed the app’s permission list, consider the app’s requests — do they seem reasonable for the app’s purpose? For example, does a game app really need to access your contacts? If so, what’s the reasoning? Does the game use social sharing? Otherwise, you may not be comfortable allowing this level of access to your personal information.

Step 3: Check the apps installed on your Android device

Review the apps already installed on your phone and check for excessive permission requests or settings.

To see the permissions given to an application after it’s already been installed:

  1. Open your devices’ main Settings app.
  2. Depending on your device model, tap on Apps or Application Manager.
  3. Select an app.
  4. Scroll down to "Permissions."

Step 4: Install and use reputable anti-malware software on your device

Reputable anti-malware software, such as Norton Mobile Security for Android, can help deliver powerful, effective protection for your Android device and personal information against new and emerging mobile cyberthreats and online scams.

Victim of a data breach? LifeLock monitors for identity theft and threats.

Norton joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections and identity.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.