Encrypting Your Device
Encryption is a process which encodes your private data on a device, so that it can’t be read by anyone unauthorized. Once you encrypt your Android Smartphone, any new data becomes encrypted automatically. Decrypting takes place automatically for you as well.
Android has two methods for encrypting your device:
Full disk encryption on Android (5.0 and up)
According to Google, “full-disk encryption uses a single key—protected with the user’s device password—to protect the whole of a device’s user data partition. Upon boot, the user must provide their credentials before any part of the disk is accessible.” This is secure, but when you reboot your phone, your data isn’t accessible until your credentials are entered. Which means, things like alarm notifications and phone calls can’t take place.
File-based encryption on Android (7.0 and up)
Secure Messaging on Android
The Secure Messaging Scorecard by the Electronic Frontier Foundation (EFF) is a great resource for evaluating all the complex ways a messaging service can be secured or unsecured. There are a lot of factors to take into account, and if you’re not a security expert, you may not have considered something like whether or not your messages were encrypted during transit. Nevertheless, these details are still very important.
Their scorecard evaluates messengers based on the following criteria:
- Encrypted in transit?
- Encrypted so the provider can’t read it?
- Can you verify contacts’ identities?
- Are past comms secure if your keys are stolen?
- Is the code open to independent review?
- Is security design properly documented?
- Has there been any recent code audit?
With these factors in mind, there are many apps which meet all the criteria on the scorecard. Since security and usability are often at odds with each other, some apps which meet these criteria aren’t the most user-friendly or widely adopted.
Enable Two-factor Authentication on Everything
Two-factor authentication, also called two-step verification, requires two authentication methods, like passwords, PIN numbers, fingerprints or physical access to your cell phone. This method of securing your accounts works on many services, and you may already have used it with your online banking platform. 2FA, as it is sometimes known, even works with various social media platforms to prevent other people from hijacking your online identity. Facebook, Twitter and LinkedIn all have the feature. Major payment platforms like PayPal and cloud storage services like Dropbox also usually support 2FA. And, very importantly, you should enable it on your Google Account as well.
We’ll discuss more on android device security and other features soon.