Android doesn't rival BlackBerry when it comes to security and enterprise support. But Android devices can still be reasonably secure. Here are some tips to help you protect your investment, privacy, and data.
Android supports screen lock protection that requires a numeric pin or pattern to be entered before the device can be used. Though Android devices currently don't encrypt the files and data, this can still be a great way to keep out casual snoopers or thieves. However, you must enter this pin or pattern every time you use your phone, or after each time the screen goes black and locks.
If you find that too time consuming or annoying, consider using Unlock With WiFi. It will at least prevent you from having to keep entering pin or pattern while connected to your home or work Wi-Fi network — usually a safe place where your phone won't be stolen. Use it free with one Wi-Fi network or pay $3.99 for the full version, which can also automatically turn off GPS while on the network — saving battery power.
If you have a corporate Exchange email account on your phone, you might actually be forced to use screen lock protection via security polices set by your company. This means you also can't use apps like Unlock With WiFi.
If you think protecting your entire phone is overkill, you can protect individual apps (like Email, Calendar, Settings, Market, etc) using third-party app protectors. Here are two you might consider:
Application Protection (Free): This lets you protect an unlimited number of individual apps with a password of numbers or a pattern like the Android system supports. It's a relatively simple app protector. But you can configure whether to always prompt for the password/pattern, unlock the individual app until the phone is locked again, or unlock all protected apps until the phone is locked again.
You can input your email address so you can get a message with the correct password if someone has incorrectly guessed your password 10 or more times. This is helpful to alert you that someone is trying to guess your password or if you actually have forgotten it yourself.
Smart App Protector (Free or $1.50): This also supports number passwords (eight digits) or patterns. The free version lets you protect up to five apps in addition to the Market and Package Installer apps to protect against tampering. The free version also limits you from unlocking all protected apps when entering the password/pattern for one. But you don't have to re-enter the password/pattern for the same app in a given period of time, or until the phone is locked.
You can configure the amount of incorrect password/pattern attempts before you can try again. You can customize the app lock screen background. You can even set a time frame to limit when protection is active.
This app also provides some bonus features. You can prevent the screen from turning off when using select apps or auto-rotating.
If you only want to protect a few apps, you can probably get away with using the free version. Consider purchasing the Pro version if you need to protect more or you want to only enter the password/pattern once to unlock all protected apps.
Unlike iOS and BlackBerry, most Android devices on the market today don't support full storage encryption, which can keep your data secure from the most determined thief. In Android 3.0, an API was added to the platform to help developers use encryption. Thus in the near future we should see more encrypted Android devices. One developer, WhisperCore, already offers a free beta version of an app for Nexus S and Nexus One devices.
Given the lack of encryption (and other enterprise-type features), many businesses are hesitant to support Android for corporate email usage. However, this app helps to at least secure your sensitive work data:
Exchange for Android ($19.99 after free trial): Although Android natively supports Microsoft Exchange for corporate access to email, calendar, and contacts, this app adds many more features and improved Exchange support. The native Exchange feature in Android supports SSL encrypted communications between the device and server, but doesn't keep the data on the device encrypted. Thus the data can potentially be recovered by a determined snooper or thief. This app can encrypt the sensitive Exchange data stored on the Android device and can be enforced by security policies set by the network administrators.
Malware, Theft, and Lost Protection
Mobile devices are becoming more like computers, thus becoming more vulnerable to viruses and other malware. Android is even more susceptible than other platforms due to the openness of the platform and App Market and its multitasking capabilities. Therefore you'll find many antivirus and security apps for Android. (Laptop theft gives 85,000 doctors the blues.)
Mobile devices can also be easily misplaced or stolen. Most security apps include antitheft and locating features to help find your device and protect it in case it gets into someone else's hands. Additionally, some security apps provide backup capabilities of your important data in case it's not recovered.
Here are two security suites you might consider using to protect your gadget and the data on it:
Lookout (Free or $2.99 per month or $29.99 per year): The free version provides malware protection, backup of your contacts, and map/sound locating. The premium service adds Web browsing protection, backup of photos and calls, remote lock, and remote wipe. It also adds Privacy Advisor that shows which apps can access your personal data, such as contacts, location, SMS text messages, and identity info.
Both the free and premium services give you Web access to their online dashboard. There, you can review and change the app settings, access your backed up data, locate your phone on a map, and perform other remote locating/protecting tasks.
Though there isn't a specific SIM card protection feature, if the card is changed, you can see the new phone number online.
AVG Antivirus (Free or one-time $9.99): The free version provides malware and Web browsing protection. It supports backup of contacts, text messages, bookmarks, calls and system settings. It offers all the basic anti-theft and locating features for no charge: map and audio locator, remote message, lock and wipe.
SIM card protection is also provided. You'd receive an e-mail alert if the SIM card is changed. Though you won't see the new phone number, you can see the serial number on new SIM card.
Though you can't change the app settings via the Web interface online, you can locate the device on a map and use the other remote features. It also offers simple remote application management, which makes it quick and easy to uninstall apps you don't want anymore.
You can also initiate the remote locating/anti-theft features via texting commands from another mobile phone as well. This is great if you don't have a PC with Internet around.
The Pro edition adds SMS and spam protection, an app locker, and backup of your apps.
As with PCs, another security concern is how your passwords are stored by the browser. A determined snooper or thief could potentially recover passwords from your Android. But there are apps and browsers that can store and/or retrieve your passwords using encryption, so not even a hacker could get to them. Here are some solutions:
LastPass ($12 per year after free trial): Though LastPass offers a free service, using its mobile apps requires the premium service. It works in conjunction with the other LastPass mobile and PC apps, so you'll have the same login credentials and form details stored for both PCs and mobile devices. It also supports the storage and auto fill of form data (name, email, address, credit card details) and secure notes.
LastPass installs a new Web browser, which you must use to access your LastPass account and the stored credentials. One big disadvantage of using this browser is the lack of a bookmark feature, which is provided by the native Android browser.
If the LastPass browser doesn't cut it, consider installing Dolphin Browser HD and its LastPass add-in or Firefox Mobile and its LastPass add-in. Though the browsers are free, the add-ins still require the premium service of LastPass.
Firefox Mobile (Free): You could install the free Firefox Mobile browser and — until they add native support — use its Password Manager add-in to password protect and encrypt stored passwords. The first time you visit a website that needs a password stored by Firefox you'll be prompted for the master password, and then it will fill-in the stored password.
You can also use Firefox Sync to synchronize your passwords, history, bookmarks, and tabs between all your computers and mobile devices.
Remember, the first layer of protection is setting a PIN or pattern; or at least locking your sensitive apps with a third-party app protector, such as Application Protection or App Locker II: Fake Crash. It's best to go a step further and encrypt sensitive data, such as your work email using Exchange for Android. Plus keep your eye on WhisperCore and other apps to come that will provide full device encryption.
To be better protected in case your Android device gets misplaced or stolen, you should use an anti-theft and remote locator app, such as Lookout or AVG Antivirus. These can also help combat viruses and malware that will likely become more prevalent on mobile devices.
Last but not least, you should secure your website passwords with an app like LastPass or Firefox Mobile with the Password Manager add-in.
Geier is the founder of NoWiresSecurity, which helps businesses protect their Wi-Fi networks with a hosted RADIUS/802.1X service. He is also a freelance tech writer — become a Twitter follower or use the RSS Feed to keep up with his writings.