Despite the best efforts of manufacturers, some Android devices are notoriously insecure. But you can reduce any risks you’re running by paying close attention to what you download, and only installing apps available via the official Google Play store.
You can also protect your Android device from the likes of hackers and thieves by enabling encryption on your phone or tablet – if you haven’t done so already.
There are also a number of apps that can be used to keep data safe on your Android device, as well as conceal your web traffic. We’ll be exploring 10 of our top picks in this article.
All these apps are free to download, though some may contain in-app purchases.
Kyms (which stands for ‘keep your media safe’) disguises itself as a normal calculator. On your home screen it even names itself ‘KyCalc’ and it can be used to do your sums. Entering a special four digit PIN and password, however, opens an encrypted vault, where you can store text images and videos.
Kyms also has a built-in web browser and can download online videos straight into the vault. There’s even a utility to transfer media to and from other devices over your network.
Naturally anyone who enters the name of the app into the Google Play store or examines its size on your system will know this is more than a simple calculator. But even then, they won’t know the password details (hopefully!).
FrozenChat makes use of OTR (Off the Record) messaging to keep your conversations safe. Anything you type is encrypted before it leaves your device, meaning you can talk freely. The app is open source, so the code is available online meaning that security experts can check it for vulnerabilities.
Unlike other messaging programs such as WhatsApp, FrozenChat doesn’t rely on a central server for chatting but supports the open XMPP standard. This is really good for your privacy as you can register an account with any of the thousands of public XMPP servers available worldwide.
Orbot has been developed by the Guardian Project as a way for your Android device to access the Tor network. When used along with its companion app, the Orfox browser, this lets you browse the web safely without worrying about sites tracking your location, as your connection is encrypted and routed through several different computers.
For extra security, use Tor hidden services. These are websites with the domain extension .onion which reside only in the ‘dark web’. For instance Facebook’s address is http://facebookcorewwwi.onion.
Do note, though, that as your data is being shunted through a number of computers, you may find your connection speed is much slower than usual. Such is the trade-off for tight privacy.
Major search engines like Google and Bing sometimes engage in leakage whereby your search term may be shared with third-parties like the sites you visit. They also often save your search history with a timestamp and details of your device, meaning searches can be traced back to you. Sometimes they place virtual cookies on your device to record your search habits.
DuckDuckGo works as a drop-in replacement for your default search engine. Searches do not leak to other websites and this engine records no information about what you look for. It’s also ad-free. DuckDuckGo is compatible with Orbot (above), so you can hide your location from the sites you visit, too.
5. FreeOTP Authenticator
Many major websites like Facebook allow you to secure your login with two-factor authentication. With this, whenever you log in from a new device and/or location, you’ll be asked to enter a special code (usually sent to a specified mobile) as well as your password. This means that someone can pinch your password, but still be unable to log in because they don’t have this second piece of information, so your data is much safer.
FreeOTP Authenticator is able to generate these two-factor codes for a wide range of services. Google has its own Authenticator app, but as it’s not open source, there’s no way for security experts to check the code used is safe, which is why we recommend this effort instead.
This app is an Android version of the excellent password manager Keepass. Version 2 supports using key files as well as passwords, which is more secure. The password database can be stored on a remote folder (for example, in your Dropbox account) so you can access it both from your Android device and desktop computer.
If you prefer to keep your password database on the Android device only, there’s also an offline version of this app – click on the second of the download links below.
You can use Android’s copy/paste feature to enter passwords for any number of websites if you wish, or make use of Keepass2Android’s built-in keyboard to enter passwords, which is safer.
As the name suggests, Syncthing is used to synchronise (or ‘sync’) files between two devices, for instance you can use it to back up photos on your Android device to your home computer.
After installing the Android app and setting up Syncthing on a computer, any files or folders you select will be copied between devices via an encrypted connection.
As connections are peer-to-peer, you don’t have to store your data with a third-party cloud service like Dropbox. Plus you can add as many devices as you like to share files between.
Syncthing is open source, so its code can be checked for vulnerabilities by security boffins, and any problems should hopefully get fixed pronto.
8. Firefox add-ons
While the Firefox mobile browser in itself is no more secure than Android’s default Chrome, unlike Chrome you can use browser add-ons to increase your privacy. Once you’ve installed Firefox from the Play store, open the menu and go to Tools > Add Ons > Browse all Firefox Add Ons.
Look under the Privacy & Security section and you can find add-ons such as Ghostery, which prevents websites leaving ‘tracking cookies’ on your device to monitor your browsing habits, and the likes of script blockers and ad blockers amongst many other security-related bits and pieces.
OpenKeychain is an implementation of OpenPGP (sometimes referred to as GPG). It allows you to generate a ‘public’ key which you give to others to allow them to encrypt and send messages to you, and a ‘private’ key which remains on your Android device and is used to decrypt incoming messages. Your private key can also digitally sign messages so people know they’re really from you.
If you’ve never used PGP/GPG before, a good non-geeky explanation of how it works is available here. This app is designed to integrate into the K-9 Mail app to allow for easy signing and encryption of all your emails.
Although you may use a program like OpenKeychain or FrozenChat to encrypt your messages, snoopers can still be aware of who you are and who you’re talking to. Open source app Abit tries to overcome this problem by using the Bitmessage protocol.
Abit supports exchanging messages with other Bitmessage users. It’s virtually impossible for anyone to impersonate you or read messages sent to you, which isn’t the case with ordinary email. You can also participate in group discussions via ‘chans’ using a generic address to hide your identity.
This Android app is still in its early stages and can consume a lot of data, so try to use it over Wi-Fi rather than 3G/4G.