Despite the best efforts of manufacturers, Android devices - whether smartphones or tablets - are notoriously insecure, primarily because of the millions of apps that can be installed freely from Google Play, which has proved to be a breeding ground for all sort of nasty malware and adware.
But you can reduce any risks you’re running by paying close attention to what you download; and only installing vetted and recognised apps available via the official Google Play store. You can also protect your Android device from the likes of hackers and thieves by enabling encryption on your phone or tablet – if you haven’t done so already.
There are also a number of apps that can be used to keep data safe on your Android device, as well as conceal your web traffic. We’ll be exploring some of our top picks in this article. All these apps are free to download, though some may contain in-app purchases.
- We’ve also picked out the best VPNs for Android
A VPN (virtual private network) app is the biggest no-brainer privacy boost you can give to your Android device. VPNs not only hide your IP address from the sites and apps that you use, they hide the sites and apps you use from your internet service provider. They also let you pretend to be in a different location, which is key for unblocking geo-restricted content.
Kyms (which stands for ‘keep your media safe’) disguises itself as a normal calculator. On your home screen it even names itself ‘KyCalc’ and it can be used to do your sums. Entering a special four digit PIN and password, however, opens an encrypted vault, where you can store text images and videos.
Kyms also has a built-in web browser and can download online videos straight into the vault. There’s even a utility to transfer media to and from other devices over your network.
Naturally anyone who enters the name of the app into the Google Play store or examines its size on your system will know this is more than a simple calculator. But even then, they won’t know the password details (hopefully!).
Private Zone uses a smart applock to hide your photos and videos from unauthorized users. Previously sold as LEO Privacy Guard, Private Zone prevent other apps from access your private information.
Additionally, it also provides other features such as a customized lock screen, junk cleaner, as well as allows you to encrypt your files and upload them to Google Drive for safe cloud storage.
There's also a free VPN built in to mask your IP, as well as a private browsing feature which cleans up your private browsing history.
Individual apps can be password protected, and you can configure your settings to take a photo of anyone who tries to unlock those apps without permission.
Orbot has been developed by the Guardian Project as a way for your Android device to access the Tor network. When used along with its companion app, the Orfox browser, this lets you browse the web safely without worrying about sites tracking your location, as your connection is encrypted and routed through several different computers.
For extra security, use Tor hidden services. These are websites with the domain extension .onion which reside only in the ‘dark web’. For instance Facebook’s address is http://facebookcorewwwi.onion.
Do note, though, that as your data is being shunted through a number of computers, you may find your connection speed is much slower than usual. Such is the trade-off for tight privacy.
Major search engines like Google and Bing sometimes engage in leakage whereby your search term may be shared with third-parties like the sites you visit. They also often save your search history with a timestamp and details of your device, meaning searches can be traced back to you. Sometimes they place virtual cookies on your device to record your search habits.
DuckDuckGo works as a drop-in replacement for your default search engine. Searches do not leak to other websites and this engine records no information about what you look for. It’s also ad-free. DuckDuckGo is compatible with Orbot (above), so you can hide your location from the sites you visit, too.
Many major websites like Facebook allow you to secure your login with two-factor authentication. With this, whenever you log in from a new device and/or location, you’ll be asked to enter a special code (usually sent to a specified mobile) as well as your password. This means that someone can pinch your password, but still be unable to log in because they don’t have this second piece of information, so your data is much safer.
FreeOTP Authenticator is able to generate these two-factor codes for a wide range of services. Google has its own Authenticator app, but as it’s not open source, there’s no way for security experts to check the code used is safe, which is why we recommend this effort instead.
This app is an Android version of the excellent password manager Keepass. Version 2 supports using key files as well as passwords, which is more secure. The password database can be stored on a remote folder (for example, in your Dropbox account) so you can access it both from your Android device and desktop computer.
If you prefer to keep your password database on the Android device only, there’s also an offline version of this app – click on the second of the download links below.
You can use Android’s copy/paste feature to enter passwords for any number of websites if you wish, or make use of Keepass2Android’s built-in keyboard to enter passwords, which is safer.
As the name suggests, Syncthing is used to synchronise (or ‘sync’) files between two devices, for instance you can use it to back up photos on your Android device to your home computer.
After installing the Android app and setting up Syncthing on a computer, any files or folders you select will be copied between devices via an encrypted connection.
As connections are peer-to-peer, you don’t have to store your data with a third-party cloud service like Dropbox. Plus you can add as many devices as you like to share files between.
Syncthing is open source, so its code can be checked for vulnerabilities by security boffins, and any problems should hopefully get fixed pronto.
While the Firefox mobile browser in itself is no more secure than Android’s default Chrome, unlike Chrome you can use Firefox add-ons to increase your privacy. Once you’ve installed Firefox from the Play store, open the menu and go to Tools > Add Ons > Browse all Firefox Add Ons.
Look under the Privacy & Security section and you can find add-ons such as Ghostery, which prevents websites leaving ‘tracking cookies’ on your device to monitor your browsing habits, and the likes of script blockers and ad blockers amongst many other security-related bits and pieces.
OpenKeychain is an implementation of OpenPGP (sometimes referred to as GPG). It allows you to generate a ‘public’ key which you give to others to allow them to encrypt and send messages to you, and a ‘private’ key which remains on your Android device and is used to decrypt incoming messages. Your private key can also digitally sign messages so people know they’re really from you.
If you’ve never used PGP/GPG before, a good non-geeky explanation of how it works is available here. This app is designed to integrate into the K-9 Mail app to allow for easy signing and encryption of all your emails.