Skip to main content

Five steps to keep your Android phone secure

3. Control your communications

You can encrypt SMS messages with the open source app TextSecure, which can encrypt SMS stored locally on your phone. However, to send encrypted messages over the air, the recipient must also have TextSecure or they'll receive unencrypted messages.

Before you can send messages you'll have to create a secure connection with the recipient's device by exchanging keys. TextSecure will send a message to the recipient, whose TextSecure app will automatically respond with a message to establish a secure connection. From then on you send and receive encrypted messages.

To keep your calls safe you can use free RedPhone app for free, which makes encrypted calls over the internet. There's also SilentPhone, which is developed by Phil Zimmerman (who gave us OpenPGP for securing email and ZRTP protocol for securing VoIP calls). The SilentPhone app works on multiple mobile platforms but comes with a $10 (about £6) subscription fee.

Both these solutions create encrypted calls. However the person at the other end of the line must be using the same app.

Android security

You might trust the person you are texting, but do you trust your phone?

To encrypt email messages on your mobile device you need the Android Privacy Guard (APG) app, which is an open source implementation of OpenPGP. You'll also need the K-9 email app, which integrates seamlessly with APG.

To use these apps, first launch K-9 and configure it to connect to your email server. Then launch APG and tap the menu button, which brings up the option to manage private keys and public keys. You can export these keys from the desktop and import them into APG. Once the keys are imported, K-9 will display the option to sign and encrypt messages when you write a new email. Conversely it will let you decrypt emails when you receive a new encrypted message.

For encrypting instant messages, you'll need the open source ChatSecure app. The app uses the OTR protocol to enable secure chat sessions over XMPP accounts. Using the app you can have secure chats with your friends over popular networks including Google Talk and Facebook on any OTR compatible client including Pidgin, Adium, and Jitsi.

4. Secure your device

Locking your phone is one thing, but it doesn't help when you want to hand over an unlocked device to someone but still keep some things private.

You can use Screen Locker to lock your screen before handing the phone to someone else. The app disables all forms of inputs and prevents the users from viewing anything other than what's on the screen. You can then enter a preset pattern to unlock the device.

Privacy Master Free will lock access to apps and can also fake a crash to prevent an app from launching. You can also block the task manager as well as USB connections.

Samsung Galaxy S5

If a secure lock screen isn't enough you can also use add-ons to password protect your apps

AppLock app has, along with the ability to block access to apps, two separate vaults where you can hide photos and videos. The app can also prevent toggling of settings such as WiFi. One of the best features is its ability to create lock profiles. So you can create a list of apps you want to lock when you in the office, and another set when you're with the kids. You can trigger the locks based on time or location.

Applock can also randomly rearrange its numeric keyboard to prevent others from figuring out your password by following your fingers. It also allows you to hide the app from the application drawer to keep its existence on your device a secret.

5. Encrypt your data

The key to securing your phone against any sort of surveillance is end-to-end encryption. Encryption safeguards data against any kind of snooping by making it unintelligible to anyone without the correct decryption keys.

However, there are some caveats involved with the process. For one, encryption is a one-way process, which is to say that once turned on there's no mechanism to turn off the encryption. You'll have to reset your phone to factory settings and lose all your data. Make sure you securely back up your data before initiating the encryption process and don't interrupt the process - if you do you'll lose the data and render the device unusable.

Android security

Encrypting your smartphone means information will be scrambled unless you have the correct decryption keys

When using the standard Android encryption service make sure you have already set up a lock screen PIN or password. Android will use it as your decryption key. To begin encryption, head to System Settings > Security > Encrypt device. When it's done you'll have to enter the PIN or password each time you boot your phone.

Instead of encrypting the whole device, you can also choose to encrypt selected files. One of the best apps for this purpose is SSE Universal Encryption. The app has three modules: the Password Vault module allows you to safely store passwords and organise them into folders. The Message Encryptor module encrypts snippets of text. But the most interesting option is the File/Dir Encryptor module. It lets you pick a file using the built-in file browser and then encrypts it.