Is your Android device secure?
The answer is probably… no. Your private data, text messages, browsing history, locations, and even photos are easy targets.
Many Android apps have been exposed as dangerous security threats – infecting devices with malware, stealing your bandwidth, and also exposing your private information to third parties. Google is regularly removing malware-infested apps from the Play store. And many of them are highly rated and trusted by millions of users.
Many people are turning to virtual private networks (VPNs) for added security, privacy, and to access blocked content. But be careful when considering VPN apps for your Android device. One team of researchers found that most Android VPN apps are insecure and dangerous (see the VPN Warning List for examples).
But don’t let that deter you – using a VPN is essential for securing, protecting, and anonymizing your online activity. This is especially important in countries with mass surveillance and internet service providers recording user activity (United States, United Kingdom, and much of Europe).
In this guide we will:
- Delete invasive Android apps that abuse your privacy.
- Setup a VPN on your Android device to encrypt internet traffic.
- Block ads on your Android.
- Secure your SMS messages through encryption.
- Adjust your Android settings for more privacy and security.
Now let’s get started.
Step 1: Delete those Android apps!
Given that most applications are a privacy nightmare, consider deleting everything that isn’t absolutely essential for your life. Here are a few categories of apps you may want to remove:
- Social media (Facebook, Twitter, Instagram, etc.)
- Games (Angry Birds, Words with Friends, Despicable Me)
- Weather (GO Weather Forecast & Widgets)
- Transportation (Uber, Lyft, and other location-tracking apps)
- Messenger/Photos/Chat (Snapchat, WhatsApp, QQ)
- Drawing/photo editing
With bad apps, you might not find out they’ve stolen your data or messed up your device until it’s too late. There are other categories that didn’t make the list above, but the general rule still applies: if it’s not absolutely essential, just delete it.
Step 2: Use your built-in Android VPN configuration
VPNs are rapidly growing in popularity among Android users. A good VPN is arguably the best privacy tool for securing your Android device by encrypting your internet connection. (For a crash course on VPNs, check out The Ultimate VPN Guide and Tutorial.)
When using a VPN on an Android, you have two options:
- Use the built-in VPN functionality on your Android device (recommended). With this option, you will only need to import the VPN configuration files and then configure everything properly in your Android settings. This setup method is very stable and secure – and you won’t have to rely on more apps. The one downside is that it’s slightly more complicated to setup. See this excellent tutorial for setup instructions.
- Use a high quality, secure Android VPN app. Given that most proprietary Android VPN apps are not safe, you should be careful with this option. On a positive note, using a good app is more convenient and easy to use. Here are two that I can recommend:
- VyprVPN for Android – This gives you a very secure, stable, and fast connection with 256-bit encryption. The app also allows you to configure exactly which apps on your device go through your VPN and which don’t. (You can try VyprVPN for free with a 3 day trial and also get 25% off the price of an annual subscription.)
- VPN.ac for Android – This is another good option from the network security professionals at VPN.ac. Like VyprVPN, VPN.ac’s Android app offers excellent encryption, security, and speed.
My personal recommendation is to use the built-in VPN functionality (no app) on your Android with Perfect Privacy. This seems to be the most secure and reliable solution (I don’t trust apps very much). For a VPN app, VyprVPN and VPN.ac seem to be better than all the other options. You could also use the OpenVPN for Android app, which is a basic, open-source solution that can be used with any VPN service.
Important: There are currently many free VPNs flooding onto the market that contain malware, tracking, and other privacy problems. This is especially true for Android devices. See the free VPN guide for a discussion of these dangers.
Step 3: Block ads, tracking, and malware…
Recently there has been an explosion of malware and viruses affecting Android devices. The combination of advertisements and malware is known as malvertising. Online ads are an easy attack vector for the following reasons:
- Most sites host ads that are fed in from untrustworthy, third party domains
- Third party advertising domains can be hijacked or compromised to inject malware and ransomware into ads
- No clicks are required – your device can be infected simply by loading the website
This growing problem is even affecting major websites such as the New York Times and BBC.
Once again, however, be careful when selecting an ad blocker. Many of the free ad blockers make money off your data and work directly with advertising companies for profit. Once again, when it’s free, you are the product.
My personal solution is to use the advertisement and tracking blocker called TrackStop that is built into Perfect Privacy VPN. This gives you a powerful ad blocker that works with your VPN, and you won’t need to install any extra software. You can get the details on TrackStop here; it will effectively block:
- over 30,000 tracking and advertisement domains
- over 45,000 known malware domains
- over 20,000 phishing domains
The only free Android ad blocker that may be worth considering is uBlock Origin, which is an add-on for the Firefox browser on Android.
Step 4: Secure messaging
Governments, corporations, and hackers have been spying on text messages and listening to calls for years. The biggest messaging app (WhatsApp) is owned by Facebook, a company that has been helping governments illegally spy on citizens since 2009. Despite claiming to be “secure,” WhatsApp does not use end-to-end encryption and is plagued with known security issues.
Solution (Secure messaging app): You can utilize a secure and encrypted (end-to-end encryption) messaging application, such as Signal or Threema. Despite being a third party app, these are two good options that seem to work well:
Signal is a great, free secure messaging app that utilizes 256-bit AES end-to-end encryption. When you install Signal, it will integrate well with your Android device and also utilize perfect forward security to protect your data. The code is also open source, which is an added plus. (Signal download for Android here.)
Threema is another great secure messaging option utilizing end-to-end encryption. It’s based in Switzerland and is a low-cost ($2.99) alternative for those seeking a more secure messaging option. You can download the Android version here and get started.
Step 5: Secure your Android settings
For privacy and security, it’s a good idea to modify your Android settings. Modifying these settings will greatly enhance the security of your device while also protecting your privacy. Here’s what you can do:
- Stop unauthorized apps from installing. Android devices are susceptible to third-party apps installing on the device outside of the Play store. This of course is a serious security threat as many apps contain malware. Go to Settings > Security > Unknown sources (turned off).
- Set a strong password (rather than a fingerprint). You can do this from Settings > Security > Screen Lock.
- Enable auto-lock for your device. Go to Settings > Security > Automatically Lock (Immediately).
- Disable built-in Google services. These “services” will collect your data, target you with ads, and put your privacy and security at risk. The best option is to not sign into Gmail, and/or manually change these services in Google Settings.
- Encrypt your device (although this may slow down older Android devices). To do this, go to Settings > Security > Encrypt Device (follow prompts).
- Disable cloud back-up storage. Google has been a close partner with law enforcement (and the NSA) for years, providing them with private customer data. And of course this information is also capable of being hacked and published online. So go to Settings > Backup & Reset > Back up my data (disable).
- Say no to advertisement tracking. This is another way for Google and it’s advertising partners to track your behavior and then hit you with personalized ads. Go to Google Settings > Ads > Opt out of interest-based ads.
- Disable location tracking and clear location history. Again, this information is used for customized ads, so turning it off is a great idea. Go to Settings > Location (turn off with top switch) and then Google Location History (scroll to bottom and turn off) and finally Delete Location History.
Just doing the modifications above will go a long way toward improving your privacy and security.
Enjoy your secure and unrestricted Android device!
There you have it. If you followed this 5 step solution guide, you’ll have a secured and protected Android device that will also give you unrestricted access to the entire internet (thanks to your VPN service).
This secure Android setup provides you with the following advantages:
- All internet traffic is encrypted, secured, and anonymized by going through your VPN configuration.
- You won’t have unnecessary/dangerous apps collecting your data (because all unessential apps were deleted).
- Advertisement, malware, and tracking domains are now blocked.
- If you need to use messaging or VOIP, all communications/messages will be secured with end-to-end 256-bit encryption.
- Your Android settings will provide you with further privacy and security, with the recommended changes above.
Securing your Android device is just one step to restoring your privacy. If you’re ready to go further, check out the Simple Online Privacy Guide for a total privacy solution.