One of the most regular articles I write is advice on keeping your Android phone secure. The reason I cover this topic so frequently is that I find consumers and other user types often need a friendly reminder of how they can avoid falling victim to malicious actors who want nothing more than to either steal their data or drain their bank accounts.
Throughout the years, the advice rarely changes, but it's always important to keep the reminder at the front of every user's mind. I've seen it too many times where a user forgets to follow these best practices and winds up having their phone breached or locked up with ransomware.
Trust me when I say you don't want that. And given it's not all that difficult to avoid such problems, you shouldn't worry that these tips will be even remotely challenging. In fact, they're quite simple to follow.
But follow them you must.
With that said, let's make with the advice.
Only install apps you must have
This first piece of advice is a tough one for many to swallow. However, you should ask yourself if you really need that random, untrusted game found in the Google Play Store. The answer is probably not. I follow a very strict rule of only installing applications that I absolutely must have and I never break that rule.
Why is this so important? Because you never know what kind of malicious code is to be found lurking within an app or an ad framework for an app. In a perfect world, the stock apps found on your device should be enough. Of course, the reality is we all need third-party apps (for work, play, and communication). So when you do have to install an app, make sure it's an app from a trusted source (such as a large company that has a vested interest in ensuring the apps they release are reliable and trustworthy).
If you get the itch for installing a particular application, make sure to do a bit of research before tapping Install. Google the app name or the app developer and see if anything suspicious is presented in the results.
Only install apps from the Google Play Store
This should go without saying, but don't install applications from anywhere outside the Google Play Store. This is not to say every app on Google's market can be trusted (see above), but at least know when you install from the official store those apps have been carefully vetted. Of course, malicious code still slips through the cracks, but the likelihood of installing malicious code from a third-party source is significantly higher. Even if you find that must-have application on a site you believe you can trust, you never know if that site has been hijacked and whether or not the version of the available software compromised.
Also: Fake versions of real smartphone apps are being used to spread malware. Here's how to stay safe
Do not tap links from SMS messages from unknown sources
Never, ever, ever tap a link in an SMS from a source you do not know. Any time you receive an SMS from an unknown source, assume it is an attempt to access your data or insert malicious code onto your device. And even if that SMS message seems to come from a reputable source, chances are still good it's a phishing attempt or worse. Again, do not ever tap those links.
At the same time, don't reply to those messages. When I receive SMS messages from unknown sources 99% of the time I block them and report the sender as spam. Malicious SMS links are one of the most widely-used methods of hacking Android devices.
Update, update, update
Google releases regular security patches to the Android operating system and it's absolutely crucial that you install them. Those updates don't just contain new and exciting features, but patch security vulnerabilities to keep you safe. If you don't apply the upgrade, your device is at risk. That is why it's imperative that you always check for updates and apply them immediately. To check for an OS upgrade, go to Settings > System > System update.
But this doesn't just apply to the operating system. You also must regularly check for app updates (which can be done from the Google Play Store tap your profile image > Manage apps & device > Update all).
Make sure to check for updates (both the OS and apps) daily or weekly.
Also: How to find and remove advanced spyware from your phone
Do not connect to unsecured networks without a VPN
If you find yourself in a situation where you think you need to connect to a wireless network that doesn't have a secure password, do not do it. Use your carrier data instead.
If that's not an option, make sure to be using a trusted VPN service that can encrypt and randomize the data you send. If I'm given the choice of using carrier data or connecting to an unprotected wireless network, I will always go with the carrier data.
The second you connect to an unsecured wireless network, you open yourself up to the possibility of having your packets sniffed or your device compromised.
Don't do it.
You may think it impossible to follow this guidance but you'd be surprised at just how easy it actually is. If you do believe this is too much to accept, remember the consequences of not securing your Android device could mean a data breach, a ransomware attack, or someone spying on you via the phone's microphone or camera. The time you'll spend reversing that kind of damage is considerably more challenging than simply using your phone with an eye on security.