Six Clicks: Ways to make Android Lollipop more secure

Besides installing third-party software, there are several ways you can enhance your device's security through built-in controls in Android Lollipop.

Topic: Security
1 of 6 Google/Liam Tung

Trusted devices and face

So, you're waiting for Lollipop to reach your device. Once it hits, here are some tips on how to make sure a new OS doesn't mean new security woes.

While few Android devices come with a fingerprint reader onboard, Google's adding new ways of making locking and unlocking devices easier.

A new feature in Lollipop called Smart Lock lets owners use either a 'trusted device' or 'trusted face' to streamline how they lock their handset.

'Trusted devices' relies on either NFC or Bluetooth to function and ensures that a phone remains unlocked when it's connected to things such as a smartwatch or a car's Bluetooth system. So, if you're driving or have the phone synced to your smartwatch while working at your desk, you won't be constantly having to unlock your phone. If you break the connection, however — by walking away from your desk, for example — the device will automatically lock.

'Trusted face' on the other hand is a more convenient way for all-purpose unlocking, and works after the user registers their face with the device. After setting it up, every time the device is switched on, it will search for the user's face. When performing the search, a head and shoulders icon will appear at the bottom of the screen in place of the usual padlock icon.

Android KitKat did have a feature called 'Face Unlock' but it often went unused due to the time it took for the unlock process to work. Lollipop's 'trusted face' fixed that problem and offers a way to improve facial recognition from different angles and in lighting conditions. Of course, unlike a fingerprint reader, it won't work in the dark.  

While the feature does reduce the number of times you need to type in your passcode in any given day, it may make the device less secure since, as Google warns, someone who looks like the user may also be able to unlock the device. 

Before either of these can be enabled, you'll need to go to Security in Settings and find Trusted Agents. Here, you can enable Smart Lock, and set up both features.

2 of 6 Liam Tung/ZDNet

Privacy controls with notifications

Notifications in Lollipop can be viewed and acted on from a Lollipop device's lock screen — great for convenience, but less so for privacy, if your personal messages can be viewed by anyone who picks up your phone.

Fortunately, it's fairly simple to finetune how notifications appear on the lock screen — for example, by preventing them from appearing at all, or just showing which apps have notifications ready, and approving which apps can then display the content of notifications on the lock screen.  

In 'Sound and Notifications Settings' under 'Notifications', you get three crude options for handling notifications when the device is locked: Show all notification content; Hide sensitive notification content — which removes the content of a message; and Don't show notifications at all.

'Hide sensitive notification content' is the one you probably want to think about most and customise at app level. Turn it on, and with messaging, you'll know you have a new email or Twitter response but won't know what either contains or who they're from — about as much use as just seeing non-actionable icons at the top bar in KitKat. On the other hand, you might prefer it, in order not to have all messages appear on your lock screen.

For a more nuanced approach, 'App notifications' comes into play, providing three main controls to handle notifications from each installed app. It offers three settings: never showing notifications from the app; making the app's notifications a priority; and hiding sensitive information when the device is locked.  So if you have a banking app, you'll probably want to ensure its sensitive contents remains hidden when the device is locked, but you might be happy to have new tweets pop up unguarded.

3 of 6 Liam Tung/ZDNet

Pin down the screen

If you ever need to quickly make your smartphone a single-app device, screen pinning is the answer. It's easy to set up once, and then keep it as a quick-start option whenever you need to limit your device to a single app.

The feature is comparable with Guided Access in iOS — an that's useful for retailers and restaurants that want to lock devices down to a single app, such as a menu or help guide. Or as some parents have found, it's not bad for locking down a device to a single app when it's in the hands of their young kids.

While the setup in iOS appears geared towards setting up access for a single, extended session, screen pinning in Android is geared towards daily use — such as handing a device to a friend or your child — by activating it once and leaving it available for the user to pin a particular app when they need to. Assuming the user has set up a screen lock code, escaping the pinned view requires knowledge of the code.

To activate screen pinning, scroll down to the bottom of Security in Settings and toggle the slider to 'on'. After it's switched on, tap Overview (the square icon next to the home button) to bring up currently opened apps. The first app on the stack will have a pin icon in the bottom right-hand corner. Tap the icon to pin the app down to a single view and check the 'Ask for PIN before unpinning' option. To exit the view, tap the Back and Overview buttons at the same time. If a PIN has been asked for, tapping Back abd Overview takes you back to the lock screen.

4 of 6 Liam Tung

Use guest profiles

Another way to restrict a device when sharing it with others is to use a guest profile, also a new feature in Lollipop.

New accounts need to be set up for installed Google apps and key settings, such as Smart Lock, are disabled in this mode.

The easiest way to activate a guest profile is to swipe down the Quick Settings in Lollipop and tap on the avatar. It's also possible to prevent certain profiles from making phone calls.

5 of 6 Liam Tung/ZDNet

Get Google to verify your apps

If Google is to be believed, Android doesn't have a malware problem. Nonetheless, Google has gone to some lengths to protect its users from potentially harmful apps with tools such as Verify Apps.

This is found in Google Settings, rather than Device Settings, and is enabled by default. Enabling the feature allows Google to scan the device for potentially harmful apps that are already installed, to warn users against installing an app, and to prevent an installation before it's completed. It may come in handy for users who've set their devices to be able to install apps from outside of Google Play. 

Other useful security features in Google Settings include Android device manager, which was introduced last year and supports remote device location, and remote lock and erase. Also, if you want to help Google improve its detection, you can agree to send unknwon apps to Google. 

6 of 6 Liam Tung/ZDNet

Backup and reset

Should you ever lose your device, you probably want to be able to restore key settings such as apps, wi-fi passwords, and other information in an easy fashion.

This can be done via Backup & Restore in Settings. Enabing it will require the user to set up a backup account; they'll need to choose whether they want to restore backup settings and data.

The data that is backed up and available for restore includes Google Calendar settings, wi-fi networks and passwords, home screen wallpapers, Gmail settings, and apps installed through Google Play that are backed up on the Play Store app. Other key settings saved include display, language and input, and date and time. Some third-party app settings can also be restored. 

Related Galleries

Yubikey Security Key C NFC
Security Key C NFC

Related Galleries

Yubikey Security Key C NFC

8 Photos
First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

10 Photos
iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

5 Photos
OnlyKey hardware security key

Related Galleries

OnlyKey hardware security key

19 Photos
SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

10 Photos
iVerify: Added security for iPhone and iPad users

Related Galleries

iVerify: Added security for iPhone and iPad users

9 Photos
iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

18 Photos