How to Secure Android Phones

Updated on December 26, 2018
EricFarmer8x profile image

Eric loves the Android operating system. He has many things to share with others on subjects he has learned from years of experience.

The Android OS is very popular these days, and many people have Android phones.

There are multiple things you can do to keep your Android device secure, and in this article, I explain what they are.

I also mention some things you might want to reconsider doing as they can cause issues.

Secure Your Phone With a Lock Screen

Secure your lock screen with a password, pattern, or a pin. Passwords are the most secure but harder to remember, and I use a pin myself.

If your device has the right hardware, you can use it to unlock your phone a well. For example, my current phone, the LG V20, has a fingerprint reader, and I use it all the time.

Some newer phones can unlock the screen using your face.

Secure applications with a pin or fingerprint as well, as doing this adds an extra layer of security and privacy.

I also recommend making purchases that need a password or fingerprint to confirm them. Even if you do not share your device, I recommend doing this, as this will help prevent accidental purchases.

Consider Encrypting Your Phone

Encrypting your phone is another way to secure it from threats. Doing this will make sure the data is very secure as without your password nobody will be able to access your phone.

Some newer phones come already encrypted, and my current Android smartphone was.

You can also encrypt an SD card, and if you do this, you must use the SD card inside your phone to transfer files with a USB cable.

Be Careful When Connecting Your Phone to a Computer

When using a USB cable to connect a phone to a computer make sure you select the right option.

These options let you select how a computer will interact with your Android device over USB connection.
These options let you select how a computer will interact with your Android device over USB connection. | Source

Keep Your Phone up to Date

Whenever your phone gets updates, download these as soon as possible, as most security updates fix exploits. You can avoid many issues Android has by updating your device, and I recommend downloading security updates as soon as possible.

Only refuse to update to a new version of Android if you know some critical applications you use daily does not work yet.

Also, know if you test betas or developer previews of Android there may be bugs and I do not recommend doing this.

Use Google Play to Download Most Applications

The first line of Android defense is to be careful what applications you use on your phone. I recommend downloading applications from Google Play.

Google Play does a great job at filtering out bad applications, and hopefully, you will never see any. Google Play is not perfect though, and sometimes there are cases of malware in the store.

Here are some examples of this.

In most cases, these bad applications all have something in common. Unknown developers make these applications, and they normally are very basic. Applications like file cleaners, flashlights, and music players are some examples.

You will have to dig deep into Google Play most of the time to find these applications.

My recommendation is to download applications from well-known developers. Anything on the top charts and applications most people recommend will be safe.

I am not saying all small, and new developers are untrustworthy, but remember to be careful.

Is It Safe to Download and Install Files from APKs?

Android application packages (APK) store Android software and these files install new applications.

To install applications from APKs, you will need to enable an option to install from external files.

You need to be careful when installing files using APKs and you need to make sure what you are installing is safe.

This is the option you need to enable to install applications from APKs.
This is the option you need to enable to install applications from APKs. | Source

There Are Safe Ways to Get Apk Files

There are safe places to download APKs, and a website like APK Mirror is trustworthy.

In some cases, Google Play blocks people from downloading certain applications. The application may still run on a phone, so people download and install the application anyways.

You sideload applications when you download and install them this way.

Some developers sell and distribute applications on their own websites. Google does sometimes block useful software from being on Google Play for various reasons.

A great example of an application store other than Google Play is F-Droid. F-Droid is an open source software store, and open source software is very trustworthy because people can verify that an application is safe to use.

What About Pirating Games and Applications?

Piracy on Android is high, and there are many ways to download and install paid applications for free.

Supporting developers is in everybody's best interests. I am not going to argue over the morality of piracy as people will do what they feel is best.

I want people to know the risks and to be careful. I won't lie and tell you that all pirated software is bad and will give you malware as this is not true. Yet there is no 100% way of knowing what pirates have changed in the free version of applications they offer, and there is a chance of getting malware.

Unless you have 100% faith in pirates, you will always be at risk when downloading free android applications this way.

This advice also applies to applications that promise pirate movies, TV shows, and streams as well.

I know there are applications out there that run well and do what they promise, but due to even the slightest chance of malware, I can't recommend using these applications.

This article by Android Central goes over these issues in more detail, and I recommend reading it.

Why You Should Keep Your Google Account Secure

On Android, your Google account is the most important one to secure. Your Google account holds all your data and any applications, books, and movies you buy from Google Play.

When you first turn on an Android phone one of the first things you do is create a Google Account or use an old one to sign in.

Make sure you use a strong password. Make a password with at least six characters and use special characters and numbers. Using a weak password is dangerous, and I recommend storing your passwords with a password manager.

I am currently using Bitwarden because it is open source and free, but there are other decent options. Secure your password manager with two-factor authentication to be extra safe.

This is the my account screen for my Google account.
This is the my account screen for my Google account. | Source

A Few Things You Can Do to Keep Your Account Secure

Make sure you have a backup email address to use and give Google your phone number. You use these methods to verify yourself when you are having issues with logging into your account.

Every once in awhile run the Google account security checkup tool as well.

Use a Mobile Authenticator!

I recommend using a mobile authenticator, and the Google Mobile Authenticator is a nice choice.

Some two-factor authentication services send codes by text messages (SMS), and some services send emails.

Why use two-factor authentication? With two factor authentication, it is a lot harder for an intruder to get access to your account. Intruders will need to be able to generate the codes tied to your device to log into your account.

Using two-factor authentication is one easy action everybody can take to make their accounts much more secure.

According to this source, less than 10% of Google accounts have two-factor authentication. I find this information to be very alarming because it shows how little the average user cares about securing their account.

While this may sound extreme everybody who cares about security recommends two-factor authentication and so do I.

Use the security measures I mentioned here for most of your other online accounts as well. I recommend securing as many accounts with two-factor authentication as possible.

This website lets you know what services offer two-factor authentication and the website gives you an option to send messages to the services that don't support two-factor authentication.

The Google Authenticator Application.
The Google Authenticator Application. | Source

Do I Need an Antivirus Software on Android?

As long as an antivirus does not have a huge impact on performance, there is nothing wrong with having one.

This guide from Tom's Hardware is a good read and goes over options to choose from.

Do You Need to Use a VPN on Android?

A virtual private network (VPN) is an optional way to secure your phone when you are using an unknown WiFi connection.

Some people also use VPNs because of geographic restrictions and in some cases restrictions their countries government sets on internet usage.

Do I recommend using a VPN? If you want to be safe when using unknown internet connections, a VPN is a way to be safer.

I use a free account with TunnelBear as I don't need to use a VPN often. There are many VPN offerings, and I recommend doing some research to learn more. Most free VPNs are not worth using and do not recommend using one.

Is Rooting an Android Phone Safe?

Some people use Root because they want full control of their phone and there are some applications that require it.

Rooting your phone is inherently dangerous, and this removes the safeguards that are normally in place.

Rooting an Android phone is the equivalent of using a Linux operating system as the superuser. You will be much more open to malware and external threats, and you will need to really know what you are doing to stay safe.

Also because of SafetyNet, some games and applications will refuse to run on phones that detected as being rooted. Pokemon GO and Google Pay are a few examples.

There are ways to get around this issue, but they are extremely technical and require much tinkering and learning.

If you do wish to Root your phone make sure you are using a current and up to date method and make your phone model can be Rooted, to begin with.

Messing up this process could potentially leave your phone in a bricked state. That is to say, your phone will not boot, or function at all.

Chances are if you are using a Rooted phone or have in the past you already know the pros and cons but keep them in mind.

Do You Root Your Android Phone?

See results

Is Using a Custom ROM Safe?

Custom ROMs are ways to keep older phones up to date and to also get certain features and settings not found on normal Android OS.

Custom are ROMs are safe, and in fact, some have even more privacy and security features than standard Android. LineageOS is an example of a very popular custom ROM.

You will have some of the same issues as with root though. You need first to be careful to make sure your device supports custom ROMs and make sure there is a way to install them.

Be sure you 100% understand what you need to do as there is even a higher chance of bricking your phone, and I would not recommend using custom ROMs to the average user.

In some cases, you will need to install Gapps (The Google Play store and other related applications) separately.

Your phone may also have missing features or weird quicks depending on the custom ROM you are using and who maintains the versions.

Make sure to do some research about custom ROMs before trying anything.

Lastly, keep in mind rooting your phone or installing a custom ROM may void the warranty.

Recap of How to Avoid Malware on Android

  • Download applications from Google Play or 100% verified safe sources.
  • Do not install applications from APK files unless the application is 100% verified safe.
  • Avoid downloading pirated applications and applications from unsafe and unverified sources.
  • Use a password manager and two-factor authentication to protect your online accounts.
  • Use an Antivirus application to safeguard your phone if you want to feel extra safe.

My Final Advice

Overall remember to use common sense. As long as you attempt to keep your phone secure, you are on the right path.

Keep in mind a lot of the extra security and account features are unused by most users.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2018 Eric Farmer

Feel Free to Post Any Questions or Comments You Have

    0 of 8192 characters used
    Post Comment

    • EricFarmer8x profile imageAUTHOR

      Eric Farmer 

      9 months ago from Phoenix Arizona

      @Mary Diderich I am happy I could help. This is why I love to write about technology. I want to teach other people how to do things and help them.

    • profile image

      Mary Diderich 

      9 months ago

      So much information that I was totally unaware of. For instance, I now have two-factor authentication on my Android and prior to reading this article had no idea what it was or even that it was available. Thank you for sharing all of this valuable information.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)