How to Secure Your Android Phone, Tablet and Android TV Against Malware

How to secure / harden your Android devices, Phone, Tablet and TV against malware

Before you buy that Android device:

If you plan to buy and use an Android device for more than one year, look for a brand and model that provides regular updates for the Android System. Sadly, not all brands do that except maybe Pixel and Nexus devices (no prizes for guessing why). At the start of every month, Google releases the monthly Android Security Bulletin which provide fixes for possible issues affecting Android devices. A report has demonstrated that these security fixes are not always follow up by the manufacturers. This implies vulnerabilities may be present in an non-updated device. Not all vulnerabilities are critical and exploitable, but as of May 2018, there is a high severity vulnerability (CVE-2017-13309, Ref: A-73251618) that could enable a remote attacker to access data normally accessible only to locally installed applications with permissions. And that's bad.

You can google for Android updates for any brands and models and review its history of updates before flexing your credit card. Do take note that even branded manufacturers will stop updating its older models after some time. Thus, we recommend not to purchase a model that is too old from the current model. One or two models behind the current model should be fine for at least a year plus.

Sometime you may find a very cheap but unbranded phone for sale but it may not be a good choice as explained from this post. If Android manufacturers want to preinstall Google’s apps on their devices, the Google Android team will certify these devices to ensure they are secure and ready to run apps from Google and the Play Store. These certified devices will then carry the Google Play Protect logo as shown:

Google Play Protect Logo (Source: https://www.android.com/certified/)

A list of Google's certified partners (brands) can be found here for your references before you go shopping for that new device.

[Update] Google will now add a small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play.

After you bought that Android device:

Four layers of security defence you can install in your device.

Layer 1: Activate the function "System Updates", or "Software Update" or "Check for System Updates" in your device (model dependent). This function is usually found in Settings/About Phone. If there is an update for your device, perform the update immediately. You should perform this check regularly, or you can set the system updates to be automatic. This is your first layer of defence.


Layer 2: Ensure you have Google Play Store installed and check that Google Play Protect is turned on. Install Google Play Store if it is not installed. Google Play Protect is Google's built-in malware protection for Android. This function can be found in the top left menu of Google Play Store App. This is your second layer of defence.

Google Play Protect Scan Results with Last Scanned Time

Google Play Protect Performing a Scan 

Layer 3: Go to "Privacy" setting that make sure installation of apps from unknown sources is disabled. You should never ever install applications from third-party market place or stores. This is your third layer of defence.

Installation of Apps from Unknown Sources Should be OFF

Layer 4: Find and install a good or your favorite Anti-Virus (or anti-malware) app in the Google Play Store. After installation, you should perform a full scan of your device. You do not have to keep the anti-virus app in your device after the full scan if you want to free up your memory or CPU usage. For your fourth layer of defence, you just have to regularly download one of the below apps and perform a full scan. 

1. AVG
2. Bitdefender
3. Avast
4. Norton
5. Malwarebytes

Best Practices for ensuring continuous good security health of your Android device:

1. Protect your devices with pin or password lock so that nobody can gain access to your device when the device is lost

2. Never open documents or application installers (APK files) that you are not expecting, even if it looks like it's from someone you know

3. Ensure your phone is regularly backed up, or sync your contacts/data/etc with one of the major companies such as Google, Samsung

4. Before you install any app from Google Play Store, check the permission required for the app. This explanation is kind of lengthy and will be touch on in future posts. In fact, to decide whether an app is safe to download from Google Play Store is both an art and a science. There is a trick that some attackers used to fake the popularity of their apps by changing their developer name to something like "100 Million Downloads", and this will cause Play Store to display their app icon as:

Developer using the name "100 Million Downloads"

These apps are no longer in the Play Store, they are archived in AppBrain.

5. Other than applying the above 4 layers, we developed our own tool to check for the latest Android malware announced. This is our own Layer 5.

6. To keep secret notes on your device, you may want to consider our own developed app, Secret Notes AES-256.