If you think about it, your phone knows an awful lot about you. It tracks your location, it handles your phone calls, text messages, emails, and messenger chats, it contains photos and videos of you, it knows what you look for online, it knows who you know, it knows what apps and games you use and for how long, and it probably knows something about how you spend your money.
Does anybody know more about you than your phone?
If someone could get their hands on even a small portion of that data they could put together a pretty detailed profile of you. They could extrapolate a lot of information about your lifestyle and use it in a variety of nefarious ways – don’t assume it’s just about serving targeted adverts.
Security and privacy aren’t always the same thing. We’ll try and focus on privacy here and give you a few tips on where to start. The bad news is that there’s no substitute for doing your own research. There’s no shortcut or single app that will protect you. You need to work out how important your personal privacy is to you and how much effort you’re willing to put in to protect it. There’s always a trade-off with convenience and the best solutions tend to cost money.
Use the lock screen
The first, most obvious thing you can do to protect your privacy is use a PIN or passcode on the lock screen. We’ll get into encryption in a minute, but bear in the mind that the vast majority of apps, even with end-to-end encryption, aren’t encrypting data on your device, only in transit. That means that anyone that gets a hold of your phone physically can see everything.
You can encrypt your whole phone in Android by heading into Settings > Security and tapping Encrypt phone. This will render your phone impossible to access without the passcode or PIN and it’s definitely worth doing if you’re concerned about theft or someone snooping on your physical device by getting a hold of it. The downside is that it can take ages and significantly impact on performance.
Most people don’t use encryption when they store data, send messages, make phone calls, or browse the web. This makes it relatively easy for people to intercept that data and read it. If you use encryption, then you are essentially scrambling the data. Only someone who possesses the right key to unscramble it can read it. It may still be intercepted, but it will be impossible to understand.
To give you an idea of how effective end-to-end encryption is, the UK government is currently trying to pass a law change to ban it, because it’s unable to read our messages. Ostensibly, the reason given is that they can’t intercept terrorist and criminal communications. They simply don’t care if they expose the rest of us in the process.
So far, tech companies are resisting. Snapchat and WhatsApp both offer end-to-end encryption. But there are better options if privacy is your primary concern. If you want to protect your calls then check out RedPhone. For messaging try TextSecure.
If you want more options, the Electronic Frontier Foundation provides a handy Secure Messaging Scorecard that’s well worth a look.
Using a VPN
If you don’t want someone tracking your web searches, which could reveal your purchasing habits, sexual proclivities, politics, and a whole lot more, then you should be using a VPN (Virtual Private Network). Instead of communicating directly with the websites you visit, you’ll be connecting to a server first, and that server will connect to the websites for you, hiding your actual device. The primary purpose is privacy, they don’t really provide anonymity.
This is also a common technique for changing your location. Say, for example, you want access to the much bigger US Netflix library, but you’re in the UK. You can use a VPN to connect to a server in the States and Netflix will show you the American version. Some people use VPNs to torrent.
VPNs are not created equal and there are lots of potential problems here. The most obvious thing that you’re going to notice is a slow down in speed, because your data is pinging through an extra hoop. From a privacy point of view, you also want to find a VPN that isn’t storing logs. Some of them store your IP address and might give it up if asked.
You have to be particularly careful with free VPN apps on Android. For example, Hola Unblocker was recently exposed for various vulnerabilities. Because it’s based on a peer-to-peer system strangers could be using your internet connection for all sorts of unpleasant and illegal activities that you might end up getting into trouble for. They also sell access to third-parties.
In general, you’ll find that free VPNs come with some kind of catch, whether it’s a lack of servers, limitations on time, slow speeds, or security threats. To get a really decent level of service you’ll probably have to subscribe and pay a monthly fee. You’ll have to research the right VPN for you, but some apps worth considering are TunnelBear, CyberGhost, and VyprVPN. If you want to read up about what VPNs can and can’t do in more detail, there’s a great article on VPN myths over at Golden Frog, the developers behind VyprVPN.
What about apps?
A lot of the snooping that goes on is conducted by apps that you have given permission to. From a security and privacy point of view, there is no substitute for reading through the app permissions before you install and really thinking about them. What’s missing in Android right now, though it used to be there in something called App Ops, and is rumored to be returning in Android M, is the ability to say no to specific permissions while accepting others.
It looks like Android M will switch to a model where you are asked about permissions when the app actually tries to use them, not in a big list at the start when you first install. You’ll also be able to access an app menu and turn permissions on or off. The trouble with this is that suspicious users might end up breaking apps by switching off permissions they need. In any case, it’s not available yet.
Flashlight apps are notorious for the unnecessary permissions they request.
Rooting gives you much greater control over your Android device and it can help you to protect your privacy. You might try something like X Privacy, but be warned it’s not the most straightforward of apps. For most people, rooting and sideloading is going to be a security or privacy risk. If you download an APK from a dodgy link, or you root without really understanding what you’re doing, there’s a chance you’ll expose your data and install malware.
Security apps can potentially be useful. They can alert you if you install a known piece of malware (remember that they aren’t a guarantee, because malware takes time to be identified and new malware is landing all the time). They can also alert you to suspicious activity. But there’s a limit to how much they can do. Check at independent testers, AV-Test, for the latest results on Android antivirus software.
Changing the way you use your phone
You can also improve your privacy by tweaking the way you use your phone. Don’t have location services turned on unless you need them (your service provider will still be able to track you, though). Uninstall apps and games that you don’t use. Be picky and do some research before installing anything new. Use a password, encrypt your communications, and use a VPN. Taking these steps will drastically boost your privacy.
If you’ve got any Android privacy tips or app recommendations to add, then please post a comment.