android securitySource

If you’ve read my previous posts (I know they were a long time ago) or you follow me on Twitter, you’ll know that security is one of the things that’s closest to my mind right now. If you’ve been paying attention to the iCloud hack, the Shellshock thing, the Dropbox hack that wasn’t and generally looking at what’s going on with the internet these days, it should be on your mind too.

Today’s post is all about sharing my favourite ways to protect your internet traffic, your phone or tablet and your accounts if you’re using Android. None of these apps or methods require rooting, so if you’re not that technically-minded, you can still lock your gear down to a certain degree without needing to void a warranty.

That said, if you root/ flash it, you are able to secure it better. I’m not going to show you how to do that today; there are people much more qualified than me to talk to you about that side of things. This post is all about making stock Android more secure.

How To Encrypt Your Android Device

As handy as putting a passcode or pattern on your phone or tablet is, it’s not completely securing your device. As I found when I bought my Nexus 10 reconditioned from eBay (long story), there are ways around that which will let people into your data whether they’ve got your code or not.

To use your Android device’s encryption, go to Settings and Security. Make sure your phone or tablet is fully charged and plugged in – this stuff drinks battery – and tap “Encrypt Device”.

Let it run (it might take a while) and congratulations. You’ve made the first step in securing your Android phone or tablet. You’ll have to pick a numeric pass code. Pro tip – don’t use 12345 or your/ your significant other/ your mum’s birthday. Pick something random.

So now your device is protected, let’s start protecting your internet traffic.

Freedome – VPN For Android

FreedomeThere are two stages to protecting internet traffic: one is privacy, the other is anonymity (any security experts, feel free to correct me on this if I’m wrong). A VPN offers privacy, Tor offers anonymity. If you want to be completely protected, you’ll want both on your Android device.

Freedome by F-Secure is my favourite VPN for Android. It’s easy to use, offers a range of locations around the world to use and generally works very well. There are a few more options that are available if you root your device, but it does the job on stock Android. Freedome is free for a week and after that it costs either £2.99 a month or £20.99 a year. It’s a worthwhile investment if you want to protect your privacy, check Google results in other countries or use it for range of other applications.

What Does A VPN Do?

In simple terms, a VPN, or Virtual Private Network, let’s you run your internet traffic through another machine. These machines can be anywhere in the world, so they let you protect your traffic by your activity not being assigned to your IP. They’re very handy, especially if you want to access stuff that’s blocked in your country.

The weaknesses with a VPN if you’re concerned about your privacy is that you can potentially be traced back through your connection to it. You’re private but not anonymous. It’s an important distinction to make.

That’s why you need the second step.

Orbot – Tor For Android

Tor is the second stage of protecting your internet traffic and Orbot is the best client I’ve used on Android. Tor offers anonymity as it bounces your traffic across a range of servers in The Onion Network.

Orbot works very well and is easy to use, although the lack of apps that support it without rooting it is a bit upsetting. You’ll need to use the supported Orweb browser in order to get the best out of it if you haven’t rooted your device.

It’s Tor To VPN

Remember this if you want to protect your internet traffic.

Whatever you’re doing, I’m making no judgements, go Tor to VPN, not the other way around. Connect to Orbot first, then switch on Freedome. This will give your Android internet traffic anonymity and privacy, meaning you’re protected if you’re using the Orweb browser.

There’s no getting away from it though – if you’re using these things, you’re going to take a serious performance hit. Your mobile data connection will slow down, particularly with Tor. The Tor Network’s resources are quite low, so don’t use it for large downloads or anything like that.

Two Step Authentication With Authy

authy logoThe reason a lot of accounts get hacked isn’t always the system’s fault. As much as I bag on Apple for favouring style over substance and for that U2 thing, the iCloud hack really wasn’t the system’s fault. People are always the weakest element in any security system, which is why a lot of people can “hack” without knowing a line of code (read Kevin Mitnick’s book on social engineering if you’re interested in that side of things).

That’s why two-step authentication is important.

I won’t go too far into how it works (you can read more about it here if you’re interested), but basically, it links your phone to your account along with your password, kind of like how a cash machine links your card and your PIN.

This is good for security, but it’s a bit of a pain from a usability perspective, which is why I like Authy so much.

Rather than using texts to your phone, it uses the app to authenticate you, letting it run on your phone, tablet and computer. It works with a wide range of apps and accounts including Google, Dropbox and Facebook and is a great way of adding an extra layer of security to your accounts.

Authy is free and, although you’re looking at investing some time and effort in setting it up for your accounts and all your devices, it makes adding two stage authentication to your Android devices a lot easier.

If you’re not security conscious enough to worry about VPNs and Tor setups, at least do this. The time you spend setting it up will be worth it in the long run.

Secure Passwords With Lastpass Password Manager

The weakest point of your personal security isn’t any inherent weakness in the systems. It’s you. Your likelihood to tell other people your password, your likelihood to use the same passwords for everything because of convenience, your likelihood to use passwords that anyone that knows you/ can scrape your Facebook profile can figure out is how most breaches happen.

Using a memorable password – especially one that someone can guess through your Facebook profile – is like putting a “Kick me” sign on your accounts, especially if you use the same one for everything, but if you use a secure password like |$¢°=•÷¢€1364\{}÷^?© that’s unique for everything, how do you remember it?

A password manager like Lastpass is the perfect solution.

Install that in all your browsers and on all your Android devices and choose one password for Lastpass that you can remember (but one that isn’t something people can easily guess) and use the “Generate Secure Password” option when you’re changing the password for all your accounts.

Yes it’s a pain, but it’s far less inconvenient than having someone get into your accounts because you didn’t take this stuff seriously.

And seriously, turn your phone’s Bluetooth off when you’re not using it.

Will You Do This?

Like I’ve alluded to in the past, that’s always the question with anything security or privacy related. Will you actually do it, or is this stuff too much of a pain in the backside? Do you think “I’ve got nothing to hide so I’ve got nothing to worry about” or do you value actually having that choice? Do you think “Well it’s never happened to me so I don’t need to worry”?

That’s the question I’m asking today, and it’s the question you’re answering every time you give up your privacy without thinking.

Comments are open or I’m on Twitter. I’m still struggling with internet at home, but I’ve got a few more posts lined up and another change of direction on the books, so if you don’t want to miss them, sign up for my mailing list.