TR Forums

I just read some tips to secure data on my smart devices here and these are what it suggests:
·        Use Passwords
·        Enable Automatic Locking
·        Download Security Software
·        Only Download Certified and Trusted Apps
·        Review Apps' Permissions
·        Update Regularly
·        Avoid Unsolicited Links
·        Encrypt your Smart Device
·        Disable “Automatically Connect to a Wi-Fi Network” Feature
·        Disable Bluetooth and NFC (When Not in Use)
I totally agree with most, however, I often use different APKs and some are actually from untrusted sources for android. So I got confused about the fact that is it really a choice between security and freedom in smart devices too? Plus, are these enough for a fool-proof security for even a not-so-techie person?

If you don't trust the source of some software you decide to install then...

It's not a choice between freedom and security, it's a choice about who you trust. You can choose to trust Google to keep everything in the play store safe or you can choose to trust some other source(s). Your security is only as good as the people you trust. This applies to everything, not just smartphones and computers.

For the not-so-techie person trusting Google is probably the best choice if they want to use android.

As far as the other security tips go I suspect that the "download security software" is almost certainly a waste of time, battery life and bandwidth.

I personally also don't bother constantly toggling wifi/BT/NFC on and off. I'd say these are more about privacy than hacking into the device (though depending on what you're worried about privacy and security can be the same thing).

Don't visit shady website.
Never click on unknown links or advertisements such as "congratulation you won" or "your phone is infected" etc.
Never store CC details on phone.
Restrict background data for at-least keyboard app (Infact block internet connection to it)

Can we start hitting people that make click bait titles. I would like to think that the tr forum participants are above those bad practices but lately I've been taught a different lesson.

At any rate, I think you're over thinking this. There's really noone to be scared of.

cheesyking wrote:

If you don't trust the source of some software you decide to install then...

It's not a choice between freedom and security, it's a choice about who you trust. You can choose to trust Google to keep everything in the play store safe or you can choose to trust some other source(s). Your security is only as good as the people you trust. This applies to everything, not just smartphones and computers.

For the not-so-techie person trusting Google is probably the best choice if they want to use android.

As far as the other security tips go I suspect that the "download security software" is almost certainly a waste of time, battery life and bandwidth.

I personally also don't bother constantly toggling wifi/BT/NFC on and off. I'd say these are more about privacy than hacking into the device (though depending on what you're worried about privacy and security can be the same thing).

Thanks for the point that it is about who I trust. If I think about this point of view then you are actually right about that fact that it doesn't only apply to the SmartPhones. Any way what I meant by APKs was that I have installed pandora via google stopre but my friends abroad cannot. So for them APK of real pandora should be taken from some other site. In this case, I think they should go for a reliable or tested siite to get an APK from as much as I have understood your pov

Jigar wrote:

Don't visit shady website.
Never click on unknown links or advertisements such as "congratulation you won" or "your phone is infected" etc.
Never store CC details on phone.
Restrict background data for at-least keyboard app (Infact block internet connection to it)

Thanks for these points! Restricting background data is what I don't do. 

Heiwashin wrote:

Can we start hitting people that make click bait titles. I would like to think that the tr forum participants are above those bad practices but lately I've been taught a different lesson.

At any rate, I think you're over thinking this. There's really noone to be scared of.

Apologies if the title seems click bait, but there's no intent of mine to do that. Just wanted to make sure that I am on the right track because as much as I know, android is the least secure OS for smart devices. 

Jigar wrote:

Don't visit shady website.
Never click on unknown links or advertisements such as "congratulation you won" or "your phone is infected" etc.
Never store CC details on phone.

That pretty much applies to any computing device.

seankay wrote:

Jigar wrote:

Restrict background data for at-least keyboard app (Infact block internet connection to it)

Thanks for these points! Restricting background data is what I don't do. 

That is more privacy than security as cheesyking pointed out, plus a bit of saving your mobile data usage.

Lots of people lumping privacy and security together these days though.

seankay wrote:

Heiwashin wrote:

Can we start hitting people that make click bait titles. I would like to think that the tr forum participants are above those bad practices but lately I've been taught a different lesson.

At any rate, I think you're over thinking this. There's really noone to be scared of.

Apologies if the title seems click bait, but there's no intent of mine to do that. Just wanted to make sure that I am on the right track because as much as I know, android is the least secure OS for smart devices.

I don't think you need to worry much. At least my click bait sensor did not trip when I was reading your title. Others may be more sensitive. If we are talking click bait titles, we have a "prolific" poster that is rather recognizable. You are nowhere near his level.

Android actually has some pretty good security features.  One of the better ones is it uses SELinux in the back end to restrict access.  Downloading "security software" is just useless, IMO.  I haven't heard of any reports of security software being any use on Android.

I think the biggest issues for Android are:
1) No consistent security updates for known exploits.  The only solution I know if for this is getting a phone from Google.
2) Users can install their own packages.  This likely won't change as it would create an Apple-like walled garden and that's a no-no for "open" software.  They could lock it down with a PIN or password to restrict users from accidentally installing malicious stuff.
3) Encryption is optional for manufactures.  Google COULD fix this but won't.

Yeah that's pretty much my pov. 

In this case probably the most trusted way for them to be able to get such an apk would be for you to send them a copy that you downloaded from the play store. I've not played around with doing this but there are lots of ways to download apk from your phone which you should then be able to send to your friends. 

Since your friends trust you and you trust google they should be safe. 

On the other hand I don't think I'd trust any website offering apks like Pandora that are supposed to be region locked as it means they're automatically a bit dodgy. They are already operating outside the law in terms of licenses so it's not a great stretch to think they might operate outside the law in other ways too (how else do they make money to support themselves?).

I suppose this is brushing up against forum rule number whatever about no pirate software so I'll say no more.

seankay wrote:

I don't think you need to worry much.  At least my click bait sensor did not trip when I was reading your title.  Others may be more sensitive.  If we are talking click bait titles, we have a "prolific" poster that is rather recognizable.  You are nowhere near his level.

Thanks a lot for it and this in particular is a huge relief thank you!

Losergamer04 wrote:

Android actually has some pretty good security features.  One of the better ones is it uses SELinux in the back end to restrict access.  Downloading "security software" is just useless, IMO.  I haven't heard of any reports of security software being any use on Android.

I think the biggest issues for Android are:
1) No consistent security updates for known exploits.  The only solution I know if for this is getting a phone from Google.
2) Users can install their own packages.  This likely won't change as it would create an Apple-like walled garden and that's a no-no for "open" software.  They could lock it down with a PIN or password to restrict users from accidentally installing malicious stuff.
3) Encryption is optional for manufactures.  Google COULD fix this but won't.

These are some  solid issues and thanks a lot for enlightening me about this. Can you please suggest what can I do to strengthen my Android security? I am a basic user of Android!

cheesyking wrote:

Yeah that's pretty much my pov. 

In this case probably the most trusted way for them to be able to get such an apk would be for you to send them a copy that you downloaded from the play store. I've not played around with doing this but there are lots of ways to download apk from your phone which you should then be able to send to your friends. 

Since your friends trust you and you trust google they should be safe. 

On the other hand I don't think I'd trust any website offering apks like Pandora that are supposed to be region locked as it means they're automatically a bit dodgy. They are already operating outside the law in terms of licenses so it's not a great stretch to think they might operate outside the law in other ways too (how else do they make money to support themselves?).

I suppose this is brushing up against forum rule number whatever about no pirate software so I'll say no more.

Thanks for clarifying. I completely understand it and won't be discussing about this particular thing as it would be the violation. Thanks for the heads up!

1) Buy a Google Pixel.  They will be updating that for at least 18 months.  Blackberry is now re-branding phones and will get security updates, too.  Some manufactures, like Huawei, are promising "timely" security updates.  Updates are an issue and a major downfall for Android because it's up to the phone maker and, in the case of Verizon, up to the carrier (The Pixel phones will supposedly be an exception).
2) Don't check the box burred in the settings for installing apps outside of the app store. That means no Amazon Underground app and the like.
3) Encryption is something that is dependent on the manufacture. Pixel and Blackberry re-brands have it by default.
4) If an app is asking for too many permissions don't install it.  Scraping your contacts is not something an app should be doing if it's a news app.  Things like messengers or Facebook this would be expected.  There is NO reason CNet needs access to my call history, contacts, or pictures.  Buh-by.

The last thing I can suggest is to be mindful of what apps you install.  Only install apps from companies you know.  I had a pair of Bluetooth earbuds that had a special app.  It was super sketchy looking.  I didn't trust it.

Installing software from untrusted sources is asking for a rootkit.

There have been compromised apps on both the iOS and Android app stores.

Your phone is as insecure as your PC, except it has a mic and a camera, and you carry it almost 24/7.

Be careful, but don't assume you're safe.

I'd like to emphasize that "security software" for mobile devices are all garbage. 

I worked a while ago on a fairly large international Android app (100m+ users) and we constantly had to deal with the various companies behind these programs. Their business model is to blackmail other app developers like us to pay in exchange for not being flagged as harmful by them.

When you say deal with does that mean you pay their fees

Losergamer04 wrote:

1) Buy a Google Pixel.  They will be updating that for at least 18 months.  Blackberry is now re-branding phones and will get security updates, too.  Some manufactures, like Huawei, are promising "timely" security updates.  Updates are an issue and a major downfall for Android because it's up to the phone maker and, in the case of Verizon, up to the carrier (The Pixel phones will supposedly be an exception).
2) Don't check the box burred in the settings for installing apps outside of the app store. That means no Amazon Underground app and the like.
3) Encryption is something that is dependent on the manufacture. Pixel and Blackberry re-brands have it by default.
4) If an app is asking for too many permissions don't install it.  Scraping your contacts is not something an app should be doing if it's a news app.  Things like messengers or Facebook this would be expected.  There is NO reason CNet needs access to my call history, contacts, or pictures.  Buh-by.

The last thing I can suggest is to be mindful of what apps you install.  Only install apps from companies you know.  I had a pair of Bluetooth earbuds that had a special app.  It was super sketchy looking.  I didn't trust it.

Thanks for it. Seems like getting a nexus or Pixel is the best option! 
Plus it is a no no for any apk that is not in the playstore 

TheRazorsEdge wrote:

Installing software from untrusted sources is asking for a rootkit.

There have been compromised apps on both the iOS and Android app stores.

Your phone is as insecure as your PC, except it has a mic and a camera, and you carry it almost 24/7.

Be careful, but don't assume you're safe.

Hahaha it actually makes sense! Even if I am not carrying phone, others have it so even those can hurt my privacy

Heiwashin wrote:

When you say deal with does that mean you pay their fees

Basically yes.
In general the more popular of these apps want to avoid the risk of being reported to google for outright blackmail so they use things like: "oh you want your app whitelisted? You must understand that there is a long list of apps we need to deal with, and it takes time. If you pay us we can expedite you request. If you dont, well who knows how long this can take..."

edit: i was a developer and was not personally involved in the handling of these things so I'm sure some of these disputes where resolved by threatening to report them, but I know for a fact that several of them where paid off because it was just not worth the hassle of trying to get google to care.

Flying Fox wrote:

If we are talking click bait titles, we have a "prolific" poster that is rather recognizable.  You are nowhere near his level.

So you guys haven't forgotten me yet huh? I've since moved on to TechPowerUp's forum. I'm having more fun over their making normal posts, and the forum software (XenForo) is a better fit.
https://xenforo.com/