• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Android Security Tips

Windroid

Android Enthusiast
This is a thread for Android users to share security tips with each-other. I'll start:

#1: Use AdGuard, or another trustworthy system-wide ad-blocker (i.e. blocks ads in all apps, not just websites). Ads are a common source of malware and other security problems, so it's better just to block them. You will have to sideload AdGuard to install it onto Android. Sideloading is normally inadvisable from a security perspective, but I'll happily make an exception for AdGuard! Speaking of sideloading:

#2: Avoid sideloading, it's better to install apps from the app store. While the Google app store is hardly what I'd call "secure", Google does try to keep malicious apps out of its store.

#3: Try not to use Androids which no longer receive security updates. I know, easier said than done! A lot of Android manufacturers can't be bothered to provide security updates for more than a year or two, and even then, they often take their time to deliver the updates they do provide. Still, avoid using computers which don't have security updates. When buying a computer (including tablets/smartphones): Try to buy one which will get security updates for a long time.
 
Last edited:
I think jhonywick's accusing me of lying about writing that myself. But whatever, got some Android security tips?
don't use anti-virus apps. no need for it in android. never used one, and never will.

just be careful on what you download and install. even though it is on the play store, there millions of apps out there that may contain some kind of malware.....usually its a form of adware.
 
Sorry but I violate rule two and three all the time. App stores are for noobs. They update stuff I don't want updated even with updates turned off. I never forgave Google for killing Android Market and I can't stand all the contant UI redesigns for Play Store.

I don't believe in updates, so I go out of my way to keep old devices going, to not be bothered by nags for updates, or apps saying I must update them to continue using them. The whole flat UI trend annoys me and I can't stand flat UI design so I often use devices that still maintain a skeuomorphic interface, or at least take cues from Android 2.3, such as my Galaxy S4 Mini that has Android 4.4. It fits me best. It's small enough for one hand, and they don't make phones with IR blasters, removable batteries, and headphone jacks plus expandable storage or a screen under 5"

I run security software that still supports my operating system. For my S4, it's Avast, which still gets updates. I also don't be stupid and don't go to pirate sites, look for porn, or sideload obviously sketchy APKs. I've been actually more secure using systems that lack telemetry, and lack all the background data usage that are common on modern devices. I had more data breach issues with Windows 10 and 11 vs. Windows 7.

If they made a modern Android device (phone, tablet) that felt like an actual upgrade I'd buy one. But so far all the ones available have awful UI, force updates down your throat, and lack features I've become accustomed to, and follow too much of Apple's lead. I also despise USB-C. Want no part of it. No tablet made today has front-firing stereo speakers either. My 2012 Note 10.1, however, does.

Key here is be smart, don't visit sketchy sites, and don't become a high-profile celebrity.
 
my Galaxy S4 Mini that has Android 4.4

I hope you're using the Puffin Cloud Browser, or some browser that still gets updates on Android 4.4. You don't want a browser without security updates, on top of an operating system without updates!

...follow too much of Apple's lead.
Oh yes! Seriously Samsung? You make fun of Apple for dropping the headphone jack (and rightly so), then you drop the headphone jack yourself? And so does everyone else? Are you a professional company, or are you a stereotypical high school student who wants to be just like the cool kids instead of being himself?
 
check app permissions before you install an app. if the app is for example a wallpaper app, why would it need permission to access your contacts? things like this should send alarm bells telling you not do install it.
 
I only use the browser (the built in Samsung one) to Google and that's it. I hardly ever use it. I keep the phone offline for the most part, keeping data active here and there for MMS messages sent to me, but for the most part it does everything I need it to offline. The smartphone is not nearly as important in my life as it once was. I for the most part use it as an MP3 player and a means of texting my girlfriend who lives 3 states away and that's it. I carry a mechanical pocket watch for time, and use a mechanical calculator known as an 'addiator' for calculator functions these days. Far more fun, unique and I don't need no stinkin' batteries.

For my laptops I use Pale Moon which still gets support on Windows 7.
 
An addiator? What's that?
Addiator.jpg

 
Tech Tangents has a couple of videos about Addiators. The name Addiator isn't the original version of the little pocket mechanical wonder, just the 1960s variant. This one is called "Baby calculator co." and is in a very old case (stylus missing) and does more than addition and subtraction--can do multiplication and division as well, although very similar in design.
 
Using 'old' browsers isn't a risk, so long as you're smart. Don't visit the pirate bay, look up porn, or visit any site in Google results that looks like "http://eatr0uoejtfoeajr9aj.cz" even if the title and description look normal otherwise (that's been showing up more recently)

I use old browsers all the time, again, I hate flat UI design and modern browsers also force updates and aren't supporting the many extensions I still use to theme the browser and such. I use Firefox 52 and Pale Moon on my Windows 7 machine. I keep most apps in the year 2009-10 and nothing catostrophic happened yet.

If your device is old enough installing a more recent app will just slow it down or reduce battery life anyway. Best to stick to no more than a couple years newer than the phone's date of manufacture and it will feel as snappy as the day it was new, and have more storage for music, photos, etc.

I'm on Android 4.4 on my phone, and I NEVER update anything. All its built in apps are the ones it came with in 2013, even Chrome. Any third party apps are apps I used since Android 2.3 and are of that era and I've backed up their APKs.
 
Obviously I'm living proof it's not a risk. If you do something stupid, that's on you. Accept responsibility. I am no fan of idiot proofing of any kind. It's not like using old software is going to automatically put viruses or Bonzi Buddy on your PC.

I've had far more instances of malware on Windows 10 and 11. A lot of attackers and scammers target modern systems and the modern browsers are the only ones capable of producing the fake 'micrsoft support' pages anyway.

If they didn't make them force updates, make them look flat and bland, or supported all my favorite extensions (looking at you, Firefox 'quantum') things might have been different. But being burned by unnecessary changes far too often made me quite averse to updates where not only do I turn them all off, I use operating systems and apps that no longer get updates so I can be left alone, not bothered by stuff like 'an update is available for [app name here]' or 'you must update this app to continue using it' and can just enjoy my device and my life, confident my device is MY device, not some lame software developer's

The reality that I have zero control over Windows 10+'s updates is why I will never bring myself to use it or anything after it ever again. Same for modern Android. Have you actually seen Android 12? It's hideous!
 
Obviously I'm living proof it's not a risk. If you do something stupid, that's on you. Accept responsibility. I am no fan of idiot proofing of any kind. It's not like using old software is going to automatically put viruses or Bonzi Buddy on your PC.
I don't agree with you, I don't think it's that simple. Even if you're smart, you might find yourself on a malicious/compromised website by mistake. Or something. Being smart is just one layer of protection (albeit, the most important layer). So no, security updates are not about idiot proofing. Security updates do not make computers (including smartphones) idiot proof! However, security updates are a good layer of protection.

Good computer security is about having multiple layers of protection, layers that give you a lot of security without getting in your way too much.
 
Idiot proofing is newer apps taking away the ability to NEVER check for updates. See Windows 10, modern Firefox and Chrome. Idiot Proofing is taking away the ability to use legacy extensions in Firefox.

Idiot proofing is OneWheel's CEO citing 'security' for the reasoning behind the scooter EOL'ing its mainboard if the battery is replaced by the owner.

Security updates don't in themselves introduce idiot proofing, but they often require a supported phone to have them, and many modern OSs and apps are full of idiot proofing in the name of 'security'

Idiot proofing is John Deer outright opposing the ability of farmers to repair their own equipment and citing 'safety' as well.

Idiot proofing is what designed polarized plugs, fused plugs, planned obsolescence like non-removable batteries (can't trust people to replace a battery or not use a hair dryer in the bathtub eh)

Idiot proofing is an OS that treats the user like a moron instead of someone who's been with computers since the era of FORTRAN and CP/M and actually knows how computers work, by taking away the ability to fully customize it or hack it to make it your own.

We can agree to disagree, but I have to dispel myths as I see them, especially when people assume we should just toss perfectly good hardware out because it's too old, and only use modern stuff. That's futurist talk and encourages disposability and constant consumption we can't sustain on our planet anymore.

I can install newer versions of Chrome up to a certain point on my S4 if I wanted to, but why reduce the performance of a web browser to the speed of an i486 without any real gain on my end, and with an uglier UI along with it? I guess in your mind I should just toss this phone away and buy a new one for muh security right?

There are plenty of Windows XP users, PowerPC users and Xbox 360 users who put that old 'if you use outdated software you'll get hacked!' excuse to rest.
 
Last edited:
Idiot proofing is newer apps taking away the ability to NEVER check for updates. See Windows 10, modern Firefox and Chrome.

Idiot proofing is what designed polarized plugs, fused plugs, planned obsolescence like non-removable batteries (can't trust people to replace a battery or not use a hair dryer in the bathtub eh)

Idiot proofing is an OS that treats the user like a moron instead of someone who's been with computers since the era of FORTRAN and CP/M and actually knows how computers work, by taking away the ability to fully customize it or hack it to make it your own.

We can agree to disagree, but I have to dispel myths as I see them, especially when people assume we should just toss perfectly good hardware out because it's too old, and only use modern stuff. That's futurist talk and encourages disposability and constant consumption we can't sustain on our planet anymore.
I largely agree with you there, but that's another subject for another thread.
 
Fact is to have a supported enough device to GET security updates, the OS and UI are full of idiot proofing and ugly UI that looks like it's been designed for children, and less ability to customize it.

I HATE modern devices, and HATE modern software. A good example is most modern versions of apps enforcing updates whether I agree with them or not, and that includes UI redesigns. The Walmart app for example eventually says 'you must update to continue using this app' so it got uninstalled. The older version should have worked fine until it broke, but nope, they can't trust that some users don't need their hands held.

If the updates were ONLY about security, bugfixes and not unnecessary change for change's sake, we'd be golden. I wouldn't be so update averse. I prefer Android 2.3's UI, and not Android 13's. It takes more than security to make me consider an upgrade, and so far there's nothing that checks my required boxes in the modern era. In the end, it must meet MY needs, and work MY way, and look the way I expect. And it should STAY that way, update or no update. The OEMs and developers have proven, time and again (see iOS 7, macOS Yosemite, Android 5.x, Windows 8 and 10) that they won't leave things alone. It's only gotten worse with removing buttons on many smartphones, where odd and confusing gestures are required to navigate the damn things, and even more, they're too damn big.

If updates run your life like that, you'll be in a never-ending cycle of upgrade after upgrade. Our planet cannot take much more in the ways of making new things, and enough used items that still work fine exist to sustain the next three generations of people.
 
And JUST security. Not any UI redesigns, icon changes, or flat design. They sadly tend to come with all of the above alongside the security update. You can't get one without the rest. On Play Store I've read far too many descriptions of what an 'update' included and many often said 'redesigned settings UI,' or 'redesigned icon' or 'brand new experience' and it bothered me too much. Just let me use things the same way I've used them. stop moving the cheese!

One such example, when I was toying with an S20 FE 5G, a 'security patch' of 1GB came in from Samsung. It wasn't a full Android version update, but it still managed to include updates to Samsung Internet, Health, and a few other system apps, and redesigned enough UI to bother me (it took the customization away in Messages, where I couldn't use a background wallpaper anymore in a message thread--something I've done since the SIII, but thankfully they added it back in a few updates later-although I might have been stuck with it)

So I can't even trust a security patch to just well, patch security.
 
Last edited:
Sorry but I violate rule two and three all the time. App stores are for noobs. They update stuff I don't want updated even with updates turned off. I never forgave Google for killing Android Market and I can't stand all the contant UI redesigns for Play Store.

I don't believe in updates, so I go out of my way to keep old devices going, to not be bothered by nags for updates, or apps saying I must update them to continue using them. The whole flat UI trend annoys me and I can't stand flat UI design so I often use devices that still maintain a skeuomorphic interface, or at least take cues from Android 2.3, such as my Galaxy S4 Mini that has Android 4.4. It fits me best. It's small enough for one hand, and they don't make phones with IR blasters, removable batteries, and headphone jacks plus expandable storage or a screen under 5"

I run security software that still supports my operating system. For my S4, it's Avast, which still gets updates. I also don't be stupid and don't go to pirate sites, look for porn, or sideload obviously sketchy APKs. I've been actually more secure using systems that lack telemetry, and lack all the background data usage that are common on modern devices. I had more data breach issues with Windows 10 and 11 vs. Windows 7.

If they made a modern Android device (phone, tablet) that felt like an actual upgrade I'd buy one. But so far all the ones available have awful UI, force updates down your throat, and lack features I've become accustomed to, and follow too much of Apple's lead. I also despise USB-C. Want no part of it. No tablet made today has front-firing stereo speakers either. My 2012 Note 10.1, however, does.

Key here is be smart, don't visit sketchy sites, and don't become a high-profile celebrity.
I wish I still had an older device. It seems that the major Cell Phone Service Providers just keep mandating upgrades. One thing I've done recently is learn the ADB interface so that I can remove unnecessary apps. I wrote a shell script that removes over 150 packages and I still have basic functionality of my phone. Talk,Text,Browse. Really that's all I need. Of course I ran into some snags where I removed a package that is necessary, but a factory reset brought it back around. Still doing research into what I can and can't remove. If you have the time, buy a modern device and play with it until you're satisfied. I have an IT background, but I let the mobile technology slip by and ended up being a victim of my phone being hacked several times. If anything, the education that I'm getting is worth the effort.
 
Back
Top Bottom