• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

How to verify security on smartphone email

startac4

startac4

Well-Known Member
I included this in another topic (DUO privacy) but perhaps it's more appropriate to ask this question separately in its own topic. I am a "newbie" using smartphones and don't have a good feeling about its security nor the security of what is sent to/from it. (I use Avast but that addresses a different issue). How can one tell what is safe on a smartphone accessed website or email? I realize this is a rather broad question to pose here - the indications of what looks right or not are possibly too open-ended - but whatever information, direction and experience I can receive here will be helpful.

Just as one example, my doctor's office sent a gmail with a link to a website wanting confidential information to set up my patient portal with that doctor. But on a computer, I would never follow a link in an email, and then enter confidential personal information on that site.

Also, is there someplace I can check for requisite Android security patches? Nothing seems to have been updated on my phone. Should I check for them and then download them and if so, how do I do that?

Phone: LG K20Plus
Android Version 7.0
 
you can't....that's the thing. the only thing you can trust is your common sense. i check to see who sent me the email. if it is from my doctor's office then ok that email is good. but if it is something like spam mail or from someone or someplace i do not know i will not open it. that is about as much as you can do.

as far as avast goes....never i never used any antivirus or antimalware apps. i think android does a pretty good job at keeping these things at bay. the only thing you have to watch out for is what you download and install onto your device. there are some apps out there that has adware and malware coded in. you just need to look at the permissions before agreeing to install an app. its been well 10 years and i have never gotten any malware or adware on my phones. my mom on the other hand keeps getting adware on her phone all the time, cuz she is not careful on what she downloads.

as for updates, this will depend on what phone you have as the update check option varies slightly. it should be somewhere in your phone's settings. usually towards the bottom of the settings at or near the "about phone" option.
 
You could just use a computer for things you are concerned about.

But "common sense" works: if you registered for the email from your medical practice, i.e. you were expecting it, that makes the probability of a scam low. Conversely if it came unsolicited I'd not touch it on any platform.

For copy and paste (which you said you had problems with in your other thread) press and hold the text to highlight, drag the handles to change the selected area, then touch "copy" in the pop-up menu. At the destination press and hold and select "paste". It's more fiddly than a computer, but small screens are by definition - that's the price of portability.
 
Hadron said:
You could just use a computer for things you are concerned about.

But "common sense" works: if you registered for the email from your medical practice, i.e. you were expecting it, that makes the probability of a scam low. Conversely if it came unsolicited I'd not touch it on any platform.

For copy and paste (which you said you had problems with in your other thread) press and hold the text to highlight, drag the handles to change the selected area, then touch "copy" in the pop-up menu. At the destination press and hold and select "paste". It's more fiddly than a computer, but small screens are by definition - that's the price of portability.
Click to expand...
The portal email says up front this cannot be done form a computer, only on the smartphone. I'll have to try finding some support at the doctor's office who can verify what's sent. Thanks for the instructions on copy & paste. It is a lot harder to get what I want where I want it. But as the instructions are that it must be done on the smartphone - I will ask someone them "why"??? - I have to put up with this. Glad I don't do anything else with chrome on the phone except for Avast.

Ocnbrze: I have a cross-platform license for Avast so using it my phone isn't any additional expense. As I use it on my computers I certainly can use it on the smartphone.
 
ocnbrze said:
you can't....that's the thing. the only thing you can trust is your common sense. i check to see who sent me the email. if it is from my doctor's office then ok that email is good. but if it is something like spam mail or from someone or someplace i do not know i will not open it. that is about as much as you can do.

as far as avast goes....never i never used any antivirus or antimalware apps. i think android does a pretty good job at keeping these things at bay. the only thing you have to watch out for is what you download and install onto your device. there are some apps out there that has adware and malware coded in. you just need to look at the permissions before agreeing to install an app. its been well 10 years and i have never gotten any malware or adware on my phones. my mom on the other hand keeps getting adware on her phone all the time, cuz she is not careful on what she downloads.

as for updates, this will depend on what phone you have as the update check option varies slightly. it should be somewhere in your phone's settings. usually towards the bottom of the settings at or near the "about phone" option.
Click to expand...
 
I am very uncomfortable with how apparently updates on done on (this) smartphone. In "App Updates", it lists applications on the phone but doesn't say if they need updating. Nor even HOW to update them (pressing any of them does nothing about updates).

And what I'm really afraid of doing is the T-mobile update for android. It has a warning to make sure there is at least 40% battery capacity before starting and a second warning not to turn off the phone while the update is happening. The update is 100 MB but this is very worrying if something happens and the phone loses connection during update. Never mind not having updates, I could wind up with no phone at all. And I don't know how long this download should/could take.

Under different circumstances I would have brought it into a T-Mobile store and let them do it. Of course that can't be done any more.
 
Get aquainted with the Google play store app on your phone.
Get aquainted with the Gmail app on your phone.
Remember your Gmail account and password and write it down and keep it safe.
Open your play store app and go into its settings, choose auto update over wifi or data. It takes a couple of minutes to download 100mb, maybe less. Don't worry if updating and losing power will cause harm, it will not.
 
App updates and system updates are completely different.

App updates are handled by the Play Store app (assuming that's where you got the aps from). I can't picture quite what you are describing (a screen shot might help), but it may be that it is showing you appa that have been updated if you have auto updates on (which they encourage you to do, and I personally never do). Otherwise there should be an "update all" button and separate update buttons for each app that has an update available. That fact that you don't have those or a heading "recently updated" makes me wonder what you are looking at for this "App Updates" list?

System updates aren't a big deal - as a Pixel owner I get them monthly. The 40% battery is just to make sure you don't run out during the update, but my devices will refuse to actually apply the update if the battery is too low so the warning's real purpose is to explain what you need to do for it to work (i.e. to stop people phoning to ask why it won't work when the problem is low charge). You can always plug the phone in to do the update if you are really worried, but 40% gives them a huge margin for error. If you've a half decent internet connection the download will be quick, but the installation can be a bit tedious.

Actually turning the phone off during the update (except if it asks you to press a button to restart the phone) could mess something up, but would also be an extraordinarily silly thing to do. That warning is really there to cover them against idiots: it's a bit like a warning that coffee can be hot.
 
startac4 said:
I am very uncomfortable with how apparently updates on done on (this) smartphone. In "App Updates", it lists applications on the phone but doesn't say if they need updating. Nor even HOW to update them (pressing any of them does nothing about updates).

And what I'm really afraid of doing is the T-mobile update for android. It has a warning to make sure there is at least 40% battery capacity before starting and a second warning not to turn off the phone while the update is happening. The update is 100 MB but this is very worrying if something happens and the phone loses connection during update. Never mind not having updates, I could wind up with no phone at all. And I don't know how long this download should/could take.

Under different circumstances I would have brought it into a T-Mobile store and let them do it. Of course that can't be done any more.
Click to expand...
updates are done in two stages. the first stage is the download. when there is an update available a popup will appear and ask you if you like to download the update now or later. if you are not on wifi sometimes it will let you know and ask if you want to wait until you have wifi.

the next stage is installing the update. once it is downloaded you will get another popup asking if you want to install the update. this part does not need wifi as it is already downloaded. so that part you do not need to worry about. what you do need to worry is the battery, if it is more then 40% you should be fine.

if you go to the play store and hit the 3 lines (called hamburger) locate my apps. it is there that you will find if any apps need updating. it is not found in the app manager of the phone's settings.

hope that helps

edit:ninja'd
 
Thank you everyone for your posts. I see now how the application updates work. I have turned off AutoUpdates - I never like when software does what it wants without my controlling what and when. That's the same way I have it on my computer. I've selected the software that I use on the phone and updated it.

My other big concern is the "system update". I never do updates on any computer without having a backup/back-out ability in place. I appreciate your assurances not worry to about the downloading and applying of those updates. But the whole smartphone approach of doing updates without backup/back-out precautions - at least any that I've come across - is absurd, not to mention
un-professional. I would never have done that, nor allowed anyone in my area to do that, with computer updates.

If there is an Android back-out protocol, I would appreciate someone telling me about it.
 
this is one reason why i like samsung phones. samsung as a very cool program called smart switch where you can save and backup your data. it can also update the phone for you as well. not sure if lg has something like that or not. but i always use smart switch before i update the phone....just in case something happens while updating.
 
There are backup options for data, though in most cases not a simple one-click one, but most phones have no back-out option for a system update (a feature not limited to Android).

I say "most" because actually for the last 2-3 years Google have been pushing a system which in principle allows that. Pixels, and a few others, have two sets of system partitions (A/B), and the update procedure updates the one that is not currently used and then switches the active set to the updated one. This means that if something goes wrong in applying the update the phone can still work using the unmodified partitions. There is however no user-facing option to tell it "go back to the previous version" (note that reverting a major update would generally require a factory reset as well, since a new android version usually has settings that are incompatible with the older one and so all data have to be erased). There are rumours that Google are preparing to make this mandatory in future, but it's not happened yet.
 
startac4 said:
my doctor's office sent a gmail with a link to a website wanting confidential information to set up my patient portal with that doctor. But on a computer, I would never follow a link in an email, and then enter confidential personal information on that site.
Click to expand...
Why on earth not? :thinking:
 
Basic security protocol. Speak to people who deal with security on computers. As email is not secure, following it to somewhere that purports to be the secure website you want is dangerous and reckless. Look at financial institutions emails: they never include a link with instructions to follow it. They tell you to logon manually directly to the institutions' websites.
 
This is true, though have you never been phoned by a financial institution who then proceed to ask you questions to verify your identity? They really don't know what to do when I tell them that I won't answer the questions because they've not confirmed their identity to me ;).
 
startac4 said:
Basic security protocol. Speak to people who deal with security on computers. As email is not secure, following it to somewhere that purports to be the secure website you want is dangerous and reckless. Look at financial institutions emails: they never include a link with instructions to follow it. They tell you to logon manually directly to the institutions' websites.
Click to expand...
Oh boy...

Yeah, I know a thing or two about computer security--that's one of many reasons I've only used *nix for 35 years. :)

I assure you that as a sysadmin, none of the UNIX/Linux systems I was responsible for ever had an iota of security problems.

Ditto for all of my home computers--Linux only, of course.

You're fundamentally misunderstanding the e-mail/link risk thing. There's no danger if the link actually leads where it's supposed to. There's only danger when it doesn't [or when the destination, like AmericanExpress.com, has been overtaken by bad guys].

Anyone can easily determine if a link is what it purports to be by hovering over it. If I receive e-mail [supposedly] from Bank of America, but hovering over its link doesn't show a bankofamerica.com URL, I don't click it. (If hovering on your OS doesn't show the URL, copying and pasting it into a browser, or text file, to view it will accomplish the same thing.)

To summarize: don't use insecure operating systems, don't follow phished links, and you're good to go. It's worked for me for 35 years! :D
 
But wasn't one of the OP's problems that hovering over a link doesn't work on Android?

Though this reminds me of one of the old email jokes that got circulated in the 90s. I've probably got a copy somewhere, but from memory it went something like:

Congratulations: you have just received the Linux email virus.
This virus operates on the honour system. Please email a copy to everyone in your address book and delete a random selection of your files.
We thank you for your cooperation.
P.S. Windows users don't need to comply because they have email viruses which will do this for them without requiring user action.
 
Hadron said:
But wasn't one of the OP's problems that hovering over a link doesn't work on Android?
Click to expand...
His comment that prompted my response: "But on a computer, I would never follow a link in an email, and then enter confidential personal information on that site."

So, no. :p :D

I remember that Linux joke! You're pretty spot-on with it. :)
 
You must log in or register to reply here.
Back
Top Bottom