Everything about you is on your smartphone. Your personal details, contacts list, internet history. Mobile banking apps reveal who you bank with; your contacts list and social networks identify who you are. And then there’s the personal photos, email accounts, online shopping… the list goes on.
A device is only as secure as the person using it, and adopting good practices will always help. But when it comes to Android, there’s an important step you can take: make sure your phone or tablet (or whatever Android device you’re using) is up-to-date.
Unfortunately, thanks to Android fragmentation, this is easier said than done.
Why Mobile Security Is Important
Losing your phone, or having it stolen, can be a bit of a disaster for your personal data. Sure, there are tools like Prey, which can be used to remotely lock and wipe your hardware. If your data is backed up to a cloud drive, and your apps and settings are mirrored in the Google cloud, remote deletion shouldn’t be too painful.
But smartphone theft isn’t the only way someone might attempt to access your phone. Sure, there are plenty of physical tricks hackers might try to gain access to your phone (such as guessing your login PIN or spotting your login pattern), but mobile devices are also susceptible to remote attacks. Vulnerabilities in the operating system, apps, or even in third-party services, can open your hardware to intrusion.
One such example is the KRACK attack, which exploits a vulnerability (only discovered in 2017) in the WPA2 wireless encryption protocol. The ramifications of this are concerning: connecting to a network also used by someone exploiting the KRACK weakness will share with them all of your online transactions, including usernames and passwords.
5 Online Risks to Android
Over the years there have been several online threats to Android. Among the most notorious you’ll find:
- Android-targeted ransomware, which is malware that demands money in exchange for not reporting illegal material on your phone to the FBI.
- Clicker Trojans that increase ad revenue for criminal app developers.
- The Xavier malicious adware, which impacts Android via adverts. This 2017 attack exploits your phone’s ability to display ads.
- Fake Pokemon Go apps, capable of running Remote Access Tools on your phone, which essentially surrenders control of your device to a malicious user.
- The Pokemon Go threat is really the tip of the iceberg, with a number of repackaged apps hiding malware, and available freely on the web.
What can you do? Well, while you should install security tools, it’s also vital to ensure that your smartphone is running an up-to-date operating system. This will ensure your device is robust, and capable of resisting most intrusion attempts.
Check for Updates
One of the most important aspects of managing a computer, phone, or tablet, is ensuring updates are installed. Not only do they include enhancements to the user interface, these updates apply security fixes. In the case of high-profile security issues affecting Android, security fixes might be issued independent of the main updates.
It’s easy to check for updates on your Android device. Begin by ensuring Wi-Fi is enabled, then open Settings > About device. Tap Software Update > Check for updates, and wait as your phone checks online. (These steps may differ depending on your device manufacturer.)
If an update is available, tap Update. Follow the on-screen instructions to install the update.
If updates are found, then they should be downloaded and installed. However, it’s best to do this over a Wi-Fi network, rather than use your mobile data plan. Once the update is installed, your phone or tablet will be up-to-date.
Remember to Update Your Apps Too
Although not as important to the underlying integrity of your Android device, it is also wise to update your apps. Many developers add security fixes to their apps, and it’s a good idea to ensure the best versions of the apps you use are installed.
In the Google Play Store, open the menu, and find Settings. Here, tap Auto-update apps and ensure that the Do no auto-update apps option is not selected. Instead, use the Auto-update apps at any time… or Auto-update apps over Wi-Fi only options. As before, this selection will depend on the size of your mobile internet plan.
No Updates? Download and Install via PC
But what if there is no update?
The answer here is to head to the manufacturer’s website and check. This may take some time, so if there is a search feature, use this. Otherwise, head to the support pages and look for your phone model.
Here, you’ll find the information you need. Often, this will indicate that you need to download some manufacturer-specific device management software. These are provided to enable updates, as well as to make syncing data to and from your phone simpler.
Once installed, you’ll have two options. Either there will be an update feature built into the management tool, or you’ll need to manually download the update from the website. Whichever case applies to you, the update cannot be applied to your device unless it is connected to your PC via USB.
Unsupported Phone? Here Are Your Options
What if your phone doesn’t have any official updates available? Perhaps it’s old, or the company producing it no longer provides support. Whatever the situation, you’re unable to get those all-important security updates.
Probably the only way around this is to install a custom ROM. This is a customized version of Android, often intended to include features and user interface tweaks that the official release doesn’t. Custom ROMs are completely unofficial, but often include the updates that your phone is missing. Counter-intuitively, you’ll need to reduce your device security by unlocking the bootloader, before installing a custom ROM.
Be aware, however, that this can run both ways. Finding a ROM that tightens your security is great, but will it be maintained? ROMs that are simply left to die will not enjoy regular updates. There’s no point plugging the leak today only for another to spring tomorrow. The answer? Find a ROM with an on-going maintenance and release schedule. CyanogenMod and LineageOS are just two examples.
Case in Point: My Phone
Here’s an example. I own a Meizu Pro 5, which originally shipped with Ubuntu Touch, with the crDroid custom ROM. The reason for this is because the Meizu user interface, Flyme, feels far too much like iOS. Sadly, crDroid doesn’t have an OTA update option, which leaves it running an older, unpatched version of Android.
Unfortunately, few custom ROMs are available for the Meizu Pro 5, which was launched in 2015. At the time of writing, it is two years old.
If you do take this path, be aware that custom ROMs are typically rooted. This means that the root directory of the Android operating system is unlocked, which is a potential security risk. You’ll need to un-root your phone once the ROM is installed to maintain the system integrity. Our guide to rooting Android will help here.
How to Avoid a Lack of Updates in Future
Can’t find an update? No custom ROMs, or you’re unsure about flashing one to your phone or tablet? You’re not alone, but this does simply things somewhat. Now your only option is to buy a new Android device. But how can you do this and avoid a repeat of the scenario? Will your new Android device receive updates?
The answer is invariably “Yes” — the new Android device will receive updates. The question you should be asking, however, is “How long will my new device receive updates?”
As with many thing, this is tricky to answer. Usually, devices are supported for around two years. This means that the manufacturer will provide updates for two years after the device’s release. It may not seem long, but in that time, the same company might release half a dozen devices. In short, if you wish to ensure you have a phone that receives regular updates across its lifespan, you’ll need to buy a new phone. Typically, Sony, Google, and HTC offer support for two years. If you can find a manufacturer offering longer support, by all means try their phones.
Get the Update as Soon as You Can
Updating your phone as soon as the update is released is a good idea, but failing this, manually downloading and installing should do the trick. Rely on a custom ROM only as a last resort.
But what if no updates are available, anywhere? The smart answer, from a security point of view, would be to buy a new phone. Perhaps there is a free device upgrade available to you? Or maybe you’ve been considering a switch to a different mobile platform? Now is the time!
Have you had trouble getting updates for your Android device? Was it simple, or did you have to install a custom ROM? Perhaps your smartphone was so old you ended up swapping for an iPhone? Tell us in the comments.