ANDROID
SOME TOPICS BELOW
Theft Protection, Android 15,
Find My Device Network,
Scam Call Detection,
Photos Locked folder,
Messages,
Safe Apps,
UnSafe Apps,
SIM PIN,
Pixel Phones,
Samsung,
System Wide Ad/Tracker Blocking,
Assorted Tidbits,
Defense,
Nearby Share,
Android 13,
Android 12,
Android 10,
Multiple Users,
Chrome Browser,
Control Usage of 4G/LTE Data,
Ads, Usage & Diagnostics,
NFC, Permissions,
Pre-Installed Crap,
See Also
It is common knowledge that Apple iOS devices are safer than Android and I agree with that. One reason, is that you do not find pre-installed spyware or malware on iPhones (more below). Also, there is no consistency with Android. No expert can tell someone how to configure an Android device because they all have a different set of options. This is illustrated below in the item about factory resets after too many bad passwords.
START HERE
- Block spam calls: In the Android phone app, click/press on the three dots in the upper right corner (it is called the menu button) -> Settings. Most Android phones will have options for blocking numbers and caller ID/spam protection here, although they often go by different names.
- Set a lock screen message in the hope that a lost device is found by an honest person. Something like: If found please call 111-222-3333 or email me@somedomain.com. I use an email address that is auto-forwarded to multiple email addresses.
Android 8: Settings -> Security and Location -> Lock screen preferences -> Lock screen message
Android 9: Settings -> Lock screen -> Contact information
Android 10: Settings -> Display -> Advanced -> Lock screen display -> Lock screen message
Android 11: Settings -> Display -> Advanced -> Lock screen -> Add text on lock screen
Android 12: Settings -> Display -> Lock screen -> Add text on lock screen
Android 13: Settings -> Display -> Lock screen -> Add text on lock screen
Android 14: Settings -> Display -> Lock screen -> Add text on lock screen
- Medical Emergency: First responders are trained to look at our phones for emergency contacts and medical information. You can make information such as your blood type, medications and allergies available from the lock screen without the need for a pin or password.
- In general, search Settings for "Emergency information". There will probably be one section for Medical information and another for Emergency contacts.
- Android 12 and 13 and 14: Settings -> Safety & Emergency
- On Samsung: Phone app -> Contacts tab -> My Profile -> bottom of the page
- On Pixel with Android 10: Settings -> About phone -> Emergency information
- The steps to see this information on a locked phone will, of course, vary, as each Android phone is a snowflake. Maybe tap on the word Emergency. On a Pixel with Android 12, swipe up to enter the pin, then click on the Emergency Call button, then View Emergency info. A Pixel with Android 10 had an Emergency Information button at the top of the screen.
- More here: Emergency contacts on your phone: Set it up right now by Jason Cipriani (Feb 2020).
- If you can, get in the habit of turning off Wi-Fi when an Android phone is not at home. The Wi-Fi can leak information about you when it is not connected to a network and having it on, when not needed, drains the battery. Plus, it is yet another potential attack surface.
- More than just Wi-Fi, consider disabling 4G/5G/LTE when it is not needed. Obviously this saves bandwidth and battery usage, but it also does not cut you off from the world. A phone with no Internet connection (no Wi-Fi, no 4G) can still send and receive both phone calls and text messages.
- With any cellphone, it is good to save the many assorted identifying numbers which include: IMEI, IMEI SV, ICCID and EID. On the phone, do: Settings -> About Phone (last tested with Android 14 on a Pixel phone). On a new phone, you can look at the box it came in. Online, you can check the Google Find My Device page (google.com/android/find). See this article from Google for all the details: Find your IMEI and other Pixel phone ID numbers.
- The Google app has a new option (added October 2022) that should help you remove your personal data from Google searches. Open the app, click your profile and look for the new "Results about you" option. As of February 2023 and Android 13, it is labeled Beta. You start off doing a Google search on yourself and then it explains how to remove a result with any of your personal information.
- As of Android 13 (at least on a Pixel) you can see which apps, if any, are running quietly in the background. Swipe down twice from the top of the screen.
At the bottom of the screen will be a very short description of one of the apps and the number of running apps in a circle. See a screen shot of what it looks like. The example had only one background app, the Mullvad VPN. If you click on this information
you get a more detailed explanation. See a screen shot of that.
- You can change the default search engine. Instructions are in the Search Engine topic.
- While it is rare that a phone loses its cell connection, when it does it can be helpful to have something to compare with. Do:
Settings -> About phone -> SIM status
and take a screen shot of what normal status looks like. Among other things, this shows the Signal Strength and whether you are roaming or not. (verified on Android 12 and 14)
THEFT PROTECTION top
In October 2024, Google started rolling out three Theft Protection features for Android phones. Despite the name, they do not protect against a bad guy stealing a phone. Rather, the features do two things: lessen the monetary value of a stolen phone and protect your data on the phone. The features are part of Android 15 and they are expected to eventually make their way to Android 10, 11, 12, 13 and 14. I personally used them on Android 14 in October 2024. They should be available on phones from all manufacturers. All three options are off by default. One article said these features will also appear on a tablet, but they were not available on the Samsung Android tablet I tested.
To see if a phone has the new Theft Protection features, search the Settings for "Theft protection" or just "theft". If its there, it should be at
Settings -> Google -> All services -> Personal & device safety
1) The first feature, known as Theft Detection Lock, defends against a bad guy stealing your phone while it is unlocked. The accelerometer should detect the quick movement of the theft and fast movement away from the original location. If it does, the phone locks itself. If it makes a mistake, no big woop, just unlock it.
2) After a theft, a new Remote Lock feature is designed to let you very quickly lock the phone. Of course, the phone must be online for this to work. If the stolen phone is off-lne when this command is issued, it will be locked when it next goes back online. After the theft, you can use any Internet connected device to go to android.com/lock and give Google your phone number to lock the phone. This can be used no more than twice a day, probably to prevent some asshole friend from locking your phone all day long. After locking the phone, it unlocks as usual, so if the bad guy has the unlock PIN code, this is useless.
However ....
Articles have said that you will also need a security question to register the phone number. In my experience, on two Pixel phones in October 2024, that was not the case. Each phone required "Automatic phone verification". WTF? Google's explanation of this was useless. There was no security challenge or question. The phone number as Google stores it has no dashes and starts with a 1. I tested it and the target phone locked itself in a matter of seconds. First, however, I had to pass a CAPTCHA.
3) There is also an Offline Device Lock that should lock your phone when it is taken offline for an extended period.
October 18, 2024: Excellent article. I tested Android's new Theft Detection and learned how to properly steal a phone by Nick Fernandez for Android Authority. The author stole his wife's phone a few times, but the Theft Detection feature never kicked in and never locked the phone. In addition, he could not get the feature to trigger with the phone idle on the home screen. So, don't leave a phone unlocked on a table. And he points out a design flaw: after a detected theft, the next unlock should require both the PIN code and a biometric unlock. Excellent point. If your phone is stolen, it is suggested here to call your carrier and have them blacklist the phone's IMEI. Great idea, if you know the IMEI. Maybe keep it on paper in a wallet. Maybe keep it on your spouse's phone.
October 8, 2024: How to activate Google's newest Android security enhancements by JR Raphael for Computerworld. If the features are not on your phone, the article suggests searching system settings for "Play system update" to see if there is update available. This worked for me on a somewhat older, Pixel phone. It required a reboot. The article notes that the Remote Lock feature seems to be rolled out separately and slightly later than the other two features.
May 15, 2024: Android's theft protection features keep your device and data safe by Suzanne Frey of Google. A brief overview of many anti-theft features. Too brief to be informative. One feature prevents a stolen phone that has been factory reset from being usable by anyone but you. In theory this makes the stolen phone unsellable.
ANDROID 15 top
Android 15 was released in the middle of October 2024.
PRIVATE SPACE: From a Defensive Computing standpoint, this is the biggest feature in Android 15. From: Here's what's new in the Android 15 update for Pixel devices by Mishaal Rahman for Android Faithful. October 15, 2024. "Private Space essentially creates another profile on your phone, complete with its own apps and data that's siloed from the main profile. Apps and data in this secondary, or 'private', profile are hidden when the profile is locked - not just in the app drawer but also in Settings, the recents screen, and the notifications panel." Needless to say, the private space is opened with a password and this does NOT have to be same PIN, pattern or biometric that unlocks the phone itself. Better still, you can hide the fact that a Private Space even exists. This reminds me of a feature in TrueCrypt/VeraCrypt which hides a volume inside a volume. Excellent Defensive Computing.
PRIVATE SPACE: Android 15 will include a new security feature called "Private Space". It will be a place where we can store sensitive apps. This seems, to me, like great protection from a bad guy who has stolen your phone and can unlock it. Also good for lending an Android device to someone while keeping some apps away from prying eyes. The apps are in a new hidden-by-default portion of the app drawer that requires a second lock-screen authentication to reveal. The hidden/sensitive apps are further isolated by running on a separate profile, in effect, another Android user. Regular apps will not be able to see the hidden apps or their data. When the Private Space is hidden, private apps will not even be able to show notifications. This summary was taken from: Android 15 gets Private Space, theft detection, and AV1 support by Ron Amadeo for Ars Technica (May 15, 2024).
PRIVATE SPACE: Quoting Google: "Private space uses a separate user profile. When private space is locked by the user, the profile is paused, i.e. the apps are no longer active. The user can choose to use the device lock or a separate lock factor for private space." From The Second Beta of Android 15 May 15, 2024. The article also has a video showing the Private Space in the list of Apps.
PRIVATE SPACE: April 9, 2024: According to Lance Whitney: "The main goal behind Private Space is to prevent a thief, a hacker, or another unauthorized user who gains access to your phone from viewing certain data.". This is great and way overdue. He says it works similarly to the Secure Folder option on Samsung Galaxy phones. While you can set up a separate account for the protected apps, this is not required. He also notes that the Google Files app already has a Safe Folder feature but it only works with files, not with apps.
No more WEP: WEP is a very old security scheme for Wi-Fi networks. It was replaced by WPA which, itself, is now in its third generation. The use of WEP should have been flagged as bad long ago. Finally it will be, there is a new "allow WEP networks" toggle at
Settings -> Network & Internet -> Internet -> Network preferences
You should disable connections to Wi-Fi networks secured by WEP. It would have been better if Android also let you block WPA version 1. This does not exist, probably, because it might cause too many tech support requests. No one has used WEP for years and years but there might still be some networks using WPA v1.
There are new "cellular network security" options at
Settings -> Security & privacy -> More security & privacy
They are "security notifications" and "require encryption". You do want to require encryption for cellular connections.
SCAM CALL DETECTION top
Section added November 2024.
Coming (not so) soon to a phone near you :-)
In November 2024 Google starting rolling out a new feature - the ability to detect a scam phone call in real time, based on the conversation, and warn the potential victim.
This is their writeup: Safer with Google: New intelligent, real-time
protections on Android to keep you safe (November 13, 2024).
The feature is coming first to the Pixel, then later to other Android phones. Initially, only people that signed up to be Beta-testers will get it. The first version only works in English. By default, Scam Detection will be OFF. They did not say which versions of Android would support it.
The elephant in the room is whether Google is listening to your phone calls. They claim not to be. All the computing is done on your phone. Google says it is not sending anything to them, not a transcript, not an audio recording. Further they claim that nothing is stored on your phone, not the audio, not a transcript.
The feature will use the latest AI in the Pixel 9. However, it will eventually be available on the Pixel 6, 7 and 8 where it will use a different technology. Google says that Scam Detection looks for "conversation patterns commonly associated with scams." So, bad guys can not switch accents to avoid this.
When a call is considered a scam, there will be an audio alert, a haptic alert and a visual warning.
Scam Detection will be configured in the Phone app settings, but Google did not say what the option is called or exactly where it will be.
FIND MY DEVICE NETWORK top
Section added May 2024. Some updates July 2024.
Google made an expansion push to their Find My Device network in May 2024. The early versions of the network/app let you find devices that were connected to the Internet. The new version also lets you find off-line devices. It also lets you find disconnected earbuds, headphones and trackers that are compatible with something called
"Fast Pair". Yes, there are Android compatible trackers that do what Apple Air Tags do. Of course, it finds phones and tablets.
Off-line devices are found by tracking them all the time and reporting their recent locations when requested. Android devices use Bluetooth to scan for nearby trackable thingies. Apparently, they do this ALL the time. They send the location of any found thingies back to Google which claims the location is encrypted such that you can read it but they can not read it.
As part of finding, the Google network can also cause a lost device to play a sound. It will play the sound at full volume, even if a device is set to silent.
If the current location is not available, Google shows you the last online location.
In addition to finding, the network can also be used to lock or erase a device. It can even add a custom message and contact info on the lock screen. And, like the Google Maps tracking feature, it shows the battery status of the lost device.
- The Google Find My Device app
- The Google Find My device website: www.google.com/android/find
- You can opt out of the network using Find My Device on the web: google.com/android/find/settings/fmdn. This setting applies to all devices linked to your Google account
- If your Google account is enabled for Find My Device, then you can manage device participation using Find My Device settings on an Android device. Note that there are many settings and, at first at least, it will probably be confusing.
- Android devices are like snowflakes, each one is different. The on-device settings will probably be at
Settings -> Google -> All services (maybe) -> Find My Device
On Android 10 and 14 Pixel phones: Settings -> Google -> Find My Device
- Be ready to find a lost Android device
- How Find My Device protects your data. This article also explains how to find an on-line device and how to find an off-line device.
- April 8, 2024: 5 ways to use the new Find My Device on Android by Erik Kay of Google.
The big thing in this article is that with specialized hardware, the Pixel 8 and 8 Pro, their owners will be able to find their devices even if the lost device is powered off or the battery is dead. No mention of the Pixel 8A.
PHOTOS LOCKED FOLDER top
- The Google Photos app has a Locked Folder feature. You unlock the folder the same way the phone/tablet is unlocked, either with a PIN, fingerprint or face. Allowing a distinct password would have been a more secure design.
- The Locked Folder is locked to the phone. Photos are not backed up to the cloud. If you transfer to a new Android device, the Locked Folder is not copied. If you un-install Google Photos, the Locked Folder is deleted. Photos in the Locked Folder do not appear anywhere else in the Android system.
- The Locked Folder is only for pictures and videos. No spreadhseets allowed.
- There is only one Locked Folder
- Create the Locked Folder: Open the Google Photos app -> Library -> Utilities -> Set Up Locked Folder. After it has been created, it will be listed in the Utilities section of the Photos app.
- You can add a photo to the Locked Folder in two ways. (1) Open the locked folder and click on the plus sign icon near the top. (2) Open a picture/video in the Google Photos app and click on the three vertical dots in the top right corner. One option will be "Move to Locked Folder".
- How to Lock Down Sensitive Photos on iPhone and Android by Thorin Klosowski for Wirecutter. November 2022. Article says Locked Folders were added in Android 12, I found it available on Android 10.
- From W-2s to nudes, here's how to hide sensitive photos By Tatum Hunter for the Washington Post.
August 2022. Some phones (a Pixel 3 or a later) can save photos directly to the locked folder. In the camera app, click Photo Gallery -> Locked Folder.
- Samsung: The article above says that some Samsung models include Secure Folder. Turn it on at Settings -> Biometrics and security -> Secure folder. You can even hide the secure folder using: Settings -> Biometrics and security -> Secure folder -> Show secure folder.
- There are also apps that do this. The article above mentioned Secret Photo Vault from Keepsafe and Private Photo Vault from Legendary Software Labs
- The Google Files app also has a Safe Folder feature.
- Android 15 will have a Private Space feature that can hide/secure both apps and files.
MESSAGES top
For the default Messaging app on a Pixel phone running Android 12 or 13 or 14.
- In the app: click on the Google account icon in the top right corner of the screen -> Messages settings -> Help improve messages OFF
- In the app: click on the Google account icon in the top right corner of the screen -> Messages settings -> Spam protection ON
- To have a different notification sound for Text Messages:
Settings -> Apps -> Pick the Messages app to see its App info -> Notifications -> All default settings notifications ON ->
Incoming messages -> Show notifications ON -> set to Default rather than Silent -> Sound -> pick a sound.
- Another click stream for configuring a different notification sound for Text Messages:
Open the Messages app -> Click on the Google account icon in top right corner -> Messages settings -> Notifications -> All Messages notifications ON -> Incoming messages -> Show notifications ON -> verify its set to Default rather than Silent -> Sound.
- If you want to insure that you never miss an incoming text you can configure the notification sound to be one that plays longer than a couple seconds. Or, you might want to chose a particularly loud sound. To use your own notification sound after doing the above: My sounds -> plus sign in bottom right corner -> browse either Google drive or local files using File Manager. Once you select a sound file this way, it will remain in the My Sounds section.
- NOTE: If you reply to a text and then receive a reply to your reply, the reply to your reply makes no sound at all. Bug? Feature?
SAFE APPS top
- The developers of GrapheneOS have two open source, privacy focused apps: Secure Camera and Secure PDF Viewer. The PDF viewer does not require any permissions at all. See: GrapheneOS brings its privacy-conscious camera and PDF viewer apps to the Play Store from xda-developers.com (March 2022).
- An organization with privacy friendly apps is the SECUSO Research Group. They offer over 30 apps including Notes which does both text and audio. The notes are on just one device, there is no synching over a network to other devices. Their WiFi manager turns Wi-Fi off when you are not at home.
- Exodus Privacy is an excellent resource to learn about the trackers and permissions in Android apps (both how many, and which ones). It is available both as a website and as an Android app. As an app, it will scan all the other apps installed on the Android device. If you like baseball, beware that the MLB app is a cesspool of spying with 16 trackers. The CNN app has 14.
- The F-Droid app store is free and open source. Likewise, all the apps there are also free and open-source. Apps with ads or tracking are clearly labeled as such. No account is needed to use F-Droid.
- For not spying on you or phoning home to Google or Facebook, Michael Bazzell at one time recommend the Simple Apps at simplemobiletools.com. Also, no ads. Their apps include: Picture Gallery, file manager, notes, calculator, app launcher music player, draw, dialer, voice recorder, flashlight and SMS messenger. But, in December 2023, the apps were sold to a company that specializes in monitization. They now have both ads and subscriptions. Brutally expensive subscriptions. See Android app maker Simple Mobile Tools acquired by ZipoApps by Brad Linder (December 3, 2023). Linder notes that you can still get pre-acquisition versions of the Simple apps. Also, the F-Droid versions may remain clean. See also the REDDIT posting: SimpleMobileTools was Sold - Alternatives from December 2023.
- appcensus.io evaluated Android apps and reported on the data they phoned home with. When I looked at the site in Feb. 2020, it seemed to have been abandoned. I checked again in January 2022 and they were transitioning from an academic research project to a commercial service. So, still not available.
UNSAFE APPS top
There are many reasons, shown below, to access a service, when possible, using its website rather than its mobile app.
If you use a website often, you can make an icon for it that looks just like an app icon.
- As a rule, a website can not spy on you as much a mobile app. This is especially true when apps have their own in-app web browsers. Some apps, like Instagram and Facebook, use their in-app browser to inject JavaScript code into third party websites. This JavaScript comes with potential security and privacy risks. For more on this see iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser by Felix Krause (Aug 2022) and iOS Privacy: Announcing InAppBrowser.com - see what JavaScript commands get injected through an in-app browser also by Felix Krause (Aug 2022).
- In addition, there is a Private Mode in all web browsers that apps do not have. Private mode can insure that a website does not save anything locally on the phone/tablet. If you have a Chromebook, then there is also Guest Mode which is even more private than Private Mode in its guarantee that no data is saved locally. The downside of Private Mode is having to enter the userid/password every time.
- Websites do not take up any storage space, especially when using Private Mode.
- With apps, you never know if data is being encrypted or not, with a browser you do know.
- Apps can run constantly in the background a condition that can be hard/impossible to audit. With websites, when you close the tab/browser they are gone (some browsers have options about this).
- Some apps that might be best used as a website are Facebook, Instagram and TikTok
SIM PIN top
If your phone is lost or stolen, bad guys in possession of the phone can remove the SIM card, put it in another phone and make calls with your phone number. A SIM PIN is designed to prevent this. It is, basically, a password to access the SIM card. The fist time a protected SIM card is put into a phone, you must enter the PIN to get access to the SIM card. The PIN code is also required when your phone reboots, perhaps after installing firmware updates. You can also PIN protect an eSIM. You may need to contact your cellular provider to set it up.
- How to enable SIM lock on your Android phone by Abubakar Mohammed for Android Police. Updated Jan 5, 2023. The SIM card lock has been on Android phones for years, but many people are unaware of the feature. Setting up a SIM card lock requires you to enter the default passcode set by your operator. The default number should be on your SIM card packaging. Use the search box in the Settings app to search for "SIM lock" to enable it. You can also enable SIM lock if you have an eSIM.
- What is a SIM PIN code and how to unlock a SIM card with a PIN? by Jerry Hildenbrand for Android Central. November 2020.
PIXEL PHONES top
- The safest Android phones are the Pixel line from Google which is updated at the start of every month with bug fixes. This was already my opinion, when famous security expert Alex Stamos said the same thing on the This Week in Google podcast (Nov 30, 2022 episode). Pixel phones are also less likely to come with pre-installed bugs, malware and/or spyware. My guess is that Pixel phones purchased from Google will be safer than those from a cell company.
- TLDR: the most important Defensive Computing lesson from this story is to only buy Pixel phones.
March 17, 2023: A huge security vulnerability affects Android phones with an Exynos modem made by Samsung. Does your phone have a vulnerable modem? Not easy to find out, but surely a lot of Samsung phones. Also the Google Pixel 6 and 7. Google top techies found 18 bugs in the modems, 4 of which are considered critical. To hack your phone, a bad guy just needs to know your phone number. Period. Google told Samsung and waited their usual 90 days before telling the public. The Samsung response has been poor. They fixed one or two of the bugs, but that is very different from owners of Samsung phones having the fixes actually installed. Very different.That said, some reports say a fix for the Pixel 6 has been released, some say no. The Pixel 7 has been fixed. More: Google tells users of some Android phones: Nuke voice calling to avoid infection by Dan Goodin for Ars Technica. And, Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems by Google Project Zero. Oh, and the temporary work-around may disable a phone's ability to make calls.
- Starting with the 8 series (8, 8A, 8 Pro) Google offers 7 years of bug fixes. No phone (as of mid-2024) offers longer software support. Below is the software lifespan of assorted Pixel models. This was taken from Learn when you'll get software updates on Google Pixel
phones from Google and endoflife.date/pixel
The Pixel 9 (all models) gets 7 years of security bug fixes - until August 2031
The Pixel 8a gets 7 years of security bug fixes - until May 2031
The Pixel 8 and 8 Pro get 7 years of security bug fixes - until October 2030
In December 2024, Google extended support for
the Pixel 6, 7 and Fold from 3 to 5 years
The Pixel Fold gets security bug fixes until June 2028
The Pixel 7a gets security bug fixes until May 2028
The Pixel 7 and 7 Pro get security bug fixes until October 2027
The Pixel 6a gets security bug fixes until July 2027
The Pixel 6 and 6 Pro get security bug fixes until October 2026
The Pixel 5a reached End-of-Life in August 2024
The Pixel 5 reached End-of-Life in October 2023
- Fix a Pixel phone that won't charge or turn on from Google
- Repairs: Clearly, information is scattered all over the place. Typical Google. Get your Pixel phone
repaired (at support.google.com), Get your Pixel repaired (at store.google.com), Learn more about the repair process,
Hardware Warranty Center and finally
Repairs, replacements & warranties
- FYI: Pixel Phones home page at store.google.com
- FYI: using a Pixel phone: illustrated Pixel Guidebook from Google.
- FYI: Compare specs of different Pixel models: Which Pixel phone is right for you? from Google
- FYI: Pixel phone hardware tech specs from Google
- FYI: The main Pixel Phone Support page from Google
SAMSUNG top
- May 23, 2024: A warning to anyone with (or thinking of buying) a Samsung phone: Samsung Requires Independent Repair Shops to Share Customer Data, Snitch on People Who Use Aftermarket Parts, Leaked Contract Shows by Jason Koebler for 404 Media. The first paragraph: "In exchange for selling them repair parts, Samsung requires independent repair shops to give Samsung the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops, according to a contract obtained by 404 Media. Stunningly, it also requires these nominally independent shops to 'immediately disassemble' any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to 'immediately notify' Samsung that the customer has used third-party parts."
- Samsung has a Secure Folder feature that lets you store apps, photos, videos, documents, etc in a password protected area. You lock the files/apps with either a fingerprint, PIN, or password. It should NOT be the same thing that unlocks the phone itself. A Samsung account is required. If the app is not pre-installed, you have to get it from the Samsung Galaxy Store. It is not available from the Google Play Store. The app is available for Android 12 and later (maybe earlier too?). By default the apps/files are stored on-device only, they can be backed up, but only to Samsung. For more see What is Samsung Secure Folder and how can you make the most of it? by Mitja Rutnik for Android Authority. May 15, 2024. Sections of the article: How to add files and apps to the Samsung Secure Folder,
How to back up Samsung Secure Folder data, How to hide Samsung Secure Folder on your device and change the icon and How to customize the Secure Folder icon.
- August 2021: Samsung Galaxy phones have an 'SOS Messages' feature that will sent texts to your emergency contacts, make phone calls and more, all at the touch of a button. Takes a bit of setup. See How to Send SOS Messages from a Samsung Galaxy Phone by Joe Fedewa for How To Geek.
- January 2020: Anyone with a Samsung phone, should go into the settings for the Samsung Pay app and turn on the "Do not sell" option. Samsung users also need to be aware that Samsung has their own spying and tracking as per: Galaxy users, take note: Samsung's probably selling your data by JR Raphael for Computerworld.
SYSTEM WIDE AD and/or TRACKER BLOCKING top
- Private DNS on Android 10, 11 and 12, Private DNS is a single OS setting that changes the DNS server system-wide, for all Wi-Fi and 4G/LTE networks. It uses DoT for encrypted DNS. You can combine this with DNS based ad and tracker blocking to get blocking without having to install an app or define a VPN. The really amazing aspect of this is that it works even in combination with a VPN (I tested four VPNs). My preferred DNS blocker is nextdns.io (more below). You can also use AdGuard by specifying dns.adguard.com or dns-family.adguard.com.
-- Note that Private DNS on Android 9 works a bit differently from Android 12, 11 and 10, when it comes to VPNs. By default, an active VPN on Android 9 will impose its DNS servers and the Private DNS setting will be ignored.
-- Private DNS does not exist on Android 8 or earlier. These older versions require changing DNS settings for each Wi-Fi network and again for 4G/LTE. You will need to install an app that, no doubt, will create a phony VPN just to get control over DNS.
- For DNS based blocking, I suggest nextdns.io. The number of features is extensive, but the documentation is poor, so expect it to take some time to get up to speed. Sign up for a free account. Tweaking of the block rules can be done at any time. Make a note of the DNS over TLS hostname, it will be something like abc123.dns.nextdns.io. Turn on Private DNS in Android and set the DNS over TLS hostname as the "Private DNS provider hostname". Extra credit: identify the device in the (optional) logs by using a name like harveyphone-abc123.dns.nextdns.io as the hostname.
- As of November 2022, the DuckDuckGo Privacy browser is more than just a web browser. The app also offers free system-wide tracker blocking. It is currently in Beta testing. They refer to this as "App Tracking Protection" and it uses a local VPN connection, which means that it works entirely on your device without sending data to DuckDuckGo. The flip side of this is that this feature can not be used when a VPN is connected. VPN apps can be installed, but they can not have an active VPN connection when using the DuckDuckGo tracker blocking feature. See App Tracking Protection Beta is Now Available to All Android Users.
As of May 2023, the tracker blocking feature is still in Beta. I gave it a try and was very impressed. It even tells you the type of data that each app was trying to collect. I was also impressed with the web browser itself. More: Your Android apps are tracking you. Here's how to stop them by Jack Wallen for ZDNet (May 10, 2023). Some apps will not function if you block their spying. This is discussed here: How to disable DuckDuckGo App Tracking Protection for a specific app on Android by Jack Wallen for ZDNet (May 19, 2023).
As of December 2023, App Tracking Protection is out of beta.
- TrackerControl is an Android app that allows you to monitor and, maybe, control the hidden data collection in Android apps. It is free and open source and from the University of Oxford in the UK. It installs as a VPN so you can not use it while a real VPN is active. All the processing takes place on your Android device, the creators of the app know nothing about your activities. The version of the app in the Play store is a lite version that only reports on trackers. Google will not let them put an actual blocker in the Play store. The full version, that does block trackers has to be sideloaded. More: How to Monitor and Block Ad Trackers on Android by Jordan Gloor of How To Geek (Dec 2021)
- The Blokada ad blocker is free, open source and not allowed in the Play Store. Google profits off ads, so they do no like ad blockers in the Play Store. Thus, you have to side load the app. It installs a VPN, but only to enable the intercepting of all DNS requests. It is not a real VPN and it can not run alongside a real VPN. It may also block some trackers. Great feature: customized white and black lists. Blokada also offers a paid VPN in the Play Store, see the VPN topic for details. More: How Blokada works and Blokada Help.
- The Lumen Privacy Monitor spies on the apps that spy on you. It seems to have been abandoned, but I found it functional on Android 9 and10. It was/is from the International Computer Science Institute at UC Berkeley. It is not a VPN, but it installs as a VPN and thus can not run alongside a real VPN. It shows all the domains an app calls out to and lets you block them just for the one app or system-wide. It also shows how often an app uses HTTPS vs. HTTP. Although it identifies ad/tracker domains, it does not block anything by default. It reports on data leaks, showing both the type of data that was leaked and which app leaked it. It intercepts TLS, a feature that requires you to install their certificate. There is no one list of blocked domains, so when a blocked domain stops an app from working, ugh. It does not replace or encrypt DNS. It phones home as part of the research project. Website
haystack.mobi.
ASSORTED TIDBITS
- In the Android Google app, click on the circle in the top right corner (with either your initial or picture), then click on Your data in Search. This brings up a number of Google search configuration options, such as saving web and app activity, personalized search results, app info from your devices and more. Customize to your liking.
- A big reason for Android's security problems are the lack of bug fixes. Most Android devices are shamefully vulnerable both because fixes are late in being issued (if they are ever issued) and then late in being installed. Before buying an Android phone try to find out when bug fixes for it will be released. Lotsa luck. The correct answer is once a month which is what Google does for their Pixel phones. Better still, try to find out when the last bug fixes for the phone will be issued, that is, when the software will be abandoned. You may not get an answer to either question.
- Annoyance: There is no solution to this problem. Press the power button to put the device to sleep. A couple seconds later press the power button again and you have to re-enter the PIN code despite the very short sleep time. As of Android 12, there is no configuration option that controls this. Smart Lock comes close, but it is not a real solution.
- What is OFF? There are options for both Wi-Fi and Bluetooth that let apps turn them on even when you have turned them off. Why? The better to locate you, my dear. If you don't want to be spied on, then turn these off. If you are a parent, wanting to track to location your child, turn them on in the child's phone.
- On Android 10 the option for "Wi-Fi scanning" allows apps and services to scan for Wi-Fi networks at any time, even when Wi-Fi is of. The Android 10 "Bluetooth
scanning" option also allows apps and service to scan for nearby devices at any time, even when Bluetooth is off. Find both settings at: Settings -> Location.
- Android 12: the settings are at: Settings -> Location -> Location services
DEFENSE top
- Only install apps from the Play store (miserable name for the app store). Do not use side loading (aka sideloading) to install apps from outside the Play store. Side loading is OFF by default. Also, do not install apps that come to you via Telegram or WhatsApp messages. If you must sideload, APK Mirror is a trustworthy source.
Android 8 and 9: Settings -> Apps & Notifications -> Advanced -> Special App Access -> Install Unknown Apps. For each app capable of sideloading, it will say "Not allowed" by default. Again, this is the safe setting.
- Every now and then turn the phone/tablet off and then back on a minute later. While every operating system benefits from a clean boot/startup, if you are targeted by bad guys, certain malicious stuff might be removed when the device is powered off. It is not a perfect defense, but the NSA recommends rebooting/restarting a phone every week. Reboots to install bug fixes count. More: Turn off, turn on: Simple step can thwart top phone hackers by AP News (July 2021)
- Disable some pre-installed certificates. I have never seen this advice suggested anywhere, perhaps because it is hard to understand. I will skip the explanation, other than to say that pre-installed certificates are used to trust software and websites. But these certificates come from hundreds of companies that no one knows who they are. So, maybe disable some certificates from China. Just do these one a time in case it breaks something. Search Settings for "Encryption and credentials", then "Trusted credentials". Among the companies that created these certificates/credentials you may find the Hong Kong Post Office (Hongkong Post), China Financial Certification Authority, Chunghwa Telecom Co., Ltd. and
GUANG DONG CERTIFICATE AUTHORITY CO., LTD. Which of the hundreds to disable? Dunno. I have never seen an article about this.
As per this November 2022 article in the Washington Post, I also disabled three entries for TrustCor Systems S. de R.L. See screen shot.
NEARBY SHARE top
This is Google's version of AirDrop. It transfers files and/or apps. It started rolling out in August 2020. Originally called Fast Share, then called Nearby Sharing and finally Nearby Share. Nearby Share works with Android devices running version 6 and later, and with Chromebooks. When it was first released, Google blogged about it.
To turn Nearby Share off: Settings -> Google -> Devices & Sharing -> Nearby Share. I verified this on Android 10 and 12.
After reading this August 2020 article, it seems too complicated to setup, too complicated to use and miserably documented. My guess is that it will be ignored.
Technologies: It requires Location Services and Bluetooth to be enabled. It can make transfers even when devices are not on-line. It automatically chooses one of these protocols: Bluetooth, Bluetooth Low Energy, NFC, WebRTC, UWB or peer-to-peer WiFi. It is said to use Bluetooth for device discovery. I found conflicting information on how data is transferred. One source said it uses Wi-Fi Direct. Another source said it will only work when devices are very close together, perhaps just one foot, which is not true of Wi-Fi direct.
Configure: You can configure Nearby Sharing so that a device is either hidden, visible to some contacts, visible to all contacts , visible to just your own devices or visible to everyone in the world. Visible to everyone can be enabled on a temporary basis. Originally, the recipient had to approve any transfer before it happens. As of September 2022, if you are transferring something between devices that are logged into the same Google account, then the recipient does not have to approve it.
Google seems to be spying on your sharing activity. In this September 2022 article, How we're making it easier to share files with nearby devices someone from Google was asked about sharing between devices using the same Google account. The response: "... this is one of the most common ways people use Nearby Share."
ANDROID 13 (released August 2022) top
- There is a new Active apps button in the Quick Settings menu (at the bottom) which shows currently running apps and makes it easy to stop them.
- Android 13: 6 settings to update immediately by Jon Gilbert of Android Police (Aug 2022). Bilingual Android users can now set the language on a per-app basis, if the app supports it. Shrink the huge clock on the lock screen.
- There are little to no improvements in version 13 when it comes to privacy or security or defense against anything.
- The Privacy Dashboard, introduced in Android 12 covered only 1 day. In Android 13 it covers a week
- See the main Google page for more on Android 13
ANDROID 12 top
- When first setting up a new copy of Android 12, you may be asked to improve the messaging app. Say no.
- Android apps can auto-update but on every Android device I have used that option defaulted to off. To enable it: Play Store -> click on your picture or initial in the top right corner -> Settings -> Network Preferences -> Auto-update apps. While there, you may also want to change the Auto-play videos setting.
- Also in the Play Store Settings, in the General section, is an option, App install optimization, that sends data to Google. Maybe turn that off.
- A new feature lets you quickly cutting off access to the camera and/or microphone system-wide. However, the buttons for this are not in the Quick Settings by default. To add them: swipe down from the top of the screen with two fingers to bring up Quick Settings. Then click on the pencil (bottom left) and tap and hold and drag up the buttons for Mic access and Camera access.
- There is a new Privacy Dashboard screen that shows which apps are using assorted permissions and how often they use them. See it at Settings -> Privacy -> Privacy dashboard.
I suggest checking this periodically. Unfortunately the report only covers the last 24 hours. And, its pretty lame. Still, it does let you revoke permissions that you find apps were using. It just doesn't tell you this - long press on an app in the report that used a permission.
- Settings -> Privacy -> turn on Show clipboard access to see when apps access copied data. Maybe turn off "Personalize using app data" which allows apps to send data to the Android system. Exactly what this means is not clear to me, but any personalization infers spying. Turn off "Usage and diagnostics" which is definitely spying.
- Settings -> Display -> Lock screen -> Turn off the Show wallet option.
- There are six different Location services. Review them and adjust as you see fit. They are at Settings -> Location -> Location services. The Google location accuracy is sneaky, as it lets the phone use WiFi even when WiFi is off.
- Turn off the option to send usage and diagnostic data to Google at: Settings -> Privacy -> Usage and Diagnostics
ANDROID 10 (AKA Q) top
- When an app asks for access to location data, there is a new option to only allow this while the app is in use
- There is a new Privacy section in system Settings
MULTIPLE USERS top
Android 10, 11 and 12 devices (not sure about v9) support multiple userids, including a Guest user. The feature is off by default. Google says: "Each user has a personal space on the phone for custom Home screens, accounts, apps, Settings and more." The Guest user can be blocked from making phone calls. On a Pixel phone running v11: Settings -> System -> Advanced -> Multiple users. DO NOT USE THIS. The messaging app is buggy when logged on as a secondary user and Google is not prepared to accept bug reports from normal people (me). This feature is clearly not a priority as the bugs I found were very obvious. Google says text messages are not shared between users, this is not true, they are shared.
CHROME BROWSER top
Configure by pressing the three vertical dots in the top right corner -> Settings
- Site Settings -> Motion sensors -> Off. By default the Chrome browser has access to the accelerometer (aka motion sensors). This can be used to spy on you and offers no benefit. Verified Nov. 2021 on Android 10 and 11.
- Privacy & Security. Turn on Always use secure connections and Secure DNS. For a DNS provider use NextDNS or Quad9. Turn off Access payment methods and Preloading pages. Turn off Privacy Sandbox trial features.
- Downloads -> Turn on Ask where to save files
- Site settings -> Cookies. Either Block third-party cookies all the time (will break some websites) or only in Incognito mode.
Browsers: There are many available web browsers for Android, such as Firefox and Brave. The Kiwi Browser supports most chrome desktop extensions. It also blocks ads and trackers.
CONTROL THE USAGE OF 4G/LTE/5G DATA top
STEP 1: You can ask to be warned about mobile data usage after a megabyte (MB) or gigabyte (GB) amount you specify. You can also prevent any Mobile data over a certain amount which is probably a good idea for a child but not for an adult. What is not at all obvious is how you set the end date of your monthly cycle. On the Data warning & limit screen click/press on "Mobile data usage cycle" (as of Android 14). If your monthly billing cycle ends on the 7th day of the month, set this value to 8. To get there on a Pixel device:
- Android 14 alternate path: Settings -> Network & internet -> SIMSs -> Click on the name of your data provider -> Data warning & limit
- Android 12,13,14: Settings -> Network & internet -> Internet -> Gear icon next to your 4G/5G data provider -> Data warning & limit
- Android 11: Settings -> Network & internet -> Mobile network -> Data warning & limit
- Android 10: Settings -> Network & internet -> Mobile network ...
STEP 2: You can see the apps using the most mobile data with the click streams below. On a Pixel phone the section is App data usage. On another Android phone, try searching the Settings for "Mobile data usage". Better yet: there is a widget for this. To add it: Long press a home screen -> Widgets -> Settings -> drag the widget to a home page -> Data usage. Last verified on Android 14.
- Android 14 alternate path: Settings -> Network & internet -> SIMSs -> Click on the name of your data provider -> App data usage
- Android 12,13,14: Settings -> Network & Internet -> Internet -> Gear icon next to your 4G/5G data provider -> App data usage
- Android 11: Settings -> Network & internet -> Mobile network -> App data usage
STEP 3: Finally, you can prevent a data hogging app from using mobile data while it is running in the background. In the list of apps generated above in Step 2, click on an app and there will be an option to turn off "Background data".
One thing to learn from Jeff Bezos having his iPhone hacked is to periodically check the data used by the apps on your phone. Android reports Wi-Fi usage separately from 4G/LTE usage. Below are from Pixel phones. Another option is to search the Settings for "data usage".
Android 13: Settings -> Network and Internet -> Internet -> Non-carrier data usage
Android 10: Settings -> Network and Internet -> Wi-Fi -> Wi-Fi data usage -> see example. And, Mobile network -> App data usage -> see example.
Gboard is the Google Keyboard app. If it is installed, go to Settings and search for Gboard. Turn off the "Share usage statistics" option. This sends keyboard usage statistics to Google. Maybe also disable the "Improve Gboard" option.
Stop the phone from listening to you:
Disable the Hey Google command, which invokes Google Assistant. You have to be online when you do this.
- Android 12: search Settings for "Hey Google"
- Android 10 and 11: Settings -> Google -> Account Services -> Search, Assistant and Voice -> Voice -> Voice match -> Hey Google -> turn off
- To see what else is allowed to listen to you, search in the Settings app for "Microphone". Some apps are allowed all the time, some only when in use and others are always denied. Review each list to see that it makes sense to you.
ADS top
Note: These click trails are from Pixel phones.
- Android 14 and 15: Settings -> Security & Privacy -> Privacy (or Privacy Controls) -> Ads -> Delete advertising ID
Also in the Ads section -> Ad Privacy -> configure as needed
- Android 12: Settings -> Privacy -> Ads -> Delete advertising ID
- Android 10 and 11: Settings -> Privacy -> Advanced > Ads. Turn on "Opt out of Ads Personalization". Or, it might be at: Settings -> Google -> Ads. While there, also click on "Reset advertising ID".
- Android 8 or 9: The Ads Personalization option may not exist, so try searching in Settings for "ads".
- A January 2020 report from the Norwegian Consumer Council points out that there is no OS enforcement of your opting out of personalized ads, it is up to each app to honor this request. So, a scam.
USAGE & DIAGNOSTICS top
Turn off the option to send usage and diagnostic data to Google.
- Android 14: Settings -> Security and Privacy -> More Security and Privacy -> Usage and Diagnostics -> OFF
The Google keyboard, Gboard has similar settings. I could not find the click trail for it, so:
Search Settings for "gboard" -> Click on "Share gboard" -> Privacy (underneath) -> turn OFF these options: Share usage statistics,
Improve for Everyone, and Audio Donations
- Android 12: Settings -> Privacy -> Usage & diagnostics -> turn it off
- Android 10 and 11: Settings -> Privacy -> Advanced -> Usage & diagnostics -> turn it off
AUTOFILL
This ease-of-use feature lets Google save still more information about you. Turn it off.
- Android 10, 11 and 12: Settings -> Privacy -> Autofill service from Google.
NFC top
Near Field Communication is used by Google Pay. Maybe you need it, maybe not. Turning it off is the safer default. If you do need it, the option below makes it safer.
- Android 12: Settings -> Connected Devices -> Connection Preferences -> NFC -> turn it off
- Android 12: If you want to use NFC, turn on the option "Require device unlock for NFC" which only allows NFC when the screen is unlocked. It is at
Settings -> Connected Devices -> Connection Preferences -> NFC
To change the default app for a function: Settings -> Apps -> Default Apps (as of Android 12)
PERMISSIONS top
- By app: If you have nothing to do for a month, you can check and change app permissions. Android 12: Settings -> Apps -> See all apps -> click on an app to see/change its permissions
- By permission: Settings -> Privacy -> Permissions manager
- One common permission to block is to not give the Camera app access to your Location. On some Android devices, camera apps have their own GPS setting. To see if a photo has location info, view it in the Google Photos app and swipe up. The Google Photos app can strip location info from a photo before you share it: Open the Google Photos app, click the hamburger menu in top left -> Settings -> turn on Remove geo location. This only works in the Google Photos app.
Notification History: Just an FYI. Android 12 (and earlier?) can store old notifications. See: Settings -> Notifications -> Notification History. From here you can turn the feature on/off, and, if its on, see old notifications.
Hard of hearing? In a noisy place? Some Android phones can do live captioning of detected audio. Android 12: Settings -> Sound and Vibration -> Live Caption. As of September 2022, this only works in English.
Poor eyesight? You can make text larger. Android 12: Settings -> Display. The Font Size option applies to text. The Display Size option applies to everything, including icons and menus.
Storage: To see the apps using the most storage on a Pixel running Android 14 (and also Android 12): Settings -> Storage -> Apps.
You may be able to set an Android device to erase all data after too many failed attempts to enter the PIN/passcode. On one Android 10 device: Settings -> Lock screen -> Secure lock settings -> Auto factory reset (after 15 bad passcodes). However, other Android devices I checked (an Android 11 phone, two Android 10 tablets and an Android 8 tablet) had no option for this at all. I have read that it might be at Settings -> Security & Location -> Screen lock.
BACKUP
The Android Play Store allows many apps to share the same name. Before installing an app, check who created it, to insure it is really the app you think it is.
The Jumbo Privacy + Security app increases your privacy on Facebook, Twitter, Amazon, Google and Alexa. It adjusts Facebook privacy settings, deletes old tweets, erases Google Search history, deletes voice recordings stored by Alexa and more. As of Jan 2, 2020 it was rated 687 times in the app store with an average rating of 4.8 (very high). More here and here.
As bad as it gets: Millions of Android phones can be hacked. Original source: Over 400 vulnerabilities on Qualcomms Snapdragon chip threaten mobile phones' usability worldwide from Checkpoint (August 2020). This research was dubbed "Achilles" no doubt because it is an Achilles Heel for Android. Checkpoint found about 400 bugs in a DSP chip from Qualcomm that is used in phones from Google, Samsung, LG, Xiaomi, OnePlus and others. iPhones are not affected by these flaws. If the bugs are exploited, you can be spied on or lose all your data. More here.
PRE-INSTALLED CRAP top
Cheaper Android phones are the worst when it comes to pre-installed crap. None of this happens on iOS, a big advantage to the way Apple does business.
- Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices by Fyodor Yarochkin, Zhengyu Dong, Paul Pajares of Trend Micro. May 17, 2023.
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023. Sadly, the researchers do not name names, so there is nothing useful here for Defensive Computing. Other than avoiding cheap Android phones. Even the Indicators of Compromise are useless.
- Chinese-Made Smartphones Are Secretly Stealing Money From People Around The World by Craig Silverman for Buzzfeed (Aug. 2020). Preinstalled malware on low-cost Chinese phones has stolen data and money. The malware, xHelper and Triada, secretly downloads apps and attempts to subscribe the victim to paid services. A factory reset does not remove the malware. The phone cited was a Tecno, made by Transsion, which is the fourth-biggest handset maker in the world, behind Apple, Samsung, and Huawei. The article cites other cases of pre-installed malware on Android phones.
- We found yet another phone with pre-installed malware via the Lifeline Assistance program by Nathan Collier of Malwarebytes (July 2020). The phone was from ANS (American Network Solutions).
- US Funds Free Android Phones For The Poor - But With Permanent Chinese Malware by Thomas Brewster (Jan 2020). Malware discovered by MalwareBytes. No comment from the FCC or Assurance Wireless, which made the phones.
- In An open letter to Google, over 50 organizations plead with
Google to do something about exploitative pre-installed software. (Jan 2020) The letter references this research paper: An Analysis of Pre-installed Android Software (2019).
- A Nov. 2019 report from Kryptowire looked at pre-installed threats (bugs and vulnerabilities) on phones sold by US carriers. They looked at a range of Android devices, from low-end to flagship. See also their Mobile Vulnerability Analysis) (PDF).
- Backdoor found in four smartphone models (Catalin Cimpanu June 2019). An un-removable backdoor Trojan was found in four low end Android phones.
LOCKING
- To lock an Android device, a password/passcode is more secure than a fingerprint or your face. In the US, the government can not compel you to reveal the password. The longer the password/passcode, the more secure.
- A different type of locking is to lend a device to someone but limit them to only run one app. See How to Safely Lend Someone Else Your Phone by David Nield for Wired (July 2022). The article does not refer to a version of Android, but 12 was current when it was written. The feature the article describes is App Pinning. On older versions of Android this was called Screen Pinning.
Periodically review the list of Wi-Fi networks your mobile device has previously connected to and remove those you no longer need.
FYI: The Settings That Make Smartphones Easier for Everyone to Use
by J. D. Biersdorfer (September 2022). The accessibility features Apple and Google include in their mobile software can help people of all abilities get more from their devices.
GETTING RID OF OLD ANDROID DEVICE
Note that you can not restore a backup from a higher Android version to a device running a lower Android version.
If your phone needs fixing, make sure your secrets are safe first by Chris Velazco in the Washington Post (October 2022). To maintain control of your phone number, remove the SIM card and put in another phone. If the phone has an embedded SIM, call your wireless carrier to discuss the options. As for a repair person having access to your files, the only way to be sure to block them is to delete all the files before you hand your phone over.
Take Google out of Android: The January 14, 2022 episode of the Privacy Security and OSINT podcast, by Michael Bazzell, was on Android Sanitation, which means removing Google apps and services from Android without having to resort to custom ROMs, unlocked boot-loaders, or rooted devices. The technique uses Android Debug Software running on a computer, not on the phone.
ANDROID ARTICLES
- Android privacy settings to change now by Chris Velazco and
Tatum Hunter. Last Updated October 2022.
- How to enhance privacy on your Android phone by Manuel Vonau for Android Police (December 2021). Long article with many suggestions.
- How to stay private when using Android by Ludovic Rembert for ProtonMail (Dec 2019). 14 suggestions.
- 9 Apps to Boost Your Phone's Security and Privacy by David Nield in Wired (Aug 2016).
Access Dots shows if an app has secretly enabled the camera or the microphone. Norton App Lock password protects apps. Authy for 2FA. Firefox Focus for private browsing.
Re-purpose an old phone or tablet into a security camera with Alfred Home Security Camera. And more.
The simple question, does an Android device have the latest available bug fixes, is far too hard to answer. iOS does this much better.
- Finding the right place in the Settings to check for OS updates has always been like navigating a rat maze
- For years the initial screen has lied to us and said that the device is up to date on patches/bug fixes. Many times, it said it last checked hours ago, yet when I clicked on the CheckForUpdates button, it found a missing update (last verified Feb. 2020 with a Pixel 3A running Android 10).
- Android is not honest enough to admit when the software has been abandoned. That is, when there are no more bug fixes being issued because the software is too old. Like iOS, Android lies and tells you the software is up to date. This October 2019 tweet by Will Dormann has examples.
SEE ALSO top
- Also see the Satellite Communication topic for the various options for communicating when there is no cell service and no Internet access.
- Also see the Android Alternatives topic
- Also see the Batteries topic
- Also see the Stalkerware topic
- Also see the Bluetooth topic to change the default public Bluetooth device name
- Also see the Location Tracking topic
- Also see the Mobile OS Spying section which has some privacy focused Android alternatives.
- Also see the Mobile Scanning and Sharing topic