Device Settings
this is the starting point here, whether you want to setup a pin code for unlocking your device (or use your finger prints with newer devices) it happens here..so it makes sense to start first with physically securing access to your device.
this will be somehow different depending on what device you have and what options it got, however the basics are the same. You need to make sure that your device can’t be unlocked by anyone other than yourself or other than people you would want them to unlock it. you can use a pattern which is easy to guess because of the trace your finger leaves behind and the pin is a little more secure followed by a password which is as secure as the strength of the password, then comes the fingerprint which is pretty much a standard in the market nowadays in mid and high range devices.
Also you need to make sure that installation of unknown apps or sources is disabled and only allow it when you know what you are doing. You may also -if your device has this option- encrypt all your files on the internal space or/and the memory card so if your device is lost or stolen, your data would be safe.
don’t forget to go through the security settings on your device and find out what features or options your device has.
Antivirus
Or let’s just call them Security apps because they do more than just defending against viruses. Your android device is a computer and a very popular one so there are a lot of malware, Viruses, and PUAs out there trying to find its way onto your device as well as spam and phishing texts. That’s why a good Security app is always a good idea. Searching the Play Store for Antivirus/Security will yield many apps and you only need one. you can read the features and reviews of each one and maybe even try a few before you find your trusty guardian, but here are a few suggestions anyway along with the ones I have tried and my favorite, ESET.
If you can afford the Licence/Premium, then that’s great and will add more security to your device. If not, then that’s OK and it’s better than nothing.
Common Sense
I’m sorry to put it that way, but if you are an idiot, then your device is as well. Visiting websites that are harmful (yes I am talking about untrusted porn sites) or untrusted might do harm to your device. Do not click on links you don’t trust, and no nothing can detect that there is a virus on your device when you are on a website and asks you to install some app to “fix” your device. Don’t fall for that.
That also goes without saying on the Play store. Don’t just go installing apps without taking the time to read reviews and the publisher reputation. There is no easy way or steps to protect your device from that except your common sense.
Updates & Vulnerabilities
You should always update your device and your apps. Your android version maybe vulnerable to some sort of attack because it is a software and like every thing else, it needs constant improvements and that’s where you will get stuck. Android is great because a manufacture can put it on basically any device and call it a day and many of those manufactures will not issue updates regularly especially if its not a flagship device. There is an app that scans your device for a number of vulnerabilities and reports to you if your device is vulnerable or not, however they are currently redoing the app with a beta version which is not yet available, but keep an eye out for it when it is.
VTS for Android
This tool was meant to show the end user the attack surface that a given device is susceptible to. In implementing these checks we attempt to minimize or eliminate both false positives/false negatives without negatively affecting system stability.
This app will help you understand how your device is vulnerable if it is. This will also help you shout to your device brand and let them now that you demand/want/need an update to fix this vulnerability.
Connections
DO NOT connect to unknown wireless networks and try not to connect to public ones. It’s easy to fake an access point (i.e. a wireless network) and sniff all the data going between your device and the internet and it can be done on a public wireless network as well. So again, use common sense and only connect to trusted networks and never do any thing important like banking and such over public or unidentified networks. If you rely on public networks and hotspots, then maybe consider using a VPN service or setup your own at home if you really want to, but a service is more easy.
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network.[1] A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunnelling protocols, or traffic encryption.
If you are going with a VPN service, then you need to find a trustworthy provider and thus need to do your homework on the matter.
In the end You have to remember that nothing in this age is 100% secure and we can only take steps to make it harder to break into. Android devices are no exception.