Mobile Security Guide: Everything You Need to Know

How to secure your Android phone or tablet

Android provides four different methods of locking your phone or tablet, which can generally be enabled by going to Settings > Security > Lock Screen (the menus vary from phone to phone).

Face unlock lets you unlock your phone using the front-facing camera on your device, but it's less secure than a pattern, PIN or password because the software can be fooled. (You can set up Face Unlock to "fail closed" to a PIN if the user is unrecognized.)

Pattern lets you draw a series of lines on a three-by-three grid; however, the security of this type of lock screen depends greatly on the complexity of your pattern. PIN and password provide potentially the highest level of security, as either numerical PINs or alphanumeric passwords can be of any length.

In August 2013, Google finally introduced the ability to remotely track and wipe your Android device, obviating the need to download third-party apps.

To activate this feature, head to google.com/android/devicemanager, select the device you want to track and click on Send notification to your device. A notification will appear in the notifications drawer of your device.

Open the notification and tap Activate to enable Android Device Manager. The options for Remotely locate this device and Allow remote lock and factory reset will be checked by default.

To remotely lock or wipe your device in case it's lost or stolen, head to google.com/android/devicemanager and click Lock or Erase on the left side of the screen.

MORE: How to Enable Android Device Manager Security

Avoiding unintentional disclosures of data is as easy on Android as on iOS, although the process varies from phone to phone.

On the Samsung Galaxy S4, for instance, simply open the Camera app, tap on Settings icon on the right side of the screen, tap on the Settings icon again at the top of the screen, and then toggle GPS tag to Off.

On the stock Android build available for Nexus phones and devices, click on the Camera app, tap the circle on the bottom right of the screen and then tap the generic "settings" icon — three sliders on a slider grid — that appears. On the following pop-up dialogue box, you can toggle "Store location" on and off.

Unfortunately, Chrome for Android doesn't boast native anti-phishing capabilities the way Safari does. To get warnings when visiting suspicious sites, you'll need to install one of the best Android antivirus apps that screens URLs. At the moment, that list includes free and paid apps from Bitdefender, Dr. Web, Lookout, McAfee, NQ and  Sophos.

In Lookout's case, for example, there's a Safe Browsing mode that validates links you've tapped in the browser (but you have to upgrade from the free to the paid version of the Lookout app). If a link looks like it leads to a malicious site, a warning will appear and the app will ask if you'd like to either block the site or proceed anyway.

Android is also more susceptible to spyware than iOS. Google curates its app marketplace much less stringently than Apple, and, as a result, fraudulent apps aiming to surreptitiously install spyware frequently appear on Google Play.

Moreover, unlike iOS, Android gives users the ability to "side load" apps from sources other than the Play Store. (To do so, you'll have to go into your Security settings and allow software installation from "Unknown sources.")

While this makes Android a more open platform, it can also render your device much more vulnerable to intrusion by spyware. In short, Android security relies heavily on the common sense of the user.

David Eitelbach is a UX writer working at Microsoft, writing and reviewing text for UI, and creating and maintaining end-user content for Microsoft Edge and Office. Before this, he worked as a freelance journalist. His work has appeared on sites such as Tom's Guide, Laptop Mag, and Tech Radar.