Android devices are getting safer all the time, but they still have a long way to go before they catch up to the standards of Apple's iOS. That's because while Apple assumes responsibility for iOS device security, Google farms out much of that responsibility to device makers, wireless carriers and, well, you. And if you don't want to be the weakest link in your Android device's security, here are several steps you need to take.
"Off-road" unauthorized app stores are wretched hives of scum and villainy. Like the Mos Eisley cantina, they're full of weird and dangerous stuff, much of which can steal your personal information, load malware or even hijack your Google account. Stick to the Google Play store by going into Settings > Security and making sure "Unknown sources" is disabled.
Bad stuff can make it even into the Google Play app store, which isn't policed as thoroughly as its Apple counterpart. Before you click the "Install" button on a new Android app, read through its lists of permissions and see whether they match what the app says it does. If a flashlight app, for example, needs to be able to make calls and send texts, that should raise some red flags. Don't install it.
You don't want strangers picking up your phone and leafing through it. Any kind of screen-lock code is better than nothing, although patterns and passwords are stronger than PINs, faces or fingerprints. (PINs can be cracked through repeated guessing; fingerprints and faces can be fooled, and police won't need a warrant to get them.) Too inconvenient? Set up your phone so that the screen locks only after a few minutes of inactivity, or not at all if it's connected to a trusted Wi-Fi network or your car's Bluetooth signal.
Android 5 Lollipop and later versions let you "pin" a specific app to the lockscreen. That way, your nephew can play Cut the Rope on your phone without being able to read your email. Go to Settings > Security > Screen Pinning, toggle the on/off switch, and, if available, also toggle "Ask for PIN before unpinning." Then open an app, tap the Recent button at the bottom of the screen, select the app card and tap the pin icon on the bottom right. Press the Recent or Back button to unpin the app, but you'll need to unlock the screen to access the rest of the phone.
Android devices can be infected with malware, usually through a dodgy app. Avoid that with a robust antivirus app that screens each new app and routinely scans the rest. We've got a list of our favorites here, and most of them have free versions.
Google pushes out new security updates to Android every month. Unfortunately, not all phones or tablets will get them, as wireless carriers and device makers have the ultimate say on when a software update is ready. (If you have a recent phone from Samsung, Motorola or Google itself, you probably do get the updates. If you have a Google phone running Android 7 Nougat, the updates will be automatic.) Go into Settings > About phone > System updates and click "Check for updates." Some phones also display the "Android security patch level" in About phone; later is better.
Joining any Wi-Fi network without a password means anyone on the same network can access your device. If there's a password to access the network but you're sharing that network with strangers (such as in a cafe or hotel), then that's just as bad. Stick to cellular data, bring your own cellular Wi-Fi hotspot or use a VPN service that can protect you even when you're on public Wi-Fi.