July 10, 2014

Mobile security: Apps to protect Android devices


There are hundreds of free and paid security apps for Android phones and tablets. But many of those offerings are of uncertain quality.
Here’s a sampling of some of the best software for keeping Android devices free of malware, managing passwords, locking up your data, and more.

Android needs third-party security apps

If you have an Android phone or tablet, there’s good news and bad news.
The good news: You’ve picked the world’s best-selling mobile operating system. Something like 70 percent of all new phones and tablets run Google’s OS. That’s a strong incentive for software developers to build cool applications for the platform.
The bad news: Android’s open architecture and popularity have made it a favorite target for malicious hackers, thieves, and other criminals.
Android’s built-in security features have never been strong, and even the latest version (4.4.4, as I write this) offers only modest safeguards for your personal data and communications. For that reason, all Android devices need third-party security apps in order to be safe. (Virtually no operating system, by itself, is safe from malicious hacking.)
Fortunately, there are plenty of Android security tools to choose from. The Google Play Store has all manner of free and commercial apps. Note, however, that some are junk — amateurish software that could cause crashes, hangs, slowdowns, or other problems.
Other tools seem to work fine — until you look at them more closely. Take, for example, some “free” virtual private networking (VPN) apps, which provide some Web-browsing anonymity (especially on public Wi-Fi) by routing your data through the VPN provider’s servers. If the service is free, how does the provider pay the bills for running the servers and buying Internet bandwidth? How does the provider keep the lights lit? A cautious person might suspect that the company is mining user data.
That said, there are many reputable companies with excellent Android security products. Some are familiar and well-respected names you might recognize from the Windows world, while others are relative newcomers who develop products exclusively for mobile operating systems.
Below, I’ll provide summaries of well-regarded security apps — some paid, others free — in five essential categories:
  • Antivirus/anti-malware suites
  • Password management and encryption
  • Lost or stolen device recovery
  • VPNs
  • Secure file-wiping (to delete personal data when you’re selling or trading in your device)
(Note: The following information applies equally to all portable Android-based devices, including tablets. But for brevity, I’ll use “phone” throughout the rest of the article.)

Security suites: The absolutely must-have apps

The cornerstone of Android safety is a good security suite from a reputable vendor. Even a single, well-designed security app can provide coverage against a wide range of attacks and dangers.
Lookout Security & Antivirus (Google Play page; publisher’s website) is a typical example of a reputable suite in the security category. It offers a comprehensive selection of tools (see Figure 1) — some free and others paid. (I’ll list other brands in a moment.)

Lookout Security

Figure 1. Lookout Security & Antivirus offers basic security features for free; additional features are in its paid version.
Lookout’s free version provides:
  • Anti-malware: It gives automatic, always-on protection from viruses, adware, spyware, and other types of malware.
  • Lost/stolen phone recovery tools: A map shows you the phone’s location (see Figure 2), viewable via a free, private account on the Lookout website.
    The Scream option sounds a loud alarm, even if the sound was turned off. The alarm might scare a thief into abandoning the phone, but it can also help in more mundane situations such as when you simply misplace the phone at home or the office. The sound will lead you to the phone’s location.

    Lookout scream feature

    Figure 2. Lookout can help you locate and recover a phone, whether it's been stolen or just lost in the sofa cushions.
  • Signal flare: This option saves your phone’s location when the battery is about to run out. It might help you find the phone once it’s gone dead.
  • Automatic backups: Your contacts are saved to your private account on the Lookout website. You can download the contacts to your PC or to a new or secondary device.
  • Multiple device support: The free account is limited to two devices.
Lookout’s paid version adds:
  • Expanded Theft Alert features: You can have the phone send an email to your PC in the following circumstances:
    1. The phone’s unlock passcode is incorrectly entered more than three times in a row.
    2. The SIM card is removed.
    3. Airplane mode is enabled or the device is turned off (two tricks thieves might try to avoid detection), or a thief tinkers with the phone’s Device Administrator mode.
    Lookout’s notification email includes a map of the phone’s location when the Theft Alert was generated plus a theftie — a photo of the person holding the phone at the time the alert was triggered, taken automatically with the phone’s built-in camera. The same Theft Alert information is posted on your private account on the Lookout website.
  • Privacy Advisor: This lets you manage the permissions and personal data that each app on the phone can access.
  • Remote lock and wipe: In the event the phone is stolen and not recoverable, you can remotely lock it and erase your personal data.
  • Safe Browsing: This option alerts you when you visit websites known to harbor malware or other security threats.
  • Photo and call-history backups: Use this tool to automatically clone photos and call data to your private Lookout account.
  • Multiple device support: This lets you manage up to three devices from a single Lookout account.
You can test-drive Lookout’s paid version for up to two weeks at no cost; after that, it’s a modest U.S. $3 per month or $30 per year.
Again, Lookout Security & Antivirus is just one example of a typical, comprehensive, Android security suite. There are other suites with similar features.
For example, Avast Mobile Security & Antivirus (Google Play page; publisher’s site) doesn’t take “thefties” of would-be phone thieves, but its paid version does offer Geo-Fencing — the phone performs a specified action (lock, siren, send location, and so forth) if it passes outside a perimeter you’ve established, such as a set distance from your table in a café. It also offers App Lock, which lets you passcode- or gesture-protect access to specified apps.
Avast Mobile Security & Antivirus is available in both free and paid versions; after a 30-day free trial, the premium edition costs $2 per month or $15 per year.
Bitdefender is another name that might be familiar to Windows users. Its Mobile Security & Antivirus (Google Play page; publisher’s site) is also available in free and paid versions. Its features are similar to Avast’s, but it tries to differentiate itself with aggressive pricing. After a two-week free trial, the paid version costs only $1 per month or $10 per year.
You can download Kaspersky Internet Security (Google Play page; publisher’s site) for free. You must register with Kaspersky for the paid edition’s 30-day free trial; it’s $15 per year to keep. Two advanced features are Call & Text Filter, which helps block unwanted calls and texts, and a theftie option similar to Lookout’s; it can automatically take a photo of a would-be thief.
Again, you can find many more security suites, apps, and options by visiting the Google Play Store and using the search string “security” or “security suite.”

Password management and data encryption

It’s likely you’ve already been affected by one or more of the recent and massive corporate hacking incidents such as the data thefts at Adobe, Target, eBay, and others.
One of the best ways to protect yourself against these increasingly common hacks is to use a unique password for every site. (See the Oct. 17, 2013, Top Story, “Protect yourself from the next big data breach.”)
Remembering potentially dozens of passwords sounds burdensome, especially on a phone or tablet where typing can be difficult. But password-management software makes it vastly easier. The software does the hard lifting for you, remembering all passwords and storing them in a securely encrypted database.
If you’re using password-management software on your PC, there’s a good chance you can find an Android equivalent. That can greatly simplify setup and use because the software will already be familiar. It might even be able to access and use the database of passwords on your PC, saving you from the chore of re-entering everything again.
For example, RoboForm (possibly the world’s most popular password manager) has a free Android version (Google Play page; publisher’s site) that connects with an existing desktop RoboForm Everywhere account ($10 per year). Android’s built-in browser (a version of Chrome) doesn’t work with third-party password apps, so RoboForm comes with its own mini-browser that you can use to sign in to password-protected sites. You can also use the RoboForm app with Android editions for Dolphin or Firefox.
Similarly, there are two free Android versions of the popular, open-source, desktop Keepass Password Safe. One is called Keepass2Android Password Safe (Google Play page; publisher’s site) and is shown in Figure 3.

KeePass2Android

Figure 3. As with other password managers, enter a site's password once and Keepass2Android will then remember it for you.
The other Android version of Keepass is called KeepassDroid (Google Play page; publisher’s site). Both versions operate much like the desktop version of KeePass, and they share the same database format.
If desktop commonality isn’t an issue for you, the free/donationware, open-source Universal Password Manager (Google Play page; publisher’s site) might be of interest.
You can find many similar apps by using the search terms “password manage” and “manage password” (though seemingly similar, the two searches yield slightly different results).

Apps for recovering lost or stolen phones

As already mentioned, many of the best Android security suites (Lookout, Avast, Bitdefender, Kaspersky, and so forth) come with robust tools that can help you find and recover a lost or stolen phone — typically by sending you a map of the phone’s location, letting you wipe or lock the phone, and even snapping a photo of the thief.
But most versions of Android also include basic, built-in features that can reconnect you with your phone — or wipe it clean. For example, Android 4.1 and higher includes the Device Manager app (see Figure 4) that can, when linked to your Google account, locate your phone on a map and let you remotely ring, lock, or erase it. The specific details are explained in the Android Device Manager support page

Android Device Manager

Figure 4. Android's built-in Device Manager lets you locate, ring, lock, or erase a lost phone remotely from your Google account running on another device (shown above).
Older versions of Android — 2.2 and higher — allow for basic remote wiping, as explained on the Remote Wipe a Mobile Device support page.
Those tools are better than nothing, but third-party apps such as the following can do more — for example, take photos of a would-be thief. Visit the associated websites for full details.
  • Where’s My Droid (Google Play page; publisher’s site) offers basic capabilities for free (see Figure 5) plus extended features — such as remote lock — for $4. 
  •  
    Where's My Droid

    Figure 5. Where's My Droid offers good lost device–recovery features, including a GPS-based locator.
  • AndroidLost (Google Play page; publisher’s site) is completely free, though the program’s author accepts voluntary donations.
  • Locate My Droid (Google Play page; publisher’s site) also is free, with voluntary donations accepted.

Virtual private network apps for Android

A virtual private network (VPN) connection can let your phone operate securely, privately, and anonymously from any site — even from public hotspots in coffee shops, airports, restaurants, hotels, and so on.
A VPN uses encryption to establish a secure, private channel between your PC and the VPN provider’s server. That server, in turn, then connects to whatever website or other server you want to reach (see Wikipedia’s VPN article).
But you really want to trust the VPN provider, because it’ll potentially have access to your unencrypted data. Most legitimate VPN services recover their costs by charging a modest fee based on your data usage — or by displaying ads as you use their service. I think this is an important consideration, because a provider with a viable revenue stream should never feel tempted to mine your data stream for usernames, passwords, credit-card numbers, and so on.
Here are some of the better regarded Android VPN services and their associated client software:
  • VyprVPN for Android (Google Play page; publisher’s site) — three-day free trial; $7–$20 per month thereafter, depending on plan details
  • ExpressVPN (Google Play page; publisher’s site) — one-day free trial; $8–$13 per month thereafter
  • IPVanish (Google Play page; publisher’s site) — one-week, money-back guarantee; $5–$8 per month thereafter
  • Hotspot Shield: VPN Proxy WiFi (Google Play page; publisher’s site) — free, ad-supported version; ad-free Elite version, $30 per year.

Apps for thoroughly sanitizing Android devices

No, this is not dipping your phone into a glass of Lysol. When it’s time to sell or trade in your phone, all recent-vintage Android-based models let you easily restore the original factory configuration. That makes it harder — but not impossible — for the next user to recover traces of your data left behind in the phone’s flash memory.
In fact, completely erasing flash memory is technically difficult and could require special tools and extra steps. (For more info, see the Sept. 13, 2012, Top Story, “Rethinking the process of hard-drive sanitizing.”)
If your phone uses a removable SD memory card, scrubbing it is relatively easy. The best bet is to remove the card, connect it to your PC, and use the tools described in the aforementioned Top Story. (Or, if you can, simply keep the SD card, possibly reusing it in some other device you own.)
But when the flash memory is built into the phone, it’s harder to get at — and harder to erase. These apps can help:
  • SaniDroid (Google Play page; publisher’s site) — $1 
  •  
    Sanidriod

    Figure 6. Special-purpose apps such as Sanidroid can help remove lingering traces of personal data from a phone you're selling or trading in.
  • iShredder 3 (Google Play page; publisher’s site) — free and Pro versions ($3.50); see site for details
  • Secure Wipe (Google Play page; publisher’s site) — free
  • SHREDroid (Google Play page; publisher’s site) — free (doesn’t work on Motorola devices)
  • File Shredder (Google Play page; publisher’s site) — free (works only on a file-and-folder basis; reportedly, whole-phone erasure in a future paid-for version)

Security tools can help keep you safe

Mobile devices such as phones and tablets are wonderfully convenient, but they also pose huge security risks. Not only are these devices subject to the same kind of malware and hacking that your Windows PC must cope with, they’re also far more likely to be lost or stolen than your desktop or laptop system.
But with one good tool from each of the categories above, your portable Android device can be as safe and secure as current technology allows. None of these products will dent your pocketbook, so protect yourself!

Source: http://windowssecrets.com/top-story/mobile-security-apps-to-protect-android-devices/