Google and the company that made your phone are responsible for protecting your information, but so are you. Doing your part is quite easy; be diligent about the things you download and install, and make sure you have a secure lock screen with a strong backup password or PIN.
Google and the company that made your phone don’t have it easy. They both have to make sure bugs and vulnerabilities are found, fixed, and relevant software updates are filtered out so you can install them.
It might be worth thinking about how this is handled when deciding which Android phone is right for you.
Safety: do your part
There are three things you can do to make sure your phone is as secure as possible. Fortunately, none of them are difficult to do!
Start with your Google account. You need it to use any Google services that come with your phone, like the Play Store or Google Photos. Make sure your password is strong (if you’re not sure, you can change it here and Google will help you choose a good one) and that two-factor authentication (2FA) is enabled. 2FA sounds annoying but it really isn’t, and once it’s set up, you’ll barely notice you’re using it.
The next step is to make sure you are using a lock screen on your phone. Setting one up is pretty straightforward, even if you skipped it when you initially set up your phone. You’ll find everything you need in the settings app. Make sure to choose a password or PIN that no one can easily guess. You can also enable biometrics like a fingerprint sensor to make unlocking your phone even easier.
Finally, be careful and read before you hit those “yes” buttons. Websites can make your phone automatically download stuff, but they can never install anything automatically without your consent. Make sure you trust whatever you install and you should be fine.
Security: Google’s share
Android is a giant open source software project, but it is supported by Google. This doesn’t mean that Google writes all software in-house; only that it’s their job to incorporate everything in a way that works well and is secure enough to be used on billions of phones around the world.
Security starts with every version of Android, and features that make our phones more secure are built into each new version. Android, as written without modification or user change, is one of the most secure operating systems available to consumers. The thing is, often no one wants to use Android as it is written, so changes should be made very carefully.
There are a lot of smart people who want to find a way to bypass all of Android’s security features, and new ways to defeat them are being found all the time. This is true for every software – flaws and bugs are inevitable. This is why security patches are very important. Google should fix bugs and exploits, then implement fixes that don’t break anything else. Once that’s done, those patches need to be sent to the companies that make phones, because they’re the ones who build and adapt Android to each device.
Security: phone manufacturers
The company that made your phone has the toughest job when it comes to keeping it safe. Google doesn’t make Android for all phones that use it; it enables and encourages phone makers to customize Android to meet the needs of their customers. To do this, Google provides Android source code for free to everyone, including companies like Samsung or Motorola.
With this source code in hand, a phone maker will typically modify much of it before it begins clicking the buttons that create the Android operating system used by each company. When you hear something like One UI, it means a separate version of Android made by Samsung for their phones and tablets. This system grants much of the support – including the security of things – to manufacturers.
A phone manufacturer must take the code from each version of Android and incorporate its changes and improvements without affecting the basic security that Android itself offers. Then they have the daunting task of adding their own services while securing them. Finally, some companies even add additional security features to Android, such as Samsung Knox.
When flaws and exploits are found and merged into the Android base, the phone manufacturer must do the hard work to push those changes into their version of Android, then work with carrier partners and try to push them out to everyone . It’s the really hard part. In a software project as large as Android, even the smallest change can have a ripple effect and break something else. Phone makers need to do the coding work and then take the time to rigorously test everything before any changes are pushed out to users.
It takes a village
To ensure an Android phone is secure and the rest, all of these things need to work together. The hard work done by Google or Samsung (for example) means little if you leave your phone unlocked all the time, or install any random download from the internet. Conversely, your due diligence doesn’t mean you’re protected if you don’t have secure software to begin with.
Fortunately, Android has matured and most of the time these three things work as expected. You will probably never have your phone “hacked” as long as you do your part.