IDG Contributor Network: Balancing security and convenience on your Android phone

Credit to Author: Michael Connell | Date: Thu, 09 Feb 2017 08:00:00 -0800

In an ideal world, we wouldn’t need passwords, lock screens, or to take any other steps to protect our security and privacy.

In the real world, we need to find the right balance of security and convenience. It can be difficult to find the sweet spot with an acceptable level of risk and ease of use because — even though no one likes to think it will happen to them — millions of phones are lost or stolen each year.

A modern smartphone can provide access to almost every aspect of your life, ranging from your email to your banking information. It is important to keep the level of risk in mind when you are choosing how much effort you are willing to put towards ensuring that information remains private.

When it comes to your Android phone, everyone is faced with decisions when searching for the proper middle ground between security and convenience. Here are three areas where the choices you make really matter. 

This is your phone’s first line of defense — arguably the most important — and you have a number of options from which to chose when it comes to securing your device.

The most convenient, but by far the highest risk, choice is to simply leave your phone unlocked. Many people who settle on this option ascribe to the “my phone is always with me” argument, but I just don’t buy it.

All it takes is one time of leaving your phone on a restaurant table or one miscreant snatching it from your hand during the morning train ride and all those cute puppy photos, along with everything else, are suddenly dependent on the kindness of a stranger to remain uncompromised. A stranger that might have just stolen it, I should add. I urge you to reconsider if this is the choice you have made.

The use of facial recognition to unlock your Android phone has been an option since Ice Cream Sandwich, with improvements added over the years since it was first introduced. This is a valid option, but if you do choose it, I strongly suggest enabling the “blink test” in your settings to make sure that someone can’t use a photo to trick your phone into unlocking.

Alas, facial recognition is not without its drawbacks. As someone who regularly transitions between bearded and clean shaven and regularly uses facial recognition in a variety of lighting conditions, I can attest to it being about as reliable as a witness to a crime on a dark and stormy night, assuming that the witness wears glasses with a cracked lens.

Some phones are better than others because they have superior front facing cameras, but none are perfect. When conditions are right, facial recognition unlock can work brilliantly, but conditions are not always right. Also, since your phone will ask you to manually unlock it anyway if it doesn’t recognize you, you still need to set up the next, more secure option.

Password protection can be either a PIN, password or a pattern. A pattern is probably the easiest, and the more dots connected in your pattern, the more secure it is. A PIN is also a good option, while a password can be the most secure, assuming it is a strong password and not easily guessed. While none of these are impossible to breach, they all offer a sufficient level of security to discourage all but the most resourceful and tech-savvy thieves.

Lastly, you can use Smart Unlock if your phone is running Android 5.0 or later. This will automatically unlock your device when you are at places you have designated as trusted, typically home and perhaps your workplace. It’s a great feature that mitigates some of the effort required to keep your phone secure when you are out and about. This, along with the other screen lock options, can be found in your security settings.

It makes your phone more secure and, assuming you have a strong password on your lock screen, once you have enabled encryption on your device you don’t need to do anything else to keep data stored on your phone from being accessed by anyone, including Google or law enforcement.

However, as is true with most things in life, nothing comes without a price — and the price in this case is reduced performance. If you have a high-end Android phone, you might not even notice the performance hit, but if your phone struggles to run smoothly while it is unencrypted the added security may not be worth it. If you do decide to encrypt your phone and it has an SD card, don’t forget to encrypt that as well.

Android has supported encryption for a number of generations now and you should be able to find the option under the security settings. Be aware that it might take quite some time to encrypt your phone.

I discussed the use of a VPN, or virtual private network, while using public Wi-Fi in an earlier blog. If you do anything on your phone that requires a password while you are using public Wi-Fi, a VPN should be considered a requirement. Otherwise, you are vulnerable to a man-in-the-middle attack from someone else on the network or someone spoofing a free hotspot. The risk is too high and the inconvenience too low to risk it.

There are paid and free options available. In fact, some recent Android phones support Google’s own Wi-Fi Assistant and VPN service, but unless you have a Pixel or Nexus device, this option is probably not available to you. For everyone else, you will have to find a VPN app. But note: Just because a VPN is available on Google Play, does not necessarily mean it is trustworthy. Do some research before you select a third-party VPN.

If you live a quiet life at home with only your family and close friends coming to visit, convenience may well outweigh security concerns. Each person must find that proper balance that fits their situation.

There is no answer that is right for everyone, but I hope that this discussion helps you consider your choices and reach a balance that works for you.

This article is published as part of the IDG Contributor Network. Want to Join?

http://www.computerworld.com/category/security/index.rss