Be Android Safe on the Web

Wondering how to secure Android phone communications? You’ll want to read this blog entry!

Be sure to visit the TCEA TechNotes blog to read this entry.


“Did you know 15.2M text messages are sent every minute?” I asked my wife at evening meal. “That’s almost as many emails as our dear daughter sent the weekend after she got a smartphone!” As we laughed to ourselves, the niggling question of who sees those communications tugged at me. How easy is it to hack SMS/text messages? I often worry someone will grab my smartphone and send text messages/emails that are inappropriate. In a previous blog entry, Safeguard Your Android, I shared how to rely on a virtual private network (VPN) to protect communications. Increasingly, you must secure your communications (e.g. email, text messages, voice calls, where you go online). In this blog entry, we will explore how to better achieve security.

Did You Know?At the bottom of this blog entry, you’ll find a nifty infographic showing what sorts of data 3.7M people put online every minute. 103M spam emails are sent every minute. 527K photos are shared via Snapchat.

Why Do I need to Secure My Communications?

“If you’ve got nothing to hide, you’ve got nothing to fear,” goes the saying. That isn’t exactly true. Consider this scenario:

You send an accidental text or email, announcing that you will be at the beach this weekend. Perhaps you go to the beach, and post pictures on social media. When you return to your home, you realize you’ve been robbed.

Tracking your movements need not result in theft. Instead, you may be the target of advertising.

There are numerous ways you can be tracked on the internet. Whenever you browse the net, you are being tracked by the use of browser cookies.
Cookies are the reason why, after you check out a new iPhone case on Amazon, you are repeatedly hit with website ads for phone cases wherever you go. Ad networks save cookies to your computer’s hard drive and then display ads based on the items you have browsed in online stores or searched for on Google. (Source: Pixel Privacy)
Whether you wish to or not, securing your communications is critical to digital citizenship. More importantly, protecting your sensitive data (and that of your students) can prevent problems before they arise.

https://youtu.be/17rykTIX_HY

Tip #1 – Two-Factor Authentication

secureWhen I first began using two-factor authentication, it was a pain. I just couldn’t pick up my phone, login to Facebook or Gmail on my computer. Instead, I had to start up my Authentication app. Now, two years later, I am grateful for the added security. About six months ago, someone tried to break into my Gmail account. Without two-factor authentication, I fear I would have been hacked. If you use Google Suites, Twitter, Facebook, Dropbox, you may find it worthwhile to protect yourself with the Google Authenticator app.

Did You Know?You can use a site like Have I Been Pwnd? to find out if a login (your email address) has been hacked. You can also double-check to see if a password you use is up a brute force attack with the How Secure is Your Password? website.

You may also want to take an extra step. What if your phone is stolen or lost? If someone is able to make it pass your fingerprint authentication, they can use the Authenticator app to login to your various services. On Android, it’s possible to assign a pass code to apps you choose. Even if someone has your phone unlocked in their hand, they will have to work hard to get past your pass code for individual apps. People often ask to look at my Android phone. Before, I was a little nervous about letting them look at it. Now, I can hand it over and know people will be unable to get into sensitive apps by accident. You can use BitDefender Mobile’s App Lock to assign a pass code to each app (shown above). Apps:

Tip #2 – Minimize Your Internet Tracks

Everything we do online is tracked. Forget that at your peril. While it’s one thing to have the government looking over your shoulder (not really), a more immediate threat includes hackers and vendors trying to seize your information. Use a virtual private network (VPN), and one of the browsers below to achieve some measure of anonymity (it may foil online retailers and hackers but not necessarily the FBI): Apps:

  • Firefox Focus: This app works well to block cookies and advertisements. You aren’t anonymous while using it, but it works great to block ads and keep your mobile browser light. Use it with a VPN.
  • Duck Duck Go: This search app doesn’t track your searches on the web. Use it with a VPN.
  • Orbot: This app has a built in The Onion Router (TOR) browser, and will work to keep your internet travels anonymous as possible. Use it with a VPN to achieve higher level of protection.

Tip #3 – Protect Your Text Messages

“What’s the username and password to Netflix?” asked my daughter a few weeks ago. Since my text messages enjoy end to end encryption, I have no problem sharing confidential, sensitive information via text message. However, I would never dream of doing this using the standard SMS/Text message app on any device. Instead, take advantage of one of the apps below. The best one right now is Signal. On Android, you can use Signal for both encrypted and unsecured text messaging. Your friends who use Signal will connect securely with you, while others who are not using it will not. No matter what tool you use for text encryption, consider using the Secure Space Encryptor (SSE) app or website to encrypt text messages (and email). This will protect your messages with AES-256 level of encryption. Apps:

  1. End to end text and audio encryption with Signal, WhatsApp, or Voxer
  2. Encrypt your text messages using SSE or web encryption

Tip #4 – Guard Your Email

“With over 200 billion emails sent and received by almost 3 billion people throughout the world each day, accessible anywhere at any time by almost anyone, email inboxes present a big target,” says JJ Rosen. You should be encrypting your email whenever possible, whether you are on your computer or your Android device. You don’t have to be a professional cryptographer to use tools like SecureGmail (Watch video), Virtru Email Encryption (Watch video) or the Paranoia Text Encryptor website. Another approach you can take is to rely on a tool like ProtonMail (based in Switzerland) or Tutanota (based in Germany). Both offer secure apps that allow you to send encrypted emails to others. For example, Protonmail comes with a pass code login. This protects strangers from accessing your email app. When composing an email, you can set a password to encrypt messages for non-ProtonMail users. You can then share the encryption password with the email recipient through a phone call or text message (not email though). When they receive the email, they use the password to decrypt your email message. What a relief to know your confidential emails are encrypted while sitting in a friend’s inbox. Another neat feature is you can set message expiration to a number of hours or days. That’s pretty amazing! Apps:

Conclusion

Some may see these efforts to secure communications as so much cloak-n-dagger games for grownups. Let’s not forget that identity theft costs $16 billion dollars affecting 15.4 million people. I urge you to take every precaution possible. Only after taking proper precautions will you truly have nothing to fear. Once you have done all you can, you have nothing to fear.


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: