Recommended Android Security Settings
These directions are provided for stock Android. Customized devices with UI overlays may have different settings and/or be arranged differently. Please see Android UI Overlays for more information.
- In the WiFi submenu, select the Additional Options button in the lower-right corner, then select Advanced. Uncheck Network notification. This will disable prompting when the device sees a new network. This helps the device keep to known networks, and prevents the user from inadvertently joining potentially insecure Wi-Fi networks. The user will need to manually select new networks to join via the Wi-Fi submenu.
- Toggle Bluetooth to Off whenever not in use. This will help save battery life as well as reduce the chance that information will be inadvertently leaked from the device. Bluetooth can be deliberately or accidentally leveraged to redirect phone calls, message contents, and other device resources to unverified third parties. If a Bluetooth peripheral isn't in active use, it is best to turn Bluetooth off.
- When not in use, under More, uncheck NFC. Near Field Communication (NFC) can be used to exchange information such as contact details or payment information to third party devices in close proximity. Unlike Bluetooth, this protocol is explicitly for exchanging data with third parties. There are not currently many widely deployed uses for this developing technology, so it is recommended to be kept off unless in active use.
- When not use, under More, uncheck WiFi Direct. WiFi Direct is a relatively new protocol that allows two devices to communicate directly via WiFi without requiring a router. There are not currently many widely deployed uses for this technology, so it is recommended to be kept off unless in active use.
- In Location services, de-select Google's location service, GPS satellites, and Location & Google search when not in use. For users who do not require location services for geotagging, directions, and other applications, consider leaving location services disabled. Doing so prevents unintentional leaking of location by apps through presence awareness, photo metadata, and other means.
- In Security, Screen lock, select a PIN or Password. Having a password or passcode protects data on the device. Using a password, or a passcode of more than 4 digits will dramatically improve the security of the data, as more complex passcode also has an impact on device encryption. Please note: This may not be adjustable if your device is connected to an email or other service that stipulates a password or passcode.
- In Security, Automatically lock, select an interval of 5 minutes or less. This will impact how long the device goes without locking after the screen turns off. Most devices that are lost or stolen are accessed within 5 minutes or less. Setting the interval to 5 minutes or less will decrease the vulnerability window for data resident on the device. Selecting Immediately is the best choice, especially if the user is prone to walking away from the device after putting it into standby.
- In Security, Owner info, set a contact email address and/or phone number (not the number of the device) to which a lost device could be returned. Also select Show owner info on lock screen. This will allow a person who finds a lost device to contact the owner to return it.
- In Security, Encryption, select Encrypt device. This will encrypt the device's disk, making it more difficult for data to be accessed if the device is lost or stolen. This should preferably be done when the device is plugged in and fully charged. The interval required for encryption will vary with how much is stored on the disk, and generally encryption should be done as soon as the device is activated.
- In Security, under Device Administration, deselect Unknown sources. This prevents applications from being installed that do not originate in Google's application market, and limits the opportunities for malware to get onto the device, such as via an infectious email attachment or SD card.