Tips for securing your Android phone
Smartphones are incredibly useful gadgets, but they also make tempting targets for thieves. A thief could try to make off with your phone, or just siphon off your data and private information using malicious software. Fortunately, a handful of best practices can go a long way toward keeping your device and data secure.
Never check the time on your phone
Before we get into the software side of things, here's a quick tip to keep your phone secure: If a stranger asks you what time it is, never pull out your phone to check the time. This is a common ploy thieves use, because asking for the time gives them a socially acceptable excuse to get close to you, and when you pull your phone out, you're looking at the screen, not at them. This makes it very easy for the thief to just reach out, grab the phone from your hand, and make a run for it.
Use a PIN code or pattern lock
Newer versions of Android include a feature called Face Unlock that lets you use the image of your face to unlock your phone. Sounds futuristic; unfortunately, it's not a secure system, and can be circumvented with something as simple as a photo.
To more securely lock your device, you should instead use a pattern lock or a PIN code. Pattern locking has you draw a specific pattern on the screen, while a PIN code has you enter a numeric code to unlock the device. Both methods are relatively secure, but they share one low-tech soft spot: smudges. If you unlock your phone and then look at it from an angle, you will likely see a trail of smudges showing what your pattern looks like, or what digits your PIN code consists of.
Of course, even if someone knows the four or five digits in a PIN code, that still leaves room for thousands of permutations. (Is it 1234, or 4213?) Still, for even better security, it's best to give the screen a quick wipe after unlocking it, or even to randomly run your finger across it in crazy patterns (it's fun, too). Another option is to pick a pattern that doubles back on itself (swipe up, then back down, then left, and then right), leaving a smudge that won't be useful to any would-be attackers.
Install an antivirus app and track your phone
A modern Android antivirus app does more than just scan for malicious apps; it's a veritable all-purpose tool that can protect your phone from all sorts of threats. It looks out for dangerous links you may tap on by mistake, lets you know which apps could be spying on you, and can even kill tasks to keep your phone running at its best.
Besides protecting you from malicious apps or links, both Lookout and AVG contain features that let you lock down your phone, track its location via GPS, and even remotely wipe it (if you've lost all hope of recovering it and you just don't want your data to fall into the wrong hands). If you think you just misplaced the phone nearby, most antivirus apps can have the phone give off an alarm to alert you to its location.
Selectively enable device administrators
Some applications let you set them as device administrators. This gives them special powers, and makes them more difficult to uninstall. This can be a good thing—in the case of Lookout or other antivirus apps—but most applications should work without the extra permissions. As a general rule of thumb, you should only set an app as a device administrator if you trust it and have need of its extended features. A security app may ask to be made an administrator to help better protect your phone, but games and the like have no reason to make the same request.
Administrator access is also used by large enterprises to enforce security policies on their employees' devices, and for allowing access to Exchange servers. In those cases, you won't have much choice over whether or not to enable an application as a device administrator, but you can likely trust it. To review your list of device administrators, access Settings > Security > Device administrators.
See also: Android's permission problems
Avoid side-loading software
Android apps are packaged and distributed as APK files. You can take an APK, put it on your device, and install it directly. Some users do this to pirate apps and games, or to install apps not available on the Google Play store. By default, Android is set up to block third-party installations; however there are cases where you'll want to disable this option in order to install apps from trusted sources such as the Amazon app store. Unless you're consistently downloading apps from a trusted source, though, you'll want this feature turned on.
You can verify that your system is still configured this way by accessing Settings > Security, and making sure Unknown Sources is not checked.
It's not about apps and tricks, but about best practices
What all of these tips boil down to is the point that you don't need a bunch of special apps or high-tech gimmicks to keep your device secure. On its own, Android can be used securely. Just make sure you keep your wits about you when using your phone in public, don't download questionable apps from shady sources, and—above all else—use common sense. Good luck, and stay safe.