Google's Android Market mobile software shop was hit last week with its first major malware attack; a popular application called "DroidDream" proved to be infected with malicious code that could steal users' personal information, and Google was forced to use a built-in Android "kill-switch" to do away with the problematic app -- but not until after it had already infiltrated thousands of Android smartphones.
The Google Android platform has never been more popular; in fact, Android now holds a commanding 31 percent of the U.S. smartphone market share, making it the most popular smartphone OS in the country, according to ComScore.
Slideshow: 8 Essential Android Security Apps
Android has also never before represented such a significant target for hackers and other baddies looking to profit off of the platform's popularity. In other words, now is the time to get smart about Google Android security. The following six tips and tricks will help do just that.
1) Protect Your Android with a Password -- Now!
The single most effective security measure you can take to protect your Android device is to lock it with a password. It sounds simple, but a strong password -- or even a weak one -- will protect you and your smartphone from the vast majority of threats; if a malicious party can't get past your password screen, your data and everything else on-device is generally secure.
Depending on the model of your Android smartphone, you'll have a variety of password options, but they're all accessed in mainly the same way. Open up your Android Settings menu and scroll down to the section called Location & Security Settings or something similar. First, enable Screen Unlock Security and you'll then be presented with a number of password options, depending on your device.
For example, my Motorola Atrix 4G provides password options for a Pattern Lock, for which you can set a specific "swipe pattern" to unlock your device; a PIN Lock that uses numbers to secure your handheld; a Password Lock, for which you can employ both letters and numbers; and finally, a biometric-based Fingerprints Lock that employs the Atrix's fingerprint reader for authentication.
Though the Fingerprint Lock is the most secure option...I'm a bit wary of storing my biometric information on Google's servers, so I opt for the Password Lock. In order of "secureness," the Fingerprint Lock is most secure, followed by the Password Lock, PIN Lock and finally, the Pattern Lock. But using any one of these Android password security options is better than not using one at all.
(Note: If you choose to employ the Pattern Lock option, it's a good idea to frequently wipe your touch screen clean, since repeated entry of your pattern lock can leave a "trail" that can be spotted by hackers and used to gain access to your device.)
After you set your Android password, you should set your Screen Timeout options to a relatively low option, so your device display shuts off and locks itself shortly after you last touch it. To do so, open up the Android Settings menu, scroll down and select Display. On the following screen, locate the Screen Timeout option and pick a value -- I suggest one minute or less for maximum security.
2) Customize Locked Home Screen with Owner Info
Imagine you accidentally leave your smartphone at a bar. A good Samaritan locates the device and wants to get it back to its rightful owner...but it's locked and the home screen shows only a beautiful, albeit useless, ocean vista.
This scenario plays out all the time, and if more smartphone owners only added owner information to their devices' home screens, many more lost devices would likely be returned. Unfortunately, Android doesn't have any built-in option that lets you post owner information on your device's locked home screen, like other mobile platforms, including Research In Motion's (RIM) BlackBerry OS. But a couple of third-party applications will do the trick.
My favorite option for adding owner information to your Android home screen: the Phone Found - Owner Info app, which is available for free via the Android Market. To customize the Owner Info app, simply launch the software, hit the Edit menu options and enter in your contact information. You can then open up the app's Settings and choose which information you want to display on your device's locked home screen.
3) Do NOT Root Your Android Device
To "root" your Google Android device means to remove a number of manufacturer- and wireless-carrier-imposed restrictions put on your smartphone to make it easier for said parties to install and deliver the applications and services they want you to employ, among other things.
Rooting also opens up system-level access to your device's core resources, which is not a good thing, at least from a security perspective, since doing so also removes a number of safeguards installed to help protect your device from malware and other potentially dangerous code.
Unless you're a developer or someone who is very familiar with Android and you're simply willing to take your chances, you should NOT root your Android device. Ever. Not rooting might mean limited access to some cool, custom applications and services, and you won't be able to download apps from many unofficial third-party app stores. However, avoiding a root does vastly increase security, because in large part applications can't gain system-level access without a root.
Bottom line: Don't root your Android device. But if do, beware that in rooting your smartphone, you're significantly reducing your device's existing security safeguards.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.