Making Your Android Gadget More Secure

In our previous Android security roundup we made a breakup of major Android versions for smartphones vs. their security. In this roundup we’ll be providing apps and system settings for better Android security.

General Practices

If you are happy with your gadget and you don’t want a more recent Android device, there are some best practices to follow.

  1. Do your best to avoid installing applications from untrusted resources (and even suspicious applications from Google Play).
  2. Delete MMS messages and downloaded files from unknown sources. They may contain malicious executable code.
  3. For the tech savvy people: popular and well-trusted custom builds of Android may be worth considering. For example, you might want to take a chance with CyanogenMod which is the most popular alternative to classic Android.

As we said, Nexus devices are the first to get the updates. It's good to know what to device to choose so the user will receive the quality and can be sure that information won't leak.

If your Android versions isn't fresh and you don't want to change your device, some other options are still available. Those can boost phone security and prevent data leak.

Stock Android settings and options

In many cases, stock Android contains a huge set of applications but they are mostly optional. Removing such applications won't break your system but can improve performance.

Advanced user's can even try to remove Google Play and replace it via F-Droid.

Also, be careful with root access. While it gives you a full system control, it can become a problem and threat.

Browser ad-blocking

Firefox for Android supports extensions which can be installed from the Firefox Add-ons website. There are fewer extensions for mobile Firefox as compared to the desktop one. uBlock Origin and AdBlock Plus are available and are recommended for privacy. Those can block malware websites, tracking activity, etc.

Beside add-ons, some browser options can be changed to improve security. It includes tracking activity, enabling Do-Not-Track option, disabling of sending Telemetry data and cleaning history information including cookies.

uBlock Origin is similar to its desktop analog and works without any issues.

AdBlock Browser

Official website | Google Play

AdBlock Plus is a very popular extension, and it used to be available in Google Play. Some time later it was removed from there. Today the developers provide AdBlock Browser which is similar to the extension.

AdBlock Plus is still available for Android from the developers website, but it works only over Wi-Fi connections and requires some proxy configuration.


AdAway in FDroid

AdAway is another extension which blocks the ads and some other stuff. It modifies hosts file inside /system partition. It contains a list of ad serving domains, so that unwanted content doesn’t load.

Some time ago this application was removed from Google Play because it not only blocks in-browser ads, but also ads inside applications. Nevertheless, this application can be installed from F-Droid catalog. It also requires device rooting because it modifies /system partition.


Offical page on GitHub | Google Play | FDroid page

AFWall+ is a firewall application. Android doesn't support blocking Internet access per application. With this application, it's easy to restrict access for certain types of network (i.e. Wi-Fi or mobile networks). It provides very flexible interface with checkboxes to block access for:

AFWall+ requires root access and won't work without it.


Offical page on GitHub

AFWall+ is a very good choice but only if you have root access. It’s not always a possibility, so let’s consider an app that works without it. NetGuard works mostly the same way as AFWall+ – restricts Internet access per application and per network type: Wi-Fi, mobile data.

Permission control and CyanogenMod Privacy Guard

Google Permission control functionality was introduced in Android 6. It provides a graphical interface to restrict access to certain system parts. This is new behavior and not all applications can work smoothly. Sometimes, if applications support such behavior, Android will ask user whether to restrict access.

This behavior is very limited and doesn't indicate how it works. The whole process isn't transparent and allows control only for certain types of restriction (e.g., there is no Internet access control).

CyanogenMod introduced another version of Permission Control called Privacy Guard. It provides a more flexible way to control access for certain components of the system.

The earlier version was very limited. Current version indicates what action was made by application and when. It also possible to restrict access for such actions. The only drawback is that it’s available only in CyanogenMod.


Official project's page on Github | Google Play

XPrivacy is another way of controlling how applications access user information, phone settings and data. It built as an XPosed module (so it’s a requirement), also it requires root access. It provides access to low-level functions and allows configuring almost every aspect of Android system.

Advantages over stock Permissions Control and Privacy Guard:

1.Provides indications what features were accessed by applications (shows the exact function name and not only the group of functions).

2.Provides options for controlling different parts of Permissions.

3.Is available for stock Android versions starting with 4.0+.

Application work as follows: for a certain requests it will return empty data to the application. For example, if the application requests access to the contact list, then XPrivacy will ask user (default behavior) and if user says No, then it will return an empty list. This approach is safe and in most cases it won't break anything, but it is wise to be sure what to restrict because some requests are very important (e.g., access to camera from a camera app).

Android IMSI-Catcher Detector


This is an experimental application aimed to detect IMSI catchers aka fake mobile base stations. The idea of such devices is to intercept mobile user traffic.

This application is mostly for enthusiasts. However, recent reports say that police forces are able to use such devices. Law abiding citizens are mostly not under surveillance, but in many cases such devices can be procured by criminals.


Tor Project official website, Android page

Tor is a secured anonymous network which aims to safeguard user privacy. It is available on many platforms including Android. It works like a proxy server locally on the users device. Tor enables the user to get a private IP and all traffic will then be invisible for the ISP and will be encrypted.

It is good to know that in some cases Tor is not the best choice. Sending private data through Tor is not a best practice. Tor points can as well be just regular users who are running some software on their own machines.


Official website

This is a different type of network for user anonymity. It's a different network type and it aims to make web browsing secure. I2P is entirely different from the Internet. It provides specific websites, with a different set of protocols and so on, and access to websites is provided via web browsers.

I2P websites look like http://domainname.i2p

Additional best practices

These practices relate not only to Android, and they can be used pretty much on any device.

  1. Email and SMS encryption. All of this is available on Android, e.g. using PGP encryption.
  2. Consider using VPN which will encrypt Internet traffic and make it invisible to the ISP. Be sure to use a trustworthy VPN provider or to host your own VPN server.
  3. Storage encryption. This will provide an additional layer of security. Encrypted devices will make information unavailable to unauthorized users even if your phone is lost or stolen.
  4. Secured password storage. KeePassDroid is a version of KeePass for Android. Not everyone can remember a lot of different passwords. At the same time, using the same password on all websites is a threat. Storing passwords inside an encrypted database is a good compromise.