Android is one of the most used operating systems in the world with an almost 70% market share. It is an open-source software which means users can tamper with it and create custom versions and apps for it. This is a great utility for users to make their own custom OS or customize them using apps or tools. But this is also a bane as users can transfer payloads or inject virus on your device and misuse it. In this guide, I will share how to not get hacked on your android device using simple tips and care.
How To Not Get Your Android Device Hacked
- Always update your phone
- Install from Trusted Party Only
- Look for the Permissions
- Delete What’s Not Required
- Check the applications tab in the settings app
- Do not install third-party keyboards
- Public Wi-Fi
- Public Charging Booths
- Emails are Click-Baits
- Frequently Change your passcodes and use Password Managers
1. Always update your Phone
Updating your phone is always the best option when you want to avoid your android device from being hacked. Old operating systems can have bad patches or be more prone to hacks. This is because hackers can easily find loopholes in old patches and there is enough time for them to dig in.
The android device manufacturers such as OPPO, VIVO, and MI that have their own operating system with android; and android based mobile devices regularly update their operating system to patch the loopholes on older versions of android.
So, what you can do is regularly check for system updates and update to newer versions though there are no major changes.
2. Install from Trusted Party Only
There are some apps that require you to pay certain amount of money to access the pro version. To avoid that, a lot of people google for modded apk versions of that app and install it on their device. This is a bad practice because you never know what tampering has exactly been done that app and it may contain a payload.
For example, you are tired of using the boring version of WhatsApp and now want to try the modded apk; that includes freezing last seen, no blue ticks or double ticks and some other features.
So, you google for a modded apk, download it on your phone, and install it without giving a second thought. WhatsApp being a chat message needs to access contacts and media, but you never know if there is a bridge in the network. when you are texting there is a high chance that a copy of all your data is being sent to the apk creator.
Additionally, to avoid this, never download and install apk’s from untrusted sources; including google or if your friend wants to share it with you.
3. Look for the Permissions
Never be a dumb enough person to allow the apps to access what’s not required by it. Look for the permissions that an app asks for while installing it on your Android device.
This is important.
Just give a thought; you are installing a modded version of calculator from Google and it asks for permissions to access contacts or photos.
Why would a calculator app ask permissions for photos or contacts?
Always ask such questions when you see any app asking for permissions to access your android device. This can help you from being hacked.
Hackers mod the apps to send payload to your android device using which can access your phone on their computer. At times, you may not find apps asking for permissions but they do contain payloads.
Moreover, it is not only the apps. Payloads can be sent to an android device in the form of PDFs, images, and even a word file.
Here is the next tip you need to take care of when you can’t determine the payloads.
4. Delete What’s Not Required
As I said in the above tip; payloads can be in any format and not just android apps.
To be clear of there is no such malicious content on your phone, always delete what’s not required. These can include PDFs and images from your friends, a file you never recognize downloading or storing, and anything that is suspicious.
One best thing to do while downloading contents, files, images, or anything from a friend; scan it using an online free tool called “VirusTotal“. This tool scans the files using different anti-virus search engines and lets you know if there is any kind of backdoor or virus in the file.
5. Check the applications tab in the settings app
Most of the times a hacker installs an app on your android device and hide it from the application drawer.
In such a way, you will never know if there is some malicious app on your phone that is always listening to your conversations, chats and media.
Go to the applications settings in the settings menu and find any suspicious app in the “Installed app” section.
If you find any app that is suspicious, delete it right-away from your device and change passcodes of apps and social media accounts.
6. Do not install third-party keyboards
I have a lot of Android friends who love tweaking the keyboard on their android devices. But there is something I always tell them; keystrokes are recorded when you use such apps.
Hackers create a keyboard listener that sends them all the keystrokes that you are typing on your android device. This is called as keystroke logging or keylogging.
Let me give you an example how exactly it works,
You installed a third-party fancy keyboard on your android device (The payload is installed). Now, when you are logging in to your social media accounts through your phone, all your data such as E-mail and password are transferred to the third person. Moreover, everything you type including your private conversations with friends will be transferred to a third person and there is no more privacy.
7. Public Wi-Fi
Public Wi-Fi is one of the easiest ways to get your android devices hacked. This is because using Public Wi-Fi, intruders can easily install payloads on your android device. Moreover, they can also hijack the network and perform MIMT attack (man in the middle attack). In this attack, anything you send over the network such as a chat with a friend; a copy of it is sent to the attacker.
Never use Public Wi-Fi to send sensitive information and never download anything on a public network.
8. Public Charging Booths
At metros, restaurants, or any other places that are public; you can find a charging port with a cable to charge your Android or IOS devices.
Never charge your phones using those charging stations.
But why? What’s with the charging?
The USB cables we used to get earlier were dedicated only to charge your device. But now, we get a two way USB cable that allows you to charge as well as transfer files from your device to PC. You can try connecting your charging cable with your PC and you will locate your device.
When you connect to such charging stations, there are small Raspberry Pi modules installed that transfer the data while you are still charging. We call it a juice jacking method.
9. Emails are Click-Baits
When an attacker has your Email address, he can plan a click-bait for you and install payloads or plan a phishing attack.
You might be wondering what is a phishing attack?
In this type of attack, you receive an E-mail from Instagram or any other social media to reset your Password or confirm your E-mail address. So, you click on that click and enter your credentials.
Boom!! you just served your Email id and password to the attacker.
Always check the sender’s E-mail Id; Instagram or any other social media does not send emails from any other IDs or aliases.
Why would they send an Email from [email protected] when they can directly mail from Instagram.com? Also, check for the alphabets, you might miss some alphabets like we just did in the above E-mail address.
There are cases when you get emails with a link that seem to be genuine. In such a case, you can use a free online tool called “Wheregoes“; that tracks the URL and show’s it before you actually open it. All you need to do is paste the URL and hit enter.
Additionally, Payloads can be installed from such malicious links on your android device.
10. Frequently Change your passcodes and use Password Managers
It is always better to change your passwords frequently to avoid any kind of breach. And the best option is to use password managers for your social media and other accounts.
Here are some of the password managers I use for one click logging without any keystrokes. Use these to manage passwords and also secure them by creating much stronger passwords. This can be done using the password managers and you don’t have to remember passwords for every other websites.
You may also like,