Android Security Guidelines

Overview

The information below will help you to secure your Android device by implementing settings that will help to safeguard your privacy and make your device more secure.

Information

Settings

  • Require a password, passcode, or PIN for access.
    • Start by checking your Security Settings.  The settings on Android devices vary depending on the version of Android installed and the manufacturer of the device. Consult the documentation for your device or search an online help forum such as Android Help.
  • Set the passcode lock to activate after 5 or fewer minutes (1 minute is recommended).
    • Start by checking your Security Settings.  The settings on Android devices vary depending on the version of Android installed and the manufacturer of the device. Consult the documentation for your device or search an online help forum such as Android Help.
  • Install University of Oregon VPN software if you expect to use untrusted or public networks.
    • Untrusted or public networks include wireless provided in hotels and coffee shops. UO’s VPN provides a secure connection to the University’s network from a remote location. Members of the UO community can utilize the UO VPN
  • Turn on data encryption.
    • Starting with Android version 7.0, encryption is enabled by default.  For earlier versions of Android, go to Settings, then Security and choose Turn on Encryption.
  • Install and use a device tracking app to help you find or remotely erase your device if it gets lost or stolen.
    • Google offers the Android Device Manager. 

Connections

 

  • Use a secure network connection.
    • Your cellular carrier network or a secure wireless network are your best choices.
    • UO community members can connect to UO Secure Wireless while on campus.
  • Use the UO VPN if you are using untrusted or public Wi-Fi.
    • Be sure you have installed UO VPN.
    • Turn on the VPN by tapping on the AnyConnect icon and then tapping the slider next to VPN.
    • VPN will be displayed in the upper left of your iOS device’s screen when the VPN is successfully connected.
  • Turn off or restrict Bluetooth and Wi-Fi when they are not in use.

Management

  • Keep your Android OS up to date.
  • Keep your apps updated.
  • Only install trusted market apps.
    • Market apps include those from Google Play
    • Do not install or allow apps from Unknown sources; Do not “sideload” apps
    • Do not download apps offered to you via email, text messages, or web links.
    • Do not install apps offered on pop-ups from third party websites.
  • Do not make unauthorized modifications to the Android OS.
    • Do not unlock or otherwise bypass device security features that prevent you from gaining privileged access (“root”) to your device’s Android OS.  This. process is often called “rooting”.
  • Be aware of where data is being stored.
    • If you are permitted to access university data from your device, check the Information Security Quick Reference Guide for information classification and the Collaboration Tools Matrix to determine where the data can be stored.
    • Personal storage services (e.g. Google Drive, Box, etc.) should not be used to store sensitive university data.
  • If you travel internationally, be aware that certain types of sensitive university data cannot be accessed outside of the United States of America.
  • Before you sell or donate your device, back up your data and then erase all content and settings.
    • Look for the backup, erase, reset or wipe setting.
    • Keep your data and settings for your next device.
    • Prevent access to your accounts from your old device.
  • Report Security Incidents.

Additional Best Practices

  • Turn off GPS/Location Services for apps where you do not need it.
  • Set your web browser for private browsing.  In Chrome, open the Chrome menu and look for advanced privacy settings.
  • Turn on airplane mode when you do not need to use your phone, GPS, radio, Wi-Fi, or Bluetooth.  
  • Avoid using public Wi-Fi hotspots.
  • Travel safely with techonology. Take precautions while you are away from home and to protect the university’s sensitive data.
  • Consider using a mobile anti-virus product.  They are relatively new to market and are still maturing.