A Note on Language
In this toolkit, we will sometimes use the word woman/women and feminine pronouns for simplicity and to recognize the significant impact technology-facilitated violence has on women and girls. We recognize that TFGBV also impacts trans, non-binary, and Two-Spirit people. We hope that all people impacted by TFGBV will find these documents useful.
Please note: This handout is up to date as of December 2022. If you have a newer model or operating system, please check the brand’s website for the latest capabilities.
Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps we take each day, and even personal biometric data such as fingerprints and facial recognition. While all this can make life easier, perpetrators and stalkers can also misuse this information to monitor, control, and harass victims.
This guide will help users enhance security and privacy when using their Android smartphones. Although all Android phones use the same operating system, depending on the brand (Samsung, Google, LG, Huawei, Motorola), each phone’s settings can be quite different. Use this handout as a general guide, rather than step-by-step instructions.
There are two areas to look at when increasing your smartphone’s privacy and security: (1) the privacy and security mechanisms built into your device (which may be slightly different depending on the brand of your phone) and (2) the Google account (which is essential to all Android smartphones) associated with your smartphone.
Android Device Settings
Although each Android smartphone will have slightly different settings, there are some standard privacy and security settings you can configure to give you more control over the information on your device. Although time-consuming, one of the best ways to ensure that your phone is as private and secure as possible is to go through each setting. This will help you learn what each setting does, how much control you have over your device, and how much information is stored and potentially shareable on your device. The following are some major privacy or security settings to start with.
Screen Lock and Passcodes
The most obvious – and most important – security setting you should start with is securing your Android phone with a passcode. This will prevent anyone from picking up your device and going through it while unattended. Depending on your Android phone, you will probably have many passcode options to choose from. The most common passcode is a 4 to 6-digit code. Other options include a custom numeric code, an alphanumeric code (combination of numbers and letters), or a pattern. Some Android phones include options such as face recognition or fingerprint recognition. On most Androids, you can find the passcode options under Settings / Lock Screen and Security.
Some Androids will have additional settings, such as deciding whether notifications or shortcuts should be visible when your phone is locked. Whether you choose to display that information depends on whether you would be comfortable if someone picked up your device and saw that information. You can find this under Settings / Lock Screen and Security.
Smart Lock can unlock your phone if:
- You are at a “trusted location,” such as your home;
- The smartphone wants to connect to a “trusted device,” such as your Bluetooth speaker;
- The phone is on your body;
- The person looking at your phone is recognized as a “trusted face,” or
- Your device recognizes your voice as a “trusted voice.”
Under these circumstances, your smartphone will unlock without you needing to put in a passcode. While Smart Lock can be convenient to use – for example, you’re juggling bags and opening doors and need to unlock your phone – it can also make it easier for someone else to have access to your phone. Think about your privacy concerns and balance convenience with privacy and security. You can generally find this setting under Settings / Lock Screen and Security / Secure Lock Settings/ Smart Lock.
Location is another setting you should check on your Android. You can generally find this under Privacy and Safety. Under Location settings, you have the option of turning your location on or off globally for all apps. Under this setting, you will also be able to see which apps have recently requested your location. If you don’t want a specific app to have access to your location, you will need to go into each specific app and manually turn the location off. For the most privacy, turn off the location if you aren’t using it. You can always turn the location back on when you need to use the app.
Under your Location settings, you can also decide how your location is accessed, whether by GPS, Wi-Fi, mobile networks, all those options, or a combination of those options. In general, when all location options are turned on, your location will be most accurate. This is important if you are using safety apps that need to know your exact location. Some people may choose GPS or mobile networks only, to save their battery.
Another setting to turn off if you’re not using it is Bluetooth. If you’ve ever connected with a Bluetooth device, which could be your car, portable speakers, or even a printer, it could automatically connect once you’re in range. Turning off Bluetooth will prevent automatic connection and you can turn it back on when you need it. This setting can generally be found under Settings / Bluetooth.
Apps’ Access to Device Content
When you download an app, you will get a message that tells you what content on your smartphone the app will need access to, such as contacts, calendars, photos, camera, microphone, SMS, sensors, storage, etc. On the latest Android OS, you can pick and choose which content a particular app can have access to under Settings / Apps / App Permissions. Under each category, you will see which app wants access to which content and can turn access on or off. On Android phones running older operating systems, you may need to go to the Application Manager and go through each app manually.
In some cases, you may not have the option to deny a particular app’s access to your smartphone content, or if you don’t allow it to access, the app may not work properly. For example, Google Maps needs access to your location to give you directions. In these situations, determine if you’re comfortable allowing the app access to your device content versus how much you need to use the app.
Installing Apps from Unknown Sources
Another setting to toggle is not allowing apps outside of the Google Play Store to be installed on your device. Unlike the iPhone, your Android phone allows you to install apps outside of the Google Play Store, such as from a website or via your computer. This is often how smartphone spyware and other malware get installed, so it’s important that this is turned off. You can find that setting under Lock Screen and Security / Unknown Sources.
Your device is likely already encrypted by the manufacturer if you are running Android OS Marshmallow or above. Otherwise, if you’re concerned about security you can turn on encryption, found under Settings / Security / Encryption. An encrypted phone will make it more difficult for someone to access the data on your phone unless they have the encryption key, which is usually your passcode.
You can also choose to encrypt your SD card (even if your phone comes already encrypted). You can generally find this setting under Lock Screen and Security/ Encrypt SD Card. Note that encrypted SD cards can only be read on the device used to encrypt them.
Backup and Reset
Android phones offer many ways to back up the data on your phone. Google Backup and Restore not only backs up your phone content, but it also will back up all your Google app data, such as calendar, Chrome browser, contacts, and photos. Once backed up, if you have to set up a new phone, just log in with your Google account and all your data will be synced. While incredibly convenient, it’s important to ensure that your Google account is secure. Take advantage of Google two-step notification so that if someone else were to sign in to your account, you would know.
Another method of backing up your account data is through online cloud services, such as Google Drive or Dropbox. Many people use these services to back up their photos or videos. Again, while convenient and helpful in clearing space on your Android, be sure that your account is secure when using these services.
Google Account and Services
Since the Android mobile operating system is built by Google, your Android smartphone is intimately connected to the Google platform. To purchase apps through the Google Play Store, you will need a Google account. For most users, that Google account will also be used for all the other Google products and services on the device, including Gmail, calendar, contacts, Chrome browser, and YouTube. Having all those services connected to one account can be convenient and helpful. For example, when you look at a website on your Android’s Chrome browser, the Chrome browser on your laptop will remember it in its history. Your browser history is saved to your account, as well as on the specific device.
Depending on your situation, you may find it helpful to have your information saved and integrated across devices under one account, or you may require more privacy and not want your information to be remembered across devices. If all those services were under one account and someone should gain access to your Google account, they will learn quite a lot about your phone activity. The good news is that Google does give users a lot of privacy options. Below are some suggestions for more privacy and less connection.
Go through Google Settings
Google gives you a lot of choices to increase your privacy and security while using their products, which you can find in Google settings. You can access these settings on your Android by going to Settings / Google. You can also access these settings online via a web browser at https://myaccount.google.com. We suggest going through all the settings. This is the best way to be aware of and increase your privacy and security. An easy way to do this is to go through Google’s Security Check Up as well as their Privacy Check Up (both can be done from within your settings on your phone or via your browser). Below are some settings to go through, but keep in mind that this is not an exhaustive list. We highly encourage you to go through all your Google settings to meet your specific privacy and security needs.
Minimize Google’s Collection of Device Activity
One way to prevent Google from collecting your information is to go through your settings and set it to “not collect your activity.” You can find these settings under Settings / Google / Personal Info & Privacy / Activity Controls. Here, you can set up your preferences regarding which of your activities Google remembers and saves to your Google account (e.g. Web & App Activity, Location History, Device Information, Voice & Audio Activity, YouTube Search History, and YouTube Watch History). Choose “pause” to stop Google from collecting this information. Keep in mind, however, that pausing the tracking of any of the above activities does not delete previously recorded activities. To delete those, you will need to do that separately through the Review Activity settings. These can be accessed through your Settings / Google/ Personal Info & Privacy /My Activity. Also keep in mind that even if the setting is paused, Google may still temporarily track some of your activities (e.g. web searches to improve the quality of your current search session).
Pay Special Attention to Location History
Another area to turn off is Location History. When this is turned on, Google will track everywhere you go through your smartphone (this is different from using Google maps). The purpose of this is so Google can recommend improved map searches, among other things. However, from a privacy perspective, if someone were to gain access to your Google account, they could see everywhere you have gone (and possibly predict where you will go). Determine if the privacy risks of someone knowing everywhere you go outweigh the convenience of a quicker map search or a Google recommendation based on your current location. Turn off location history by going to Settings / Personal Info & Privacy / Your Personal Info / Location Sharing.
Find My Phone
Many people will use the Find My Phone feature to track down their phone’s location if it is lost or stolen. However, if someone were to have access to your Google account, they could sign in to your account and find where your phone is through this feature. Whether you use this setting is up to you. Consider the security of your Google account and how likely it is that someone could use this to track your location vs. the security of being able to find your phone if is lost or stolen.
Remove Connected Devices and Apps
Your Google account can be logged on from multiple devices (such as an Android smartphone and laptop). To help you manage where you’ve connected, Google will tell you which devices have accessed your account in the last 28 days or are currently logged in. You can find this in your settings on your phone under Google / Sign-in & Security / Recently Used Devices. If there are connected devices you don’t recognize or you logged in somewhere and forgot to log off, this is where you can remove those devices’ access. This is also helpful if you lose your Android and need to disconnect the device from your Google account.
Remember that your Google account can also be logged in to other online accounts, such as apps or other online services. Unless you know your Google account is secure and you are comfortable using it to sign in to other accounts, it is generally best to create a new username and passwords when signing in to other online accounts. However, if you do choose to use your Google account, you can check which apps and/or online accounts your Google account is signed in to. Go to Settings / Sign-in & Security / Connected Apps & Sites to check or remove access to any apps or accounts.
Sign Out of Google Products on Your Android
While some Google services require you to sign in to be able to access it – such as Gmail or the Google Play Store – not every Google product requires you to sign in for it to work. When you are signed out, what you do on those apps will not be saved in your Google account. However, keep in mind that while your Google account won’t remember your activities, the app on your Android will remember. For example, if you’re not logged in while using the Chrome app on your Android, your Google account won’t remember what websites you visited, but your website browsing history will be saved in your Android’s Chrome app. If you don’t want any trail, consider deleting your Chrome browsing history or using the Incognito mode.
Additional Android Security
While the Android phone itself has built-in security settings, if you’re very concerned about the security of your phone, you can download a security app. Third-party security apps have a wide range of features, including malware and virus protection, tracking your phone if it gets lost or stolen, or remotely wiping all the data off your phone.
You could also download specific anti-malware apps, which will protect your phone from getting viruses or prevent other types of malicious software from installing. Depending on the type of Android smartphone you have, it may already come with anti-malware protection. If it does not (or you want to explore other options), you can go to the Google Play Store and search for anti-malware apps. Another way of looking for good anti-malware apps is to google “best anti-malware apps for Android” and read the reviews.
When downloading third-party apps from the Google Play Store, look at the reviews. The closer it is rated to 5 stars, the better, but also look at how many people have downloaded the app and read some reviews.
“Rooting” Your Android
Some people will “root” their Android, which is a process that allows you to modify the Android operating software code and install other software blocked by the manufacturer (the equivalent term for Apple devices is “jailbreaking”). Unfortunately, a rooted phone can be more vulnerable to malware and spyware, void your warranty, and make software updates impossible. Software updates are important because they can include security patches and make your phone less vulnerable to hacking. One possible way to know if your Android is rooted is to download a root-checker app from the Google Play Store. To “unroot” your phone, google instructions online since there is more than one way to “unroot” your Android.
Technology-Facilitated Gender-Based Violence (TFGBV) is part of a continuum of violence that can be both online and in-person. If you or someone you know is experiencing TFGBV, you are not alone. You can use sheltersafe.ca to find a shelter/transition house near you to discuss options and create a safety plan. You don’t need to stay in a shelter to access free, confidential services and support.
Adapted for Canada with permission from WESNET’s Tech Safety Net project, based on their resource Android Safety and Privacy Guide.