This story is part of War in Ukraine, CNET’s coverage of events there and of the wider effects on the world.
It’s been over a month since Russia invaded Ukraine, and worries about cybersecurity continue to grow. Even before the invasion, US officials blamed Russia for cyberattacks against some Ukrainian websites, including Ukraine’s Ministry of Defense and two banks.
While the US Cybersecurity and Infrastructure Security Agency said there are no specific or credible cyberthreats against the US, the agency also said potential cyberattacks are more likely to target infrastructure. CISA is recommending everyone be prepared just in case. And securing your mobile device is a good place to start when building a line of cyberdefense. Here are six steps Android users can take to protect their phone data.
Make sure your OS is up to date
Updating your operating system can patch known security vulnerabilities and fix bugs. Not updating to the latest version leaves you and your device open to flaws that could expose personal data to malicious actors. Some people might put off updating their OS so they don’t have to deal with early bugs in the system, but waiting too long can harm your system. Here’s what to know about the latest Android OS, Android 12.
Turn on two-factor authentication
Two-factor authentication, or 2FA, adds a second layer of security to your Android account in case your password gets stolen. With 2FA, once you enter your password, a second message is sent to another device asking to verify that you are trying to login. It adds a bit more time to your login process, but the extra layer of security is well worth it. Here’s how to turn on 2FA.
Use a password manager
If you’re having trouble memorizing multiple passwords and coming up with unique passwords for every account, a password manager can help. These utilities can work hand-in-hand with 2FA and can securely store passwords and automatically fill login pages. They can also protect you against phishing scams that direct you to enter your password into a fraudulent website. For more information, check out CNET’s reviews of password managers Bitwarden, LastPass and 1Password.
Encrypt your Android
Starting in 2015, Google required manufacturers to make Android devices encryptable out of the box. Once your device is encrypted, all data stored on the device is locked behind a PIN code, fingerprint, pattern or password known by the owner. Without that key, not even Google can unlock your device. Here you can find out how to encrypt your phone.
Remove your data from Google
Android is a Google product, so unencrypted device data could be stored on a Google server. You can check with Google to see what data of yours it has, and you can ask Google to delete that data. The process can take time, but it’s worth the effort — your data can’t be stolen if it’s not in the system to begin with. Here’s where you can find how to request Google to delete your information, but note that Google does not guarantee that it will complete the request.
When all else fails, delete your phone
If you lose your phone or it’s stolen, you can remotely wipe your phone. Our Android settings guide has a walkthrough in case you need to take this step. This gets rid of all data from your phone so if you have anything on it you want to keep, you should get in the habit of backing your phone up on a separate device.
For more information on securing your phone, check out these eight apps to protect your phone’s privacy, what information digital security experts wish you knew and how to stop your phone from tracking you.
Why Big Tech’s Leap Into the Ukraine-Russia War Is Unprecedented