This is the fifth and final chapter of our five-part series on Android security. As Android is now the dominant operating system, we’ve tracked the evolving and steadily improving state of Android security. If you’d like to find out more about our previous topics, please click the links below.
Hostile networks form one important security aspect that’s not necessarily related to Android as a platform. This concerns anyone who uses a computer on an untrusted local network.
Traffic may be intercepted and snooped upon in many cases of internet use. The issue becomes especially urgent when using Wi-Fi guest networks in places like competing businesses premises, hotels, airports or cafes.
The threat of guest networks becomes especially urgent if the Wi-Fi signal is open and unencrypted, meaning that anyone in the vicinity with a Wi-Fi adapter can see all the traffic in the network. Encrypted networks are not necessarily much safer, as networks with one pre-shared key for everyone makes snooping possible to anyone who also has the Wi-Fi password.
The good news is that a growing share of web and other internet traffic is encrypted with technologies like HTTPS. Earlier this year, Mozilla, the company behind the Firefox web browser, reported that the average volume of encrypted internet traffic surpassed the average volume of unencrypted traffic for the first time. Google, in its most recent annual report, noted that for its own sites, HTTPS use is up to 89 percent overall, up from just 50 percent at the beginning of 2014.
For added protection, however, the best solution for preventing snooping on sensitive network traffic is to use a virtual private network (VPN). These come in many different flavors, and can be run in-house at a company or as a service by various internet companies. PCMag rates VPN services here.
When correctly implemented, VPNs limit many of the risks associated with surfing using an Android phone on unknown networks.
A VPN on an Android phone or tablet can:
- Provide protection from data sniffing when using public WiFi
- Spoof geolocation, so a user can e.g. watch services such as Netflix or BBC iPlayer from abroad
- Hide detailed online activities from the Internet Service Provider (ISP) or e.g. the local government
- Hide a true identity (IP address) from websites a user visits
In other words, a VPN for Android can do almost everything on a phone or tablet that it can on a full desktop computer.
It’s worth noting that not all VPN services and their apps are created equal. Recently, a test revealed many fraudulent, malicious and misconfigured VPN apps are available for Android. Alarmingly high numbers of VPNs failed to encrypt traffic, and some even inserted their own ads.
It’s advisable for companies to implement and provision VPN policies and services for their mobile work forces. Bigger companies generally do, but smaller businesses without substantive IT resources should consider buying reputable VPN accounts for their users.
Mobile phones are generally not privacy-friendly, but with a VPN and various other steps they can be made more privacy-friendly, especially if employees use online services via their websites rather than their apps.