1) Enable Two-Factor Authentication On Your Google Account
> A secure Android phone starts with a secure Google account, because that’s where all your synced data is stored—and the more Google services you use, the more crucial this step is.
> If you haven’t already, start by enabling two-factor authentication (2FA) on your Google account. There are several options for that second factor, be it a simple text message (which is inherently the least secure of all 2FA methods, but still better than nothing) to adding a U2F key like Google’s Titan Key bundle.
> You can find Google’s 2FA settings in My Account
> 2-Step Verification
2) Use a Secure Lock Screen
3) Make Sure Find My Phone is On
> Losing your phone is a gut-wrenching feeling, so you also want to make sure you have a way to track it and, worse case scenario, remotely reset your phone if there’s no chance of getting it back.
> Fortunately, Google has a tracking system in place for Android phones. It’s called Find My Phone, and it should be enabled by default on all modern Android phones. To double check, jump into Settings > Google > Security > Find My Phone.
4) Consider using apps that provide end-to-end encryption:
> This is entirely optional, as Android already has Gmail pre-installed (and emails might be the most sensitive information you transmit on your phone, outside of financial transactions). If you’re twitchy about your privacy when sending SMS messages, you may opt to use a third-party app to encrypt them. Apps such as Signal, Dust, Telegram, and Whats App (among others) could just be what you’re looking for.
5 ) Turn off Bluetooth and WiFi when you’re not using them:
> Doing so not only decreases the likelihood of mobile attacks (not to mention pranks) taking advantage of Bluetooth technology and WiFi, but it also helps with your smartphone’s battery life.
6) Be wary of (unofficial) apps that bank on other apps’ popularity, or on seasons and events:
> We’ve seen apps appear in the Play Store pretending to be something related to [famous app here], but cheaper, with more features, or some other too-good-to-be-true scenario. For example, Whats App is no stranger to copycat apps. In late November 2017,
> one supposed Whats App update used Unicode to slip under Google’s defenses. We’ve also seen fake apps that take advantage of popular events, like the Winter Olympics.
7) Weigh the odds when it comes to free public WiFi:
> Ah, coffee shop WiFi—to connect or not connect? Well, it depends. Is the WiFi you want to connect to even legitimate? Approach a coffee shop employee and ask for the WiFi’s name and password.
> If there’s a password, it’s a bit safer to connect. (If not, consider any browsing you do in the coffee shop to be open season for criminals.)
Things Google Already Does to Make Sure Your Phone is Secure:
1 ) Google Play Protect
Starting with Android 8.0 (Oreo), Google baked in a feature named Play Protect.
2 ) On-Device Encryption:
> In the earliest days of Android, encryption wasn’t even an option. Google added it later, though you had to enable it manually, and that was a hassle. These days, Android is encrypted by default on all modern devices, and you can’t turn it off.