Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Protect Data On Android?

Posted by timothy on from the big-ax-and-many-many-guns dept.

Gibbs-Duhem writes "It makes me very nervous that my Android phone has access to my email/AIM/G-talk/Facebook, protected only by a presumably fairly easily hacked geometric password protection scheme. Even more because simply attaching the phone to a USB port allows complete access to the internal memory and SD card regardless of whether a password is entered. I have no idea how much of that information ranging from cached emails to passwords stored in plaintext is accessible when mounting the device as a USB drive, and that worries me." For the rest of Gibbs-Duhem's question about issues in Android security, read on below. Gibbs-Duhem continues:"I have a lot of sensitive information in my email, including passwords for websites and confidential business/technical strategy discussions (not to mention personal emails ranging from racy emails from boyfriends to health discussions). My email and messaging client passwords are difficult to type (or even remember), so I would ideally want them saved in the device, although at least having something like a keyring password that needed to be re-entered after a time delay would make me feel better. This leaves me relying on encryption and OS level security to protect me.

I'm okay with this on my real laptop and computers as my hard disks are software encrypted and I make a habit of locking my session whenever I leave my desk. For instance, if I lost my laptop, the odds of the thief getting access to my information is minimal. However, I don't feel that this is at all true for my phone (which is frankly far more likely to be lost).

How is it that the Slashdot security pros handle this issue? Do you just not use email or the many other incredibly convenient capabilities of new Android smartphones due to the risk? Or are there specific ways in which we can guarantee (or at least greatly augment) the existing security practices?"

6 of 238 comments (clear)

  1. How do you protect your mobile phone by m2vq · · Score: 1, Insightful

    By using a regular phone with no shit like Facebook, Twitter, Google tracking. It's not that hard.

    1. Re:How do you protect your mobile phone by The+Dawn+Of+Time · · Score: 3, Insightful

      Yes but let's assume we aren't asking the question for the 0.00001% of humanity with no interest in being a part of society.

    2. Re:How do you protect your mobile phone by k31 · · Score: 4, Insightful

      Yea,

      and I secure my car by having a bicycle, instead.

      Sure, I get wet when it rains, but I'm a so much safer.

  2. You can't have your cake and eat it too by Anonymous Coward · · Score: 3, Insightful

    Just suck it up and type your password each time.

  3. You Use a Google Technology by Philip+K+Dickhead · · Score: 1, Insightful

    Relax. Privacy cannot be effectively acheived when it is contrary to the design and purpose of Android.

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
  4. complex passwords vs. saving by manekineko2 · · Score: 3, Insightful

    Not necessarily I think, as these two things protect against different style attacks.

    Complex passwords:
    +protects against brute force attacks
    Manual entry of passwords every time (as opposed to saving them in client):
    +protects against loss of control of your device

    Depending on the situation, it's completely plausible that a complex saved password may be the right call.

    Moreover, manual entry of passwords has a big negative: weak against shoulder surfing and entry loggers, which is enhanced by the fact that this is a mobile phone and you never know who might be watching.