Essential Android Security Tips from CISA

Key Takeaways:

• The number of phishing attacks is increasing, with 1,003,924 reported in the first quarter of 2025.
• CISA recommends using end-to-end encrypted messaging, enabling passwordless FIDO authentication, and avoiding SMS-based multi-factor authentication.
• Android users should update their devices with the latest security patches and use a password manager to stay protected.
• CISA provides seven security settings to update on Android devices, including choosing a device with strong security updates, setting a trusted Private DNS provider, and enabling Chrome’s always-secure connections.
• Regularly reviewing and restricting app permissions, keeping Google Play Protect active, using encrypted Rich Communication Services, and enabling Safe Browsing on Google Chrome are also essential for securing Android devices.

Introduction to Cyber Threats
The threat of cyber attacks is becoming increasingly sophisticated, with attackers using more advanced techniques to trick users into phishing scams. The Anti-Phishing Working Group (APWG) reported 1,003,924 phishing attacks in the first quarter of 2025, highlighting the need for users to take extra precautions to protect their sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Mobile Communications Best Practice Guidance to provide users with recommendations on how to stay safe from cyber threats. One of the primary concerns is the vulnerability of Android devices, which can be exploited by attackers to gain access to sensitive information.

Choosing a Secure Android Device
CISA recommends choosing an Android device with strong security updates, such as those offered by manufacturers like Samsung and Xiaomi. These devices should have a chipset with hardware-level security features like secure enclaves or a hardware security module (HSM) to securely store encryption keys. Additionally, users should look for Android Enterprise Recommended devices, which meet Google’s security and update standards. Manufacturers that guarantee a minimum of five years of security patch updates with at least one monthly update are also preferred. By selecting a secure device, users can reduce the risk of their device being compromised by attackers.

Setting a Trusted Private DNS Provider
Every time a user opens a website or app, their web request is sent to their Internet Service Provider (ISP) to retrieve the data from the Domain Name System (DNS). However, ISPs can see every site a user visits through DNS lookups, and if a data leak happens, sensitive browsing activity can be exposed. To prevent this, CISA recommends using a private DNS provider like Cloudflare, Google, or Quad9, which offer stronger security features and protect against DNS hijacking. Users can set up Private DNS on their Android device by going to Settings and searching for Private DNS. By using a private DNS provider, users can encrypt their DNS lookups and prevent their ISP or other third parties from seeing the domains they’re trying to access.

Enabling Chrome’s Always-Secure Connections
More websites are moving towards encrypted security, but there are still many sites that don’t use end-to-end encryption. CISA recommends forcing HTTPS connections wherever possible on Android browsers, a feature that Chrome offers in its settings. By enabling this feature, users can ensure that all their insecure requests are encrypted with the HTTPS protocol. This can be done by going to the Privacy and Security option under Chrome settings and turning on Always use secure connections. Regularly updating the browser is also essential to get the latest security features and block potential threats.

Reviewing and Restricting App Permissions
A simple-looking utility app may be sneaking user details by asking for permissions beyond what’s needed for its functioning. CISA recommends regularly reviewing app permissions and disabling anything that feels irrelevant. Users can head over to their Android settings, check each app’s settings, and disable any permissions that don’t match the app’s core functionality. By doing this, users can significantly reduce unwanted data collection and prevent apps from accessing sensitive information.

Keeping Google Play Protect Active
One of the easiest pathways for malware to enter an Android mobile is through sideloading apps from unknown sources. CISA recommends turning on Google Play Protect in the Play Store, which scans apps for potential vulnerabilities and warns or blocks the installation of harmful apps. Users can enable Google Play Protect by opening the Play Store, going to the profile icon, and clicking on the gear icon. By keeping Google Play Protect active, users can protect their device from malicious software and reduce the risk of installing adware or spyware.

Using Encrypted Rich Communication Services
The Android Messages app can be turned into an instant messaging app similar to WhatsApp or iMessage with Rich Communication Services (RCS). CISA recommends enabling RCS, which offers end-to-end encryption (E2EE) for one-on-one conversations. Users can enable RCS by going to the Messaging app, tapping on their profile, and turning on RCS chats. By using encrypted RCS, users can protect their messages from being intercepted by attackers and ensure that their conversations remain private.

Enabling Safe Browsing on Google Chrome
Phishing is still one of the most prominent techniques attackers use to steal user data. CISA recommends enabling Safe Browsing on Google Chrome, which blocks harmful websites and prevents phishing attempts. Users can set this feature by going to the Privacy and Security option under Chrome settings and selecting Enhanced protection. By enabling Safe Browsing, users can protect their sensitive data from being exposed to attackers and reduce the risk of downloading harmful files.