Post on 07-Aug-2020
TechSocial
1
ANDROID SECURITY
TechSocial
2
WELCOME TO TECHSOCIAL
The following manual will provide an introduction to software and hardware specifications of Android and Apple devices. Our goal is for you to familiarize yourself with the interface of your device and alter your settings to suit your needs.
We would like to thank the Ontario Trillium Foundation and the Venture Centre funding this project, and to all our community partners who are helping to ensure the success of this program.
LEARNING OBJECTIVES
• Understand the basic security functions of your tablet or smartphone • How to make changes to your security settings • To feel comfortable using the basic security functions of your device • To recognize the types of security threats to your mobile device
TechSocial
3
TABLE OF CONTENTS Android Security .................................................................................................................. 1 Welcome to TechSocial ................................................................................................................ 2 Learning Objectives............................................................................................................................................... 2
Android ................................................................................................................................... 4 Passcodes and LockScreens ........................................................................................................ 4 To Change a Passcode Lock ............................................................................................................................... 4 Face lock & Fingerprint ....................................................................................................................................... 6
Privacy Settings.............................................................................................................................. 9 Location Services .................................................................................................................................................... 9 Emergency SOS ........................................................................................................................................................ 9
Find my Device ............................................................................................................................ 10 Set up ......................................................................................................................................................................... 11 How to use Find MY Device............................................................................................................................ 12
Protecting yourself online .............................................................................................. 14 Hacking & Malware .................................................................................................................... 14 Strong passwords ....................................................................................................................... 15 Applications ................................................................................................................................. 16 Spam ............................................................................................................................................... 17 Phishing Scams............................................................................................................................ 18 Pharming ...................................................................................................................................... 19 Reporting Fraud.......................................................................................................................... 19 Steps to Protect Yourself .......................................................................................................... 21
TechSocial
4
ANDROID
PASSCODES AND LOCKSCREENS
Just like the iPhone, Android phones are vulnerable to outside attacks. The best way to protect your information is to have extra security measures on your device.
TO CHANGE A PASSCODE LOCK
Once in the Settings menu, scroll down to tap on the Security option.
Here you can change your password, pin, or pattern. Tap on which option you prefer. By default, this option is set to “Slide,” which means no password or pattern is needed. From here, select which lock type you want to use, whether it’s Pattern, PIN, or Password.
With the Lock Pattern, draw a unique pattern on a 3-‐by-‐3 grid of dots to unlock the device. The disadvantage is that if your display easily picks up fingerprints; so remember to clean your display frequently. Swipe to draw an unlock pattern you want to use. If you messed up, hit retry. Otherwise, hit continue. It will then ask you to draw that pattern again to confirm.
TechSocial
5
Personal Identification Number or PIN is a 4-‐to-‐17-‐digit numerical code. The disadvantage is that it might be easier for someone to crack than a full-‐blown password.
Insert a 4-‐digit PIN that you’re comfortable with. It’s a good idea
not to use repeating numbers (don’t use more than two if you absolutely must). Hit continue. Re-‐enter the
PIN to confirm.
For Password, type the password you’re comfortable with. The password must be at least 4
characters, must be no more than 17 characters, and must contain at least
1 letter. Use an alphanumerical password with symbols that’s at
least 8 characters long for ultimate security, but anything will do. Hit
continue. Re-‐enter the password to confirm.
TechSocial
6
FACE LOCK & FINGERPRINT
Some phones have even more options for lock-‐screen security. Newer phones with front-‐facing cameras should have an option for Face Unlock, though it might not be as practical for typical usage (for instance, you may have trouble unlocking your phone in low light, and someone with a photo of you could simply use that to unlock it). Some special phones — such as the HTC One Max — even give you a fingerprint scanner.
Starting with version 6.0 Marshmallow, Android now supports fingerprint scanners. This change has effectively opened the floodgates, and now almost every flagship Android device includes a fingerprint scanner out of the box.
First up, you'll need to head to your phone or tablet's main Settings menu. From here, select either the "Security"
option (most devices), or "Lock screen and security" (Samsung devices).
Next, choose the "Fingerprints" option,
and then select "Add fingerprint" on the following screen.
TechSocial
7
Next, you'll see a screen that gives you the details on fingerprint security, so read through this carefully, then press "Continue." From here, you'll be prompted to add a back-‐up code that will be used in the event that the scanner fails to recognize your fingerprint. Choose either "Pattern," "PIN," or "Password" as your back up unlock code, then enter it into the following menu. After that, you'll be asked to confirm your code, so enter it one more time.
Finally, it's time to register your fingerprint. An animated demo on your screen should tell you where to place your finger. Lift your finger off of the scanner, then change its position slightly, and place your finger back on the scanner. Repeat this same process
roughly five times, then your fingerprint will be registered. When you're done there, you can add a second fingerprint by choosing the "Add another" option, and you can repeat this for up to five fingers, but make sure to tap "Done" when you're finished. From now on,
whenever you go to unlock your device, you can simply place any registered finger on the scanner, and then you'll be taken directly to your home screen
TechSocial
8
Face lock is another great feature on Android based operating systems. Before you turn on face unlocking, you need to set a secure unlocking method for your phone, if you haven't already. Go to Settings, scroll down, and tap Security, then tap Screen lock. Select from the Pattern, PIN, or Password unlocking methods, and then follow the onscreen instructions to set up your unlocking method of choice.
Once you return to the Security settings screen, tap Smart Lock, then enter your PIN, password, or unlock pattern when prompted, then tap Trusted face. Once you so, you’ll be presented with some information about unlocking your phone with your face. Read this information carefully, and when you’re ready to proceed, go ahead and tap Set up.
At this point, Android will suggest you find a well-‐lit—but not overly bright—indoors spot: Doing so will help Android pick up your facial features. Once you’ve found such a spot,
tap Next.
Your phone will now begin the process of identifying your face. Hold your phone at eye level so that your face is within
the ring of dots onscreen: Once you have your phone positioned properly, the dots will begin to turn green. Hold still until all the dots turn green and a checkmark appears onscreen. When it does, tap Next. And you’re pretty much
set.
For better results, you may want to show Android how you look under different circumstances—hair up, hair down,
clean-‐shaven, with a beard, with a hat on, whatever. Doing so can help it better recognize you, even if you’ve changed your
appearance somewhat.
TechSocial
9
PRIVACY SETTINGS
Using a mobile device will allow you to interact in new ways with new people. Though these new interactions can be exciting at times, but there is also a need for a certain amount of privacy while online. By reviewing the following list of privacy settings, you will help ensure that you are not over sharing on the internet and connecting with others in a safe manner.
LOCATION SERVICES
To see what applications are monitoring your location navigate to your settings menu. From the settings menu, select the submenu titled Location or Location services. From this submenu, you’ll be able to see any applications that have requested to track your location or are currently monitoring your location. Selecting one of these apps will allow you to set your preference for which apps have permission to track your location.
EMERGENCY SOS
If your phone has an SOS feature, it can be turned on in the Privacy and Safety submenu of your settings menu. This feature will activate when you press your power button three times. The SOS feature will send a front/rear camera photo, audio recording, exact location, and help needed message to three of your pre-‐selected emergency contacts. This can be a useful feature in case of an emergency.
TechSocial
10
FIND MY DEVICE
Find My Device is one application that we recommend you allow location tracking. This application allows you to track your phone if it is lost, as well as completely wipe the memory from your phone in the event that it’s stolen. That’s an extremely helpful tool because then you don’t have to worry about if the phone thief will have access to all of the information on your phone. These apps and features are available on both iPhone and Android phones.
Smartphones are a large part of our everyday lives and so we load them up with vast amounts of personal information. If our devices are stolen, we’re putting our identity in jeopardy because of all the unlimited information we allow these devices to store. Following these steps can help save your identity in the event that your smartphone is stolen.
If you lose your Android device, you can locate, lock or erase your Android device with Find My Device. Find My Device is turned on by default for Android devices associated with a Google account.
TechSocial
11
SET UP
Depending on the device version, you can enable the Find My Device by heading to Settings and selecting Google, then scrolling down to Security.On older devices, select Google settings and tap on Security. There you will find the option to select Find My Device. Select Remote locate this device, and tap Activate.
If you’re on a newer Android device, tap on Settings and select Security. Scroll to find the Device Administrator option and select. Tap on the Android Device Manager and select Activate.
TechSocial
12
HOW TO USE FIND MY DEVICE
When Find My Device connects with a device, you see the device's location, and the device gets a notification.
Open android.com/find and sign in to your Google Account. If using another phone or tablet, open the
Find My Device app and sign in.
If you have more than one device, click the lost device at the
top of the screen.
On the map, see about where the device is.
The location is approximate and may not be accurate.
If your device can't be found, Find My Device will show its last known location, if available.
TechSocial
13
Pick what you want to do. If needed, first click Enable lock & erase.
Play sound Rings your device at full volume for 5 minutes, even if it's set to silent or
vibrate.
Lock Locks your device with your PIN, pattern, or password. If you didn't have a lock, you can set one. You can add a recovery message or phone number to
the lock screen.
Erase Permanently deletes all data on your device. (It may not delete SD cards.)
After you erase, Find My Device won't work on the device. Important: If you find your device after erasing, you'll likely need your
Google Account password to use it again.
TechSocial
14
PROTECTING YOURSELF ONLINE Using your smartphone and tablets to go online makes every day activities such as shopping, banking, paying bills and keeping in touch that much easier. There are, however, a number of risks when it comes to going online. Some risks include identity theft, phishing scams, viruses and hacking.
HACKING & MALWARE
Hacking is a term used to describe someone who has gained access to your device without your authorization. Hackers find weaknesses in your security settings and exploit them in order to gain access to your personal information. They most often access your information through a Trojan Horse, which provides a back door for hackers to enter and search your information.
Malware – a malicious piece of code -‐ could get on your machine when you open an attachment or link. Malware is one of the more common ways to infiltrate or damage your device. It infects your device with malicious software, such as viruses, worms, Trojan Horses, spyware and adware. Malware can alter or delete your files, steal information, send emails on your behalf or reformat your device.
TechSocial
15
STRONG PASSWORDS
Choosing a strong password is very important when it comes to protecting yourself online. A study in 2012 by the Javelin Strategy and Research found that 62% of users did not have a password on their device. Not using a password means that if you lose your phone, a stranger can pick up your phone and easily access your personal information.
When choosing a password, it is essential to select a long and difficult password. If you decide on a numerical password, don’t select an easy one such as 1-‐2-‐3-‐4. Instead, choose your favourite date – not your birthday or your SIN number – or sequence of numbers.
When it comes to creating profiles for social media accounts, e-‐commerce or email, choosing the right password can save you a lot of headaches in the future. Always use a minimum of 6 characters and a combination of numbers and symbols (such as !, @, #, $, etc.,). You will also want to make sure to change your password every so often, typically every 3-‐5 months. An ideal password should be hard to guess but easy for you to remember.
TechSocial
16
APPLICATIONS
When you download an app from the Apple App Store or the Google Play Store a list pops up and you have to select “I accept” or “OK” to complete the download of the app. This list is filled with the information the app has access to on your phone. Some of the information that a majority of popular apps have access to includes your device’s location, photos, contacts and calendar, among other information. It’s exciting
when you purchase or download a new app, but you need to take a minute to double check what this app requires access to because it could very well be that the app will have access to more information that you’re comfortable with.
Besides double-‐checking what the app has access to, you should also go into the app’s settings and disable the tracking ability. Tracking your location on Facebook can be fun, however it also might be putting your identity and safety in jeopardy. The problem with apps that track your device’s location is that you’re making a roadmap
of your life — places you regularly go to and even the location of your home. By turning the location tracking off on the apps, you’re protecting your privacy from future phone hackers. If you opt to allow your apps to track your location then you are possibly making yourself more vulnerable to identity hacking.
TechSocial
17
SPAM
Spam is one of the more common methods of both sending information out and collecting it from unsuspecting people. Canada has a new anti-‐spam legislation that you can learn more about at www.fightspam.gc.ca. Spam is the mass distribution of unsolicited messages, advertising or pornography to addresses, which can be easily found on the Internet through things like social networking sites, company websites and personal blogs. Canada's anti-‐spam legislation applies to all commercial electronic messages. A commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.
Cell phone spam is a common problem. As we increasingly rely on smartphones for communications, the potential for spam increases. Most spam received on smartphones is from Short Messaging Service (SMS), otherwise known as text message. Smartphone spam can be costly. If you don’t have a messaging plan, you could end up paying for unwanted texts, or your personal information (such as credit card) can be comprised.
TechSocial
18
PHISHING SCAMS
Clicking on unknown links may lead to “phishing” sites that harvest usernames and passwords. Pay attention to suspect emails as more and more hackers are getting sophisticated in the way they write them.
In this example, we can clearly see that something looks suspicious. For one, when a company like PayPal sends you an email, they will always include their logo.
Phishing is used most often by cyber criminals because it's easy to execute and can produce the results they're looking for with very little effort. Fake emails, text messages and websites are created to look like they're from authentic companies. They're sent by criminals to steal personal and financial information from you. This is also known as “spoofing”. "Smishing" is the cell phone equivalent, with con artists texting your phone with messages that link to web sites where you might be asked to reveal confidential information.
TechSocial
19
PHARMING
Pharming is a type of online fraud. It convinces the user that the site is real and legitimate by spoofing or looking almost identical to the actual site down to the smallest details. You may enter your personal information and unknowingly give it to someone with malicious intent. This is often applied to the websites of banks or e-‐commerce sites.
It is possible to increase your protection with some simple steps and precautions. The URL is also a great place to check. Always ensure that, once the page has loaded, that the URL is spelt correctly and hasn’t redirected to a slightly different spelling, perhaps with
additional letters or with the letters swapped around. One of the biggest fears is that pharmers will attack major banking services or e-‐commerce sites. When you reach the payment point or the point wherein you are asked to type in banking passwords and usernames, ensure that the http has changed to https, as the ‘s’ stands for secure.
REPORTING FRAUD
It is also very important to note that you should never share your password with anyone who you don’t know or who you don’t trust. If you receive a message, email, or phone call from an unknown source that is asking for your personal information, make sure to report the incident. Facebook, Twitter, Instagram, and email service providers all have reporting functions.
If you believe you or someone you know may have provided personal or financial information to an unknown source it is imperative that you notify your banking institution, credit card companies, and credit bureau. You can also notify your local police and Canada Anti-‐Fraud Centre:
TechSocial
20
Canada Anti Fraud Centre 1-‐888-‐495-‐8501
Or visit their website at http://www.antifraudcentre-‐centreantifraude.ca/
Here are few things to be cautious of when online and help you identify fraudulent activities:
It sounds too good to be true You've won a big prize in a contest that you don't recall entering. You're told that you
can buy into a lottery ticket pool that cannot lose.
You must give them your private financial information "You're a winner!" but you must agree to send money to the caller in order to pay for
delivery, processing, taxes, duties or some other fee in order to receive your prize. Sometimes the caller will even send a courier to pick up your money.
The manager is calling Often criminal telemarketers ask you to send cash or a money order, rather than a
cheque or credit card. Cash is untraceable and can't be cancelled. And, crooks also have difficulty in establishing themselves as merchants with legitimate credit card companies.
The stranger calling wants to become your best friend Criminals love finding out if you're lonely and willing to talk. Once they know that,
they'll try to convince you that they are your friend – after all, we don't normally suspect our friends of being crooks.
It's a limited opportunity and you're going to miss out If you are pressured to make a big purchase decision immediately, it's probably not a
legitimate deal. Real businesses or charities will give you a chance to check them out or think about it.
TechSocial
21
STEPS TO PROTECT YOURSELF
Now that we know the different types of spam, here’s some steps to protect yourself:
Use different passwords for every account. While it may be easier to have the same password for every account,
having multiple passwords keeps your information much more safe. If the password or email address that you use gets into the wrong hands, they can start trying that password on other websites or services.
Make sure your passwords are strong. You also have to make sure those passwords are good, hard-‐to-‐guess
passwords. You should also change your most important passwords at least once every six months.
Set up two-‐factor authentication. Two-‐factor authentication or two-‐step verification is something
everyone should set up on his or her Google account. Other services provide similar security safeguards. (Twitter is said to be setting some up soon too.) The service provides an extra layer of security. When you sign into your account it requires you to enter another code, which you can only get via text or a voice call. This way no one can get into your account unless they have that piece too.
Don't reveal too much on social networks. We are often providing enough information via social media for hackers
to figure out our passwords or answer those questions in the password reset tools. We recommend being very careful about what information you share on your public profile.
TechSocial
22
Protect your devices This one used to be the most obvious and probably still is. Make sure
your devices have a password, and keeping your software up to date. Updates are important as they patch any loopholes that can allow your device to be hacked.
Also, make sure to do some research on the app you are wanting to install on your device. Read the reviews and make sure it’s from a legit source.
Secure your wireless connection Just as important is protecting the way you get onto the Internet. Make
sure you have protected your home wireless network with a password and you have changed the default SSID (your network's name) -‐-‐ that means changing it from "Linksys" to something else.
Shop only at safe sites. Make sure the site has a little padlock icon next to the address and it has
an HTTPS address before putting in your credit card number. Keep a close eye on your credit card bills for suspicious charges. In addition, make sure to look at the site and make an educated decision about its legitimacy. Googling it also make sense to see if any others have had issues with it.
Think before clicking links Clicking links is second nature on the Internet, we should be careful
before we click those lines of text. Be vigilant about what links you click in an email, especially when they come from companies. Also, don't click on odd direct messages or Facebook messages with links. If you're friends are sending exciting photos they aren't going to do it via a link.
Pay attention. It might be obvious, but just remember that if you're using any Internet
service or Web browser you have to be smart.
TechSocial
23
OTHER PROGRAMS THROUGH TECHSOCIAL-‐ BASIC APPLICATIONS -‐ CYBERSECURITY -‐ DEFAULT APPS -‐ ENTERTAINMENT APPS
-‐ SOCIAL MEDIA -‐ MOBILE COMMERCE -‐ HEALTH APPS -‐ CLOUD COMPUTING
WHERE CAN I GET MORE HELP?
In addition to this manual, you can also find help here:
Libraries The libraries in your community are an excellent
resource of information on how to use your device. Many libraries have staff that is able to assist with
questions or problems with your device. TechSocial Team You can contact the TechSocial coordinators any
time. They are available to answer all of your questions.
Email – TechSocial@neonet.on.ca
Phone – 705-‐360-‐1353 Website – http://bit.ly/NEOnetTechSocial