Android Hardening

What is the Purpose of Privacy and Security Hardening?

Limit the Information that is shared with your mobile provider, phone carrier and third party apps.

Configured Recommended Privacy Settings

Start off by navigating to Settings>Location

➔ Tap Location>App permission.

• If you don't see "Location," tap Security & location>Location.
• If you have a work profile, tap Advanced>Location.

➔ Under ”Allowed all the time" and “Allowed only while in use,” view the apps that can use your phone's location.

➔ To change the app's permissions, tap it, then choose the location access for the app.

• Look for apps that are on "Allowed all the time". Most apps don't need to be on always (with the exception of some home door locks, etc). To limit the sharing of your location with apps, we recommend setting to “while using” or “never” based on your privacy preference.

Important: If an app has permission to use your phone's location, it can use your phone’s approximate location, precise location, or both.

➔ Open your phone’s Settings app.

➔ Tap Apps & notifications.

➔ Tap an app. If you can’t find the app you want, first tap See all apps.

➔ Tap Permissions>More>All permissions.

➔ Under "Location," you can find the type of location the app requested. If you don't find "Location," this app hasn’t asked for your phone’s location.

Types of location access apps can request:

➔ Approximate location: The app can see that your phone is within a large area, a few hundred meters wide.

➔ Precise location: The app can see your phone’s exact location, like a dot on a map.

➔ In the foreground: The app can use your location only when the app is open on your screen or running in the background.

➔ In the background: The app can use location info at any time, even if you aren’t using it.

➔ We recommend setting the type of access an app has, based on your privacy preference. Approximate or In the foreground are good options for privacy conscious individuals.

➔ If the Android device is paired with a Google Account, options are available to not allow location tracking of YouTube History, Web & App Activity, Location History, and even Ad personalization.

➔ If users are Hard Core Privacy or Mushy Middle, BlackCloak recommends to Not Allow/TURN OFF location tracking for YouTube, Web App Activity, Location History or Ad Personalization

Devices linked with a Google Account will also have the ability to view any password history provided by Google’s management system. It’s good practice to occasionally review what’s stored in there and remove any old entries that are no longer being used.

Configuring Recommended Security Settings

Enable Device Locking
You should ensure your mobile device has screen lock enabled in order to limit who can access your device. We recommend setting a pattern, PIN or password. You can do so by navigating to Settings>Security (or Security & Location)> Security>Screen lock.

You should also consider enabling the automatic screen lock after a certain amount of time and the Power button locking.

Turn of Wi-Fi & Bluetooth Scanning
Navigate back to Settings> Location (For older Android devices you may need to tap Advanced)>Wi-Fi & Bluetooth Scanning>

➔ If users are Hard Core Privacy or Mushy Middle, BlackCloak recommends to Not Allow/TURN OFF location tracking for YouTube, Web App Activity, Location History or Ad Personalization

➔ BlackCloak recommends that you Turn Off Wi-Fi Scanning and Turn Off Bluetooth scanning.

Device and Security Updates
Be sure to update your devices, what new patches/updates are released.

➔ For Android updates navigate to: Settings> System>Advanced>System update> Follow steps on the screen

➔ For security updates navigate to: Settings>Security> then tap Security Update> Follow steps on the screen

➔ For Google Play system updates navigate to: Settings>Security> then tap Google Play system update> Follow steps on the screen

Configuring Security Settings for Apps

Ensuring Google Play Protect is running provides safeguarding of apps running on your phone from potentially dangerous software that may also endanger the operating system. For Google Play Protect navigate back to Settings> then to Google > Security

This can also be activated by navigating to the Google Play Store app on the
device. Then navigating the Menu icon > Play Protect> Settings> Turn Scan
device for security threats ON

Important: Google Play Protect is on by default, but you can turn it off. For
security, we recommend that you always keep Google Play Protect on.

Privacy Dashboard

Android 12 introduced a new privacy dashboard that will help you understand which apps have permission to access your camera, microphone, location, etc. You can find the dashboard by going to Settings > Privacy and opening up the Privacy dashboard.

Tap on Camera, for example, and you can see which apps are allowed to access your camera and which aren’t. Tapping on each app individually allows you to change the settings. It also shows you a timeline of permissions used.


Delete Your Advertising ID

Each device has its own unique advertising ID that allows apps to link data to your device. This builds a profile of you and your interests so they can show you more personalized ads. You can change this setting and reset the unique advertising ID to stop third parties from linking any information to your device this way. This won’t stop you from seeing ads but this will anonymize your data so they will no longer be based on your personal interests or browsing habits.

This can be done by doing the following. Navigate to Settings > Privacy then scroll to Ads. From here tap on Delete advertising ID.