Secure and Manage Your Android Phone/Tablet
If you access or maintain sensitive institutional data from a mobile device, please meet the minimum expectations below. See University Data and Personally Owned Devices for a complete list of your responsibilities when accessing sensitive U-M data.
By meeting the minimum expectations below, you also will protect your personal data.
Settings on Android devices vary depending on the device manufacturer and the version of the Android operating system you are using. Consult the online or printed documentation for your device or search an online help forum such as Android OS Help or androidcentral.com for specific instructions.
Minimum Expectations for a Secure Device
- Require a password, PIN, or passcode for access. This prevents others from using your device by requiring the passcode to unlock it. Look under security settings.
- Set the screen lock to auto lock after 15 minutes or less. This, in conjunction with your password/PIN/passcode, protects your device from unauthorized use and helps conserve battery power. Look under security settings.
- Turn on data encryption. You will need to set a password/PIN/passcode when you enable this setting.
- Install and use an app to help you track or remotely erase your device if it is lost or stolen. Google offers the Android Device Manager (log in to My Devices using your @umich.edu address). Commercial applications include Lookout Security and Antivirus, Where's My Droid, SeekDroid AntiTheft & Security, Cerberus anti theft, and Android Lost.
- Turn off optional network connections (WiFi, Bluetooth) when you are not using them.
- Keep your Android firmware updated to take advantage of security updates and other improvements.
- Keep your apps updated to take advantage of security updates and other improvements.
- Only install trusted market apps, such as Android apps or Google play apps. Do not install third-party apps unless required for your university work and approved by your department.
- Do not root your device. Rooting bypasses security features. Do not do this unless it is required for your university work. See Wikipedia's Android Rooting for more information about the dangers of rooting.
- Be aware that certain types of sensitive data (such as Export Control, HIPAA, and FISMA) cannot be accessed or maintained outside the U.S. See the Sensitive Data Guide for details.
- Before you sell or give away your device, back it up then erase all content and settings. Look for the backup, erase, reset, or wipe setting.
- Report security incidents. If you use your device to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Additional Best Practices
Consider these additional options for enhanced security for your device and the data maintained on or accessed from it.
- Turn off GPS/Location Access for apps when you do not need it.
- Set your web browser for private browsing. In Chrome, open the Chrome menu and look for the advanced privacy settings.
- Turn on airplane mode when you do not need to use your phone, GPS, radio, WiFi, or Bluetooth. Look for the airplane, offline, flight, or standalone mode setting.
- Use your cell carrier's network instead of an insecure WiFi network.
- Avoid using public Wi-Fi hotspots.
- Protect yourself online. Use strong passwords, protect your identity, avoid and report phishing, and maintain secure web browser settings.
- Put a sticker on your phone with your name and email address. This low-tech, practical step enables somebody to contact you if they find your lost phone, even if the battery is dead.
Related U-M Policies and Standards