Who Is the Publisher?
When researching the publisher, check out the Website and see what other apps it may have released. If anything looks suspicious, don’t download it.
Read Reviews
Read online reviews to see what other people have to say about the app. While user reviews on the Android Market can be helpful, malware developers can easily post fake reviews, so don’t rely on them entirely.
Check Permissions
When downloading an app, it will display a list of all the permissions it needs. Check to make sure the list makes sense. Alarm clock apps don’t need to look at contacts, and not all apps need Internet access.
Use Caution When Sideloading (Direct Installs)
Users should download and install apps from official sources and not download Android Package files directly from third-party Websites or unofficial app stores. Attackers can easily embed malicious code in APK files.
Install a Mobile Security Product
Antivirus scanners and other mobile security apps can scan the device to protect against malware and spyware. A good scanner will alert users when something malicious is being downloaded and not wait until it’s already on the device.
Be Alert for Scams
Look out for phishing sites or scams that claim to offer some kind of unexplained deal. Users are more likely to fall for online scams and click on malicious links on a smartphone than on a regular computer. Many security tools can scan the Websites to make sure it’s not doing anything dangerous.
Update Mobile Devices, Apps
It’s harder to keep up with the latest security changes and updates to Android because the phone providers and tablet manufacturers push out the updates in their own sweet time. But when users are prompted to update, they should. And users with rooted devices should regularly check for updates.
Turn Off Connections
Users should manually keep WiFi, Bluetooth and other connections turned off if they are not going to be using them, and turn THEM on only when needed.
Use Known Access Points
Man-in-the-middle attacks rely on the fact that users connect to access points with names that sound real, or connect to generic names like “linksys.” Connect only to known access points. Remove the guesswork and stay safe.
Audit Apps, Phones
Dont store passwords on the device, and make sure apps aren’t doing so without your knowledge. Make sure profiles aren’t being created or modified without your knowledge. Make sure email is not automatically downloading malicious attachments.
Turn On Wipe
If the phone is stolen or lost, a Wipe application will clear all the data so the private information wont fall into the wrong hands. If you can, try to download an app where you can wipe your SD card too.