Threat model user

Having a secure lock screen is the easiest way to limit access to the data on your phone. Whether you just left your phone on your desk while you had to walk away for a moment or two or if you've lost your phone or had it stolen, a lock screen that isn't simple to bypass is the best way to limit that access. Any method that locks your phone is better than none, but generally, a random six-digit PIN is enough to require someone to have special knowledge and tools to bypass it without triggering any self-destruct settings. Longer, randomized alpha-numeric passwords mean they will need the right tools and a lot of time. Well, it's not sexy, but the good old password remains the safest way and sMessenger only allows the use of a strong password to lock your Phone.

 

Do not use the same password for your phone and applications on your Phone (such as sMessenger). Use your imagination and find passwords that are easy to remember for you but hard to crack.

 

Encrypt all of your local data: recent versions of Android come encrypted by default, don't do anything to try and lessen it. A phone that needs to be unlocked to decrypt the data is one that only someone dedicated is going to try to crack.

 

Know what you're tapping on: never open a link or message from someone you don't know and never click a random web link from someone you don't trust. The reason isn't paranoia. Malformed videos were able to cause an Android phone to freeze up and had the potential to allow elevated permissions to your file system where a script could silently install malware. A JPG or PDF file was shown to do the same on the iPhone. Both instances were quickly patched, but it's certain that another similar exploit will be found, especially when we see stories of flaws like Meltdown and Spectre affecting all our digital things.

 

Only install trusted applications: for most, that means Google Play. If an app or link directs you to install it from somewhere else, decline until you know more. This means you won't need to enable the "unknown sources" setting required to install apps that didn't originate from a Google server in the Play Store. Only installing apps from the Play Store means Google is monitoring their behavior, not you. They are better at it than we are. This is something Google is always working on because they put their name on the back of every phone and look bad when stories about malware on Android happen.

 

Turn off connections when you don't need them: if you're not using Wi-Fi or Bluetooth, turn them off. Besides saving some battery life, network connections can be used to attack you. The BlueBorne Bluetooth hackers are still alive, well, and ready to wreck your day. Don't give it a chance.True, Android was patched to stop this attack in its September 2017 release. Google's device family got the patch and Samsung deployed it.

 

If you don't use an app, uninstall it: every application comes with its own security problems. Most Android software vendors do a good job of updating their programs. Most of them. If you're not using an application, get rid of it. The fewer program doors you have into your smartphone, the fewer chances an attacker has to invade it.

 

Bottom line: when using your phone and installing an app, exercise common sense. Combined with good decision-making, you can reduce the threats you may encounter on your device. Lots of guides are available on the internet about how to secure your Android Phone; spend some time reading them.

 

And if all the above fails: sMessenger is designed with the assumption in mind that all the above fails and still is capable of protecting your messages, contacts and notes.