Security configuration benchmarks are provided in this document which guides for establishing secure configuration posture for the Google Android OS. This benchmark will be useful for Android 10.0.x and hardware devices on which this OS is supported.

So the following settings have to be checked or changed:

• Android OS security settings
• Android OS privacy settings
• Android OS chrome browser settings

Android OS security settings

Android OS can be secured by making the changes into settings of OS, which will reduce the probability of exploiting the device by an attacker.

• E.g  Ensure the device firmware is up to date.

Description:

Ensure that the device is updated with security patch levels.

Audit:

To verify that the devices up to date to the most recent firmware version:

1. Tap settings gear icon
2. Tap system
3. Tap advanced
4. Tap System update
5. Verify that Android security patch level is current and that no new updates exist.

Remediation:

Follow the below steps to check and update the device security patch level:

1. Tap settings gear icon
2. Tap system
3. Tap advanced
4. Tap System update
5. Tap check for updates
6. Apply the update if available.

Similarly, we can ensure for other options like enabled screen lock, disabled pattern visibility, disabled smart lock etc. in the security settings section.

Android OS Privacy settings

Privacy-related recommendations are provided in this section.

• E.g  Ensure ‘Lock screen’ is set to ‘don’t show notifications at all’

Description:

Disable the notifications on the lock screen.

Audit:

To verify ‘Notifications on the lock screen’ are set to ‘don’t show notifications at all’:

1. Tap settings gear icon
2. Tap apps and notifications
3. Tap notifications
4. Tap advanced
5. Tap Lock Screen

      6.   Verify that the lock screen is set to don’t show notifications at all.

Remediation:

Follow the below steps to set on the lock screen to ‘don’t show notifications at all’:

1. Tap settings gear icon
2. Tap apps and notifications
3. Tap notifications
4. Tap advanced
5. Tap Lock Screen

      6.   Tap lock screen and set it to don’t show notifications at all.

According to the recommendations, we can disable Use Location, Web and app activity, Device Information etc. in the privacy settings section.

Android OS Chrome Browser Settings

• E.g  Ensure ‘Microphone’ is set to ‘Enabled’

Description:

This setting controls if a site asks before accessing the microphone.

Audit:

To verify if microphone is enabled:

1. Tap Chrome Icon
2. Tap Menu Icon
3. Tap Settings
4. Scroll to the Advanced section
5. Tap Site settings
6. Verify that microphone displays Ask First.

Remediation:

Follow the below steps to Enable the microphone permission request:

1. Tap Chrome Icon
2. Tap Menu Icon
3. Tap Settings
4. Scroll to the Advanced section
5. Tap Site settings
6. Tap Microphone
7. Toggle to the On position.

Conclusion

Similarly, we can enable the settings for Location, Safe Browsing, Do Not Track options to secure Android OS.

Mobile devices with Android OS can be secured by following CIS benchmarks which help to protect the device from different threats.