Mobile security is a big deal, probably now more than ever. Most of us live on our phones, with financial information, calendar appointments, family photos, and more stored on our devices. Here’s how to keep your Android phone secure.

Enable Two-Factor Authentication On Your Google Account

A secure Android phone starts with a secure Google account, because that’s where all your synced data is stored—and the more Google services you use, the more crucial this step is.

If you haven’t already, start by enabling two-factor authentication (2FA) on your Google account. There are several options for that second factor, be it a simple text message (which is inherently the least secure of all 2FA methods, but still better than nothing) to adding a U2F key like Google’s Titan Key bundle.

You can find Google’s 2FA settings in My Account > 2-Step Verification (and you’ll have to sign in, of course). We also have a step-by-step guide on enabling the feature if you hit any snags.

But seriously, do that now if you haven’t already.

Also, while you’re poking around in your Google account settings, it’s probably a good idea to go ahead and run a security check. This lets you add or modify recovery phone numbers or email addresses, check recent security events, see what other devices are logged in (and remove them if necessary), and a lot more.

Use a Secure Lock Screen

If you’re not using a secure lock screen, it’s time to change that. This is your absolute first line of defense when it comes to keeping your phone safe.

While the process varies slightly between Android manufacturers and their various flavors of Android, the general gist is Settings > Security > Screen Lock. As I said, the details might vary slightly here, but that will get you in the ballpark. We also have a more detailed guide available should you need that.

And don’t forget to add your fingerprint if your phone has a scanner, too—here are a few tips to make it as accurate as possible.

Make Sure Find My Phone is On

Losing your phone is a gut-wrenching feeling, so you also want to make sure you have a way to track it and, worse case scenario, remotely reset your phone if there’s no chance of getting it back.

Fortunately, Google has a tracking system in place for Android phones. It’s called Find My Phone, and it should be enabled by default on all modern Android phones. To double check, jump into Settings > Google > Security > Find My Phone.

If you ever lose your phone or it gets stolen, you can fire up the closest web browser and search Google for “Find My Phone” and remotely locate your lost device. We have a closer look at everything you can do with Find My Phone if you’re interested in that, too.

Disable “Unknown Sources” and Developer Mode

If you’ve tinkered with your phone in the past, you might have enabled something called “Unknown Sources” (or “Install Unknown Apps” on newer versions of Android). This setting allows you to install apps that are not from the Google Play Store—a process called “sideloading.” And while Oreo made strides to make this a more secure feature, it can still be inherently dangerous to leave enabled.

To improve security, you should disable this feature. On pre-Oreo (8.0) versions of Android, you can do this easily in Settings > Security > Unknown Sources. On Oreo (8.0) and Pie (9.0) you’ll need to disable this feature on a per-app basis, but you can find everything that has access to the feature in Settings > Apps > Special Access > Install Unknown Apps.

Similarly, if you’ve ever enabled Developer Mode for any reason but don’t actively rely on any features, go ahead and disable it. Jump into Settings > Developer Option and slide the toggle at the top to the off position.

Note: On Android Pie (9.0), you can find Developer Options at Settings > System > Developer Options.

Things Google Already Does to Make Sure Your Phone is Secure

It’s not just your responsibility to make sure your phone is secure—Google also does some things to make sure that its system is buttoned up tight.

Google Play Protect

Starting with Android 8.0 (Oreo), Google baked in a feature named Play Protect. This is an always-on, always-scanning cloud-based security system that keeps an eye on apps in the Play Store and on your device. It aims to keep malicious apps at bay—including fake apps—and can even scan apps that you sideload.

To see Play Protect’s settings, head to Settings > Google > Security > Play Protect. You can make sure it’s turned on (and it should be), as well as enable app scanning for side-loaded applications.

On-Device Encryption

In the earliest days of Android, encryption wasn’t even an option. Google added it later, though you had to enable it manually, and that was a hassle. These days, Android is encrypted by default on all modern devices, and you can’t turn it off.

This means that all the sensitive data on your phone is stored in an unreadable, scrambled state upon boot and isn’t decrypted until you enter your password, PIN, or passcode.

Keeping your phone secure isn’t difficult—take a few minutes to check and enable a few settings, and you’ll always have the peace of mind that your phone is as secure as it can be should it ever get lost or stolen.