While it's true that Android is a little more susceptible to malware attacks than iOS, the situation isn't nearly as bad as Apple would have you believe. With a little knowledge and a sprinkling of common sense, you can make your device impervious to even the most dastardly of digital assaults. Here's how.
Yes, Android lock screens seem to be about as secure as Sony's Playstation Network—but they do offer at least some security against casual attacks.
You get a bunch of different options for your lock screen security - pattern, pin, password and Face Unlock, on stock Android at least. Of those, password is the most faff, but also the most secure. Pin is technically more bits of entropy than pattern (theoretically, at least). Sadly, pattern, while being quite cool, leaves you vulnerable to smudge attacks, which some very bored researchers proved have a 68 per cent chance of working in ‘ideal' conditions.
But no matter what security measure you choose, it's still gonna be better than no password at all, and it'll stop most casual attacks. It's worth the one second of inconvenience 50 times a day, honestly.
Just like as on a Windows machine, some kind of anti-virus software is handy. You may have noticed that everyone's been talking about BadNews recently, a fairly horrific piece of malware that infested systems through an ad service, and sent premium-rate SMS messages in order to gain its designers money. It was discovered by security firm Lookout, and (unsuprisingly) according to them, users of its product would've been protected against the malware.
There are plenty of anti-malware apps out there, many of them free; we'd recommend the aforementioned Lookout, AVG or Avast. Mostly, they'll watch out for malicious code, check installed apps against a database of naughtiness, and generally protect your phone when you subject it to your dodgy taste in Russian fetish sites.
It's annoying, but true. Caching passwords, while incredibly handy, is also a godsend to anyone who steals your phone. Recently, we received a review device here at Giz that had a bunch of previous passwords from an unnamed previous user - we had logins to his emails, social media accounts, everything. For an identity thief, that's the jackpot. Of course, security measures like lock screens help, but the only foolproof method of protecting those passwords is not to save them. (Oh, and turn on two-factor authentication while you're at it.) Generally, the apps that save passwords most are you internet browser - Chrome, in other words.
If you've made the (sensible) choice to root your Android device, you'll need to be extra-careful about security. Rooting a phone allows apps to run with ‘root access', outside the normal checks and balances introduced by Android. A malicious app with root access would be dangerous - able to do basically anything to your phone, without your knowledge (that's why phones don't come rooted out of the box).
Now, that shouldn't put you off rooting. Rather, you need to be slightly more proactive about managing apps on your phone. When you rooted, you probably installed SuperSU or Superuser, which allows you to grant programs root access, and view which programs have been actually using their root priviledge. Be extremely careful about which apps you grant superuser permission to; only give it to trusted apps from trusted sources. It's also worth going back through the list every now and again, to clear out any unnecessary guff.
One of the most common methods of infection on Android is downloads of dodgy apps. An anti-malware program, as mentioned above, will provide one layer of defence against dodgy apps, by flagging up anything malicious-looking.
Of course, the best protection is common sense. Thanks to Google, most apps in the Android app store are pretty clean, and the danger comes from attacks like the BadNews exploit discovered by Lookout, which infected otherwise-OK apps through the advertising system. Either way, big-name apps are more likely to be secure; installing apps from third-party sources will always be dangerous, and ultimately comes down to how naive—or trusting!—you are.