≡ Menu

• Computers
• Games
• World
• Art
• Books
• Cars
• Physics
• About
• Back to Top

Updated: July 16, 2025

For years, the smartphone users have enjoyed a simple "truth" - their rootless devices, combined with the use of sanctioned gilded cage stores, offered them superior security, especially compared to the Wild West of the desktop world. But then, things got more complicated. Today, the online stores are inundated with crapware, and attacks have become quite sophisticated. An improvement in the security posture is warranted, no?

Indeed. A few months back, I wrote my review of the iOS Lockdown Mode. I loved it. It was fantastic. In fact, I think it should be the DEFAULT security state. Not because it reduces attack risks, which it does, but because it reduces the noise and spam factors that are the milieu of the everyday smartphone life. Now, I want to take a look at Android's Advanced Protection mode, not to be confused with the similarly named Chrome browser or Google account mechanisms. And I'm going to take a look at the Samsung version thereof, because that's the device that I have. So follow me, if you will.

The basics

In a nutshell, if you turn on the Advanced Protection, you will lose some functionality. Recently, I upgraded the operating system on my Samsung A54. The process went well, surprisingly so, for the first time that I didn't have too many negative things to say about this phone. Then, a few days later, there was an update that actually introduced these new security protections.

Notice the truncated line. My oh my.

Then, if you go into Settings > Security and privacy > Additional security settings, you can activate Auto Blocker. I talked about this tool before, and I didn't like it, because back then, it also required the activation of a McAfee anti-virus scanner as part of the security bundle. Nope.

Now, the tool has been somewhat redesigned. Auto Blocker in its "standard" mode does not mandate any virus scanning. If you turn it on, then, it will cover the following areas:

• Unauthorized sources - you can only install from the two sanctioned stores. No sideloading.
• USB commands will be blocked while your phone is locked.
• Malware images will be blocked in messaging apps - does this imply some sort of image scanning though? Which apps are covered? WhatsApp? Telegram? Viber? What else? What's the implication to user's privacy, as today, data has become the hottest commodity around.
• Non-official software updates will be blocked. This could potentially prevent the installation of various snooping tools.

Maximum restrictions

Now, this is where things get interesting, and where we touch on the equivalent of the full Android Protection mode. Here, you can turn on the following mitigations:

• App Protection - a daily anti-virus scan.
• Block device admin apps.
• Block 2G networks.
• Block auto-connection to insecure Wireless networks.
• Block automatic download of attachments in Samsung Messages.
• Block hyperlinks and previews in Samsung Messages.
• Remove location data when sharing pictures in Samsung Messages.
• Block shared albums and location data in Gallery.

Practically, what does this protection actually mean?

So, as you can see, there's a lot of stuff. Some of it I want. Some, not. But the problem is the bundling. Samsung effectively forces you to use an anti-virus if you want extra protection. I would rather have no protection than run an anti-virus program.

And that's the thing. You CAN MANUALLY turn most of these mitigations on by hand, by yourself. You don't need the mega toggle. You can block 2G networks and WEP access points, you can block MMS in Messages, you can not auto-download any media, not allow USB debugging, and more. Let me show you, and let's discuss the merits of these tools and options, one by one.

App Protection

I think the use of an anti-virus is totally unnecessary. On a Windows desktop as much as it here, and vice versa. One, you already have the Play Protect in Play Store, which does the same thing. Personally, I have zero intention of using another scanner, especially since it also requires agreeing to separate McAfee terms of service. Two, if you don't allow sideloading, you're already well covered.

Furthermore, this bundling feels like an attempt to force you to use this scanner. Why do it? Why not offer separate toggles for each and every category? Why make the user "succumb" to the anti-virus thingie, and if they don't, they lose all of the advanced features? How's that beneficial? Or is this, like everything mobile and smartphone-related, all about that sweet, sweet user data?

Block admin apps

You can do this yourself, manually. Simply remove them. Job done, easy peasy.

Block 2G networks & insecure Wireless networks

You can do this yourself.

Automatic downloads, previews, links in Samsung Messages

This mitigation annoys me a lot for several reasons:

• What if I don't want to use Samsung Messages? Hint: I don't. I use Google Messages on Android. Is the mitigation even effective for the other app? Or do we have "exclusive" security that requires that you use a specific product? This is like Microsoft giving Windows 10 users another year of "free" updates after October 2025, if they use a Microsoft account and earn rewards. Nope. That's not security. If it tiers people based on preferences, it's basically data haggling, not security. You either patch it or you don't.
• You can manually disable links and previews and even MMS downloads in Google Messages, which is what you should do, regardless.
• Why isn't this a default, ever, forever, everywhere?

Location data

Similarly, annoyances and questions:

• You should disable location data unless you use it, regardless.
• You should only allow location data for specific apps, and only when in use.
• You can manually toggle off location and other metadata in camera and photo apps.
• Again, why isn't this a default?
• What if you don't want to use Gallery? Hint: I don't.

Other protections

Furthermore, you can also block USB connections while the phone is locked, Auto Blocker notwithstanding.

Android Safe Browsing

Now, there's another super-annoying bundle in your system. It's called Android Safe Browsing. One, it's turned on, and there's no toggle to turn it off, but you can turn the real-time protection off. Effectively, this would be yet another anti-virus in your system. Two, it only covers a small number of apps. In my case, it didn't cover Firefox or Chrome (not that I use it), so what's the point of "browsing" then? Three, if you want to actually turn it off, you need to disable Play Protect, and lose other security benefits. All or nothing. Another forced bundling, which, again, to me, feels like, oh data lovely data. Same like Microsoft account/rewards nonsense.

What about actual browsing?

Interestingly, no mitigation here covers the biggest problem of all - the Internet itself! The ads! But we can't have those covered, now can we? Indeed, there ought to be protections against the Web nonsense, but they are quite likely unprofitable, so.

My take on the matter is quite simple:

• Use Firefox for Android, plus the phenomenal UBlock Origin (UBO) extension as your adblocker. Yes, there's a lovely browser that lets you install extensions, including Manifest V2 stuff. This will make your Internet usage quieter, saner, more peaceful, less dangerous. Your phone/browser will use less data, less battery, the pages will load faster, and there will be far less risk from malicious ads and trackers.
• Don't use browsers that don't respect your privacy.

Lastly, a few small visual bugs ...

These are Samsung-specific problems:

• If you toggle Auto Blocker from inside the menu (screenshot above), the toggle won't be turned in the system menu one level up, and vice versa. Effectively, you need to turn two toggles on or off for the same thing.
• Maximum restrictions is grayed out when not active. This can be misleading. But you can actually click the category, and go into the sub-menu.

Quick comparison to iOS Lockdown Mode

Well, now that I had a chance to try both these solutions, my opinion is:

• Lockdown Mode is simpler, more elegant to set up.
• Lockdown Mode includes mitigations not covered here.
• Lockdown Mode includes a toggle to remove specific apps from mitigations.
• Lockdown Mode doesn't enforce an anti-virus scanner.

But ...

That said, both solutions, primarily Android's, don't go far enough:

• Not enough focus on messaging with strangers. There's no message sandboxing for unsolicited communications. For example, in my view, there ought to be some sort of plain-text quarantine for content from people not in your contact list. That should cover email, chat, video, voice, everything. Why not introduce "deny all" mode, whereby anything from anyone NOT in the user's contacts is automatically dropped?
• Modern defaults are purposefully designed for interactiveness and shopping and such nonsense. I would explicitly block these, by default. There's no reason why anyone should have clickable links, previews, auto downloads or anything alike. And the policy cannot cover only one or two apps.The policy must cover every single app.
• Real-time use and optimization in Javascript engines should never be allowed. For example, I've seen this in a few instances of Chrome on the desktop. If you go into Settings > Security > Manage V8 security, the default mode for the Javascript engine is to allow sites to use the V8 optimizer, and Chrome actually tells you that disabling this could reduce the attack surface. Right there! What? Why? How's this even a feature?
• Image and video parsing engines and libraries are opaque. They need to be visible, and have their own toggles and options. For example, if there's a vulnerability in one of the codecs or formats, as we've seen with say Webp a while back and such, the user cannot know which apps are vulnerable. Does each browser use its own libraries? Or system ones? If there's a patch, what does it cover?
• Network firewall. Why not add one, so users can 100% block app access if they need to? But I guess that would mean certain apps never show ads, so that's not profitable, and probably won't ever be included. Modern experience and all that, yeah yeah.
• Bluetooth. Why not disable it? This mitigates tons of proximity attacks. But I guess the answer is, money money money. We can't have people not use stupid buds and similar nonsense, now can we?
• Finally, in Android, but not Lockdown Mode, font mitigations are missing. Remote fonts, oh I hate them so. But you can block them with UBlock Origin, or with Noscript, another fantastic Firefox extension, as it happens. And you can also use it on Android, as it's on the short list of available add-ons for this browser.

There you go. But, as you can imagine, there's only one problem with my approach.

It ain't money-making.

Conclusion

Overall, I am happy that Android is bringing a plate full of useful mitigations to its users. I only had a chance to sample Samsung's version, though. For now, it looks a bit crude. One, too many things are bundled together, forcing the user to make difficult choices, which can lead to less security, not more. Two, I am quite certain every vendor will implement its own interpretation of the Advanced Protection mode, so no two phones will have it quite the same. Three, there's duplication, as you can implement 70-80% of these mitigations yourself. Four, there are still things missing.

A true "protection" mode would be something that turns off all signals, all noise, all background data, all of the modern interactive nonsense, everything that constitutes "modern" Web experience, because therein lie all of the perils, really. We don't have that yet. But look. Two years, we had none of this, and now, there's a partial solution in place. Perhaps by Android 18-19, the protection will be super-tight, and as a bonus side effect, the phone usage will be that much less annoying. One can hope.

Cheers.

Valid HTML CSS RSS

CC BY-NC-ND 4.0 @ Dedoimedo 2006-2025