Anti-Phishing Working Group (APWG) disclosed approximately 1,003,924 phishing incidents. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the leading organization tasked with safeguarding against cyber threats, revised its Mobile Communications Best Practice Guidance in November 2025 in response to heightened espionage activities, particularly from the People’s Republic of China (PRC), along with an uptick in cyber assaults.
CISA offers broad advice for users, including the use of end-to-end encrypted (E2EE) messaging. It encourages the activation of passwordless FIDO authentication for logging in, a more robust, phishing-resistant login option, and suggests avoiding SMS-based multi-factor authentication, which attackers can more easily intercept. It’s also recommended to update your device regularly and utilize a password manager to enhance security. In addition to general guidance, CISA has issued specific recommendations for Android that it advises implementing immediately. Due to the rising malware threats on Android – which surged by 151% in the first half of 2025 (according to Malwarebytes) — CISA is now advocating for more stringent protections. Let’s examine seven CISA security configurations you should adjust now to safeguard your Android device against contemporary cyber threats.
