Android devices are popular among business users, but they pose some weighty Android app security problems for IT departments. Fortunately, users and admins alike can take precautions to address Android threats and prevent
Android app security isn’t perfect yet, but the good news is that there are steps IT and users can take to defend devices from malware and other Android threats. This Android FAQ answers these questions about application security, device security and malicious apps and will help IT and users lock down their devices and the data they access.
What are the biggest Android threats in the enterprise?
Android security issues present themselves in many different ways. One issue is IT’s lack of control over Android app security. Admins can’t authorize or prohibit apps, so users are free to download any app from anywhere. Applications from outside the Android Market often come from un-vetted, third-party sources, and downloading these apps is one way that devices can get malware.
In addition, applying security policies won’t help IT manage Android devices, because there aren’t any centralized management tools for the Android operating system yet. Another issue for IT is that most versions of the Android OS don’t have native tracking or disabling features, which are invaluable in the event a device is lost or stolen.
Why is Android app security such a big deal?
Google checks apps for security before they enter the Android Market, but there isn’t an Android security policy to which all those apps adhere. Android uses sandboxing, which limits how an app can interact with other apps and the OS, thus limiting the effects of any malware as well. But some Android phone malware is designed to trick users into lifting these limits, by presenting seemingly authentic requests for permission to access other apps and OS components. A virus can then use these permissions to attack the full mobile platform. For the most part, Android app security is good, but the chance for malicious apps to make their way into the Android Market is still present.
How can I tell a malicious app from a secure one?
To identify Android malicious apps, advise users to check an app’s reviews before they download it. Make sure users know to only download apps from the Android Market or a trusted third-party source that evaluates for security. Even then, it’s critical that users exercise good judgment. Admins can point users to the Veracode directory, which lists applications from third-party vendors that Veracode, a security testing company, has approved as secure. It’s also important that IT help users stay in the know about Android app security and malicious app developers. Malicious apps are often bad versions of legitimate apps, so users should be careful that they know which version of the app they’re downloading and who the developer is.
What else should users do to protect against Android threats?
More on Android app security
Mobile WAN optimization arrives for enterprise Android tablets
Android attacks now outpace all other mobile platforms, says McAfee
Android app security: Study finds mobile developers creating flawed Android apps
Android mobile application management won’t solve all security problems
There are third-party apps that provide tracking and disabling security features that aren’t native to some Android devices, specifically the ones running any version of the OS predating Android 3.0 Honeycomb. Newer versions have encryption technology and provide admins with the ability to trace and lock devices remotely. While developers are working on centralized management utilities to help IT manage Android devices, IT can start training mobile employees on enterprise mobile device security and encouraging them to close apps and disable Wi-Fi when those services aren’t in use.
On the user’s end, it’s important to have screen protection enabled to lock the screen after a period of inactivity. Users whose tablets have the Find My Mobile feature should take appropriate steps to set it up through the device manufacturer. Enabling encryption technology can take a long time (at least an hour for most devices), but is worth it on a device containing sensitive data. Users absolutely should download a third-party app to improve Android malware protection, and they should back up their data.
This was first published in February 2012