Mobile security is always a concern for IT, and with new operating system versions from Google and Apple, there's no time like the present to learn the latest security information.
The blogosphere is abuzz with insight about protecting both Android and iOS devices. From keeping devices updated to preventing users from sideloading Android apps, there is plenty of advice if admins know where to look.
Find out what bloggers are saying about Android and iOS security, including information on iOS 10 privacy.
Keep mobile devices up to date with Intune
To minimize the risk of data loss if a mobile device is compromised, users must keep their devices up to date and patched. But admins cannot always trust users to do what they're supposed to. Admins can turn to Microsoft Intune and its Mobile Device Inventory report to identify every device enrolled in Intune mobile device management and any devices connected to Exchange through ActiveSync, according to Microsoft's Enterprise Mobility and Security Blog.
With this list, admins can figure out which devices are not properly updated so they can address vulnerable devices. IT can also restrict user access to select services, including Exchange Online and SharePoint Online and set a minimum OS version requirement.
What to do once mobile devices are up to date
The first step in security is making sure the OS, security patches and the actual device itself are as current as possible, according to a Centrify blog post. Older devices are more at risk because they cannot always handle the latest updates.
Admins must ensure that iOS users do not jailbreak their devices and Android users do not root their devices. When users root Android devices they turn off the OS's Protected Boot feature. It is also important to discourage users from connecting to unknown Wi-Fi networks on either OS. If users work with Android, IT should instruct them to turn off the Allow Unknown Sources option in their security settings so they cannot sideload apps.
Finally, IT can require users to log in with a single sign-on tool, which means less caching and fewer passwords saved on the device for hackers to steal.
Even more Android security advice
Admins can take Android security up a level with Linux kernel defenses, according to the Android Developers Blog. First, they should mark memory as read-only/no-execute, which separates it into different sections that require permissions to access. Next, admins should restrict kernel access to the user space, an aspect of virtual memory that stores application and software memory. That way, attackers are less likely to take control of executable kernel memory.
It is also important to reduce the attack surface area of mobile devices and create fewer entry points for attackers by removing code and only exposing certain features.
Test your mobile device security know-how
Think you know what it takes to provide mobile security? Take this quiz that covers differences in mobile OSes, containerization, data encryption and more.
A look at iOS 10 privacy and security
Apple's iOS 10 is the company's most predictive OS to date. To deliver text and search predictions, the OS must access user data -- a privacy red flag for some people. That's why Apple added differential privacy, which allows iOS 10 to collect data from users and pass it to Apple while keeping the user's identity concealed through data randomization, according to a blog post on The Verge. So, a feature such as Spotlight -- a tool that predicted searches based on individual search history in iOS 9 -- now draws from a global user base in iOS 10. But with differential privacy, admins can't pinpoint an individual user.
Raise to Wake is another new feature with some privacy concerns -- it activates the phone screen as soon as someone picks the device up. While users might find that convenient for quickly viewing information, most wouldn't want just anyone reading their messages, even on the lock screen. If users are uncomfortable with Raise to Wake, though, they can turn it off.
From a security standpoint, iOS 10 includes three different passcode types users can choose from to access their devices from the lock screen -- a custom alphanumeric code, a custom numeric code, or the four-digit numeric code.
A look at a serious iOS vulnerability
How to improve Android security
Further explore Microsoft Intune