DOC RABE Media - Fotolia

Manage Learn to apply best practices and optimize your operations.

Top four Android tips for better mobile security

The limitations of Android security features are well known, but with Android for Work, dual persona tech and more, IT can better protect devices.

Android is hard to secure by nature, because it's open source and runs on a laundry list of different devices.

Android is not like iOS, a proprietary operating system that only Apple controls and runs solely on Apple's own devices. Android is found on hardware from Samsung, HTC, Google and many other manufacturers, each with different standards and approaches to building mobile devices. As a result, no two devices from different Android vendors are the same, and that means protecting each type of device is different, too.

Fortunately, all hope is not lost when it comes to Google Android security. There are some Android security features built into the OS that help organizations fight back. And Android for Work introduced native dual persona capabilities to protect corporate data. These four tips for better mobile security can help any organization improve its Android defenses.

Take advantage of built-in Android security features

As a Linux-based OS, Android comes with file system permissions and encryption built in. The permissions let IT limit the areas of the organization's file system a device can access. And the encryption uses a password and a kernel-level Advanced Encryption Standard algorithm to make sure only approved apps access certain parts of the OS. Security-enhanced Linux takes that idea to the next level by forcing apps to follow certain rules set at the kernel layer.

Even better mobile security comes from RSA encryption, the Digital Signature Standard authentication, cryptographic hash functions and Secure Socket Layer/HTTP over SSL.

Separate work and personal data with dual persona

All hope is not lost when it comes to Google Android security.

Dual persona essentially turns one device into two devices, one for work and one for personal use. The personal side is the user's domain. IT has no control over it and cannot even see its apps and data. The work side is all IT. Admins have complete jurisdiction to enforce security policies, install apps and protect data from moving out of approved areas. On Android devices, dual persona takes the form of Work Profiles, a feature in Android for Work that creates a separate work profile for users. It also gives IT the power to remotely wipe a device without users having to worry about losing their personal data.

The fragmented nature of Android means not every device is compatible with dual persona technology. Some manufacturers' devices do not support encryption, for example, which is required for dual persona to work. As a result, dual persona functions best with corporate-owned devices where IT gets to pick the devices for users.

Let Android for Work help out

Android for Work brings together a variety of services to provide better mobile security so IT can protect and take control of devices. In addition to offering dual persona capabilities, Work Profiles lets IT feel comfortable with users running apps natively on their devices because the containerization eliminates the threat of personal apps corrupting work apps.

With Android for Work, users can access productivity apps such as Google Drive to work on business documents in an encrypted environment on their mobile devices. And IT can update apps on its own, including implementing security upgrades without user permission or involvement.

Remember, Android is not iOS

Google Android security takes a lot of heat for not being able to cut it in the business world. Although the OS gives significant security and management capabilities to IT, some of the criticism is warranted -- especially when compared to iOS. For example, Android 5.0 and subsequent version support AES-256 bit encryption, but a simple factory reset, which users can perform on their own, turns encryption off. In addition, some of the brands of hardware Android runs on don't even support encryption. With iOS, encryption cannot be turned off.

Data control is also a problem. Yes, admins can control what data goes where on managed devices, but they have no power over any data that finds its way onto unmanaged devices. Apple offers Managed Open In, which gives IT the power to set restrictions on the data itself, limiting what apps users can access it in and leading to better mobile security.

Next Steps

Put your Android security knowledge to the test

Comprehensive Android device management guide

Explore new security features in Android M

Dig Deeper on Google Android operating system and devices