This content is part of the Essential Guide: An admin's guide to mobile application security and delivery
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Android mobile application management won’t solve all security problems

Android mobile application management can help IT get a handle on which apps users are running, but IT still won’t be able to lock down devices or limit Wi-Fi access.

Android mobile application management can help IT combat some, but not all, Android app security risks.

The options IT has for Android mobile application management are relatively limited, but admins can address some of the security shortcomings by regulating device access to the corporate network. The best way for IT to manage Android apps in a corporate environment is to provide an alternative to Google Play, the official Android app store. In Google Play, users have full control over which apps to download and install on their devices, and there is the threat of malware disguised as legitimate apps.

Android mobile application management

But with an alternative approach, such as a mobile application management (MAM) product, IT can regain some level of control.

Android mobile application management allows IT to control app distribution on registered devices and regulate which employees can use which apps, based on users' roles and/or devices. MAM also allows IT to build an enterprise app store that only authenticated users can access. IT can create corporate policies for app installation and enforce them via MAM through such features as blacklists and whitelists. MAM also allows for app tracking, and it can send alerts to IT when users install unapproved apps. From there, IT can view user and IT-installed apps on managed devices. Another advantage of MAM is that IT can manage the entire mobile application lifecycle.

MAM isn’t a perfect solution to IT’s mobile security problems, however. For example, there aren’t any Android mobile application management options that allow IT to automatically lock down devices running blacklisted apps. MAM also can’t prevent devices that it doesn’t manage from accessing the corporate network.

Device access control

If you want to prevent unauthorized apps from accessing data on the corporate network, device access control might be the best option. You can keep Android devices off the corporate network altogether by blocking Wi-Fi access, but that’s not really a feasible option. A better way to prevent unauthorized access is to authorize specific users to access your Wi-Fi.

More on Android mobile application management

Android security issues in IT

Android app security offers IT little comfort, despite Google Bouncer

Android app security FAQ: Keeping devices safe from Android threats

MAC address-based access control can be useful. In large organizations it’s a big job to authorize every individual user based on his or her MAC address, but IT can prevent access based on the first part of devices’ MAC addresses. Different devices typically have specific ranges of MAC addresses assigned to them, so if your network hardware allows, you can exclude the ranges of unwanted devices. But even then, ranges of MAC addresses are hard to manage, and you might still find an unauthorized device accessing your network.

Of course, device access control won’t solve all of IT’s consumerization challenges, either. Users can easily circumvent IT’s blocks and get information out of the company network in other ways, such as by sending corporate data to their personal Gmail accounts or saving it in Dropbox or other cloud storage services.

Dig Deeper on EMM tools | Enterprise mobility management technology

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I'm not sure we're even ready for this technology as half of the organizations I see don't do anything related to mobile security. What value can MAM bring when the basics haven't even been addressed and mobile security continues to be ignored? It's a technology that's made for those who get security and, perhaps in the future, it will trickle down to those who don't as it further integrates into enterprise IT and security solutions.