BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Android mobile application management can help IT combat some, but not all, Android app security risks.
The options IT has for Android mobile application management are relatively limited, but admins can address some of the security shortcomings by regulating device access to the corporate network. The best way for IT to manage Android apps in a corporate environment is to provide an alternative to Google Play, the official Android app store. In Google Play, users have full control over which apps to download and install on their devices, and there is the threat of malware disguised as legitimate apps.
Android mobile application management
But with an alternative approach, such as a mobile application management (MAM) product, IT can regain some level of control.
Android mobile application management allows IT to control app distribution on registered devices and regulate which employees can use which apps, based on users' roles and/or devices. MAM also allows IT to build an enterprise app store that only authenticated users can access. IT can create corporate policies for app installation and enforce them via MAM through such features as blacklists and whitelists. MAM also allows for app tracking, and it can send alerts to IT when users install unapproved apps. From there, IT can view user and IT-installed apps on managed devices. Another advantage of MAM is that IT can manage the entire mobile application lifecycle.
MAM isn’t a perfect solution to IT’s mobile security problems, however. For example, there aren’t any Android mobile application management options that allow IT to automatically lock down devices running blacklisted apps. MAM also can’t prevent devices that it doesn’t manage from accessing the corporate network.
Device access control
If you want to prevent unauthorized apps from accessing data on the corporate network, device access control might be the best option. You can keep Android devices off the corporate network altogether by blocking Wi-Fi access, but that’s not really a feasible option. A better way to prevent unauthorized access is to authorize specific users to access your Wi-Fi.
More on Android mobile application management
Android security issues in IT
Android app security offers IT little comfort, despite Google Bouncer
Android app security FAQ: Keeping devices safe from Android threats
MAC address-based access control can be useful. In large organizations it’s a big job to authorize every individual user based on his or her MAC address, but IT can prevent access based on the first part of devices’ MAC addresses. Different devices typically have specific ranges of MAC addresses assigned to them, so if your network hardware allows, you can exclude the ranges of unwanted devices. But even then, ranges of MAC addresses are hard to manage, and you might still find an unauthorized device accessing your network.
Of course, device access control won’t solve all of IT’s consumerization challenges, either. Users can easily circumvent IT’s blocks and get information out of the company network in other ways, such as by sending corporate data to their personal Gmail accounts or saving it in Dropbox or other cloud storage services.