Eugenio Marongiu - Fotolia
Although Android remains the most popular mobile operating system, there's a continuous stream of concerns regarding its security.
The Android community has made huge progress in improving security. Features such as full-disk encryption, restricted profiles, improved authentication and SafetyNet all give IT shops better Android device management and security capabilities. But IT managers would be well-served to pay careful attention to the potential pitfalls that remain.
Here are five Android device security challenges to focus on in the coming year:
Perhaps the single biggest criticism of Android has to do with the diversity of its ecosystem. As an open source OS, Android has a wide range of modified versions implemented on a significant number of devices. This state of affairs can create a nightmare for support and security staff.
Any thoughts that an organization might have of becoming an Apple iOS-only shop, however, probably wouldn't be workable, because of Android's popularity among users. The solution to the Android fragmentation problem is to limit the number of devices and operating system versions allowed, whether they are corporate-issued or BYOD. This approach facilitates IT control over Android device management and security in production environments.
One of the most effective solutions to the problem of viruses, worms and other malware is the use of mobile application management, which can prevent an infected app from contaminating an entire device. Acceptable use and security policies need to be in place before deploying any management products, however, and these policies must align with overall organizational objectives. Antimalware apps are available, but their effectiveness is controversial, and IT should carefully vet them before deployment commences.
Management tool selection
Enterprise mobility management (EMM) suites can help improve Android device security with their content, application and identity management features. The key elements to look for are cross-platform support -- especially across multiple Android releases -- and integration with other operational management systems. Those capabilities are becoming more important so as to avoid overlapping or conflicting features, as well as to maximize IT productivity.
Encouraging users to comply with simple, straightforward policies can solve a lot of Android device security problems. But if even one user fails in this regard, it can lead to quite the opposite. Policies should require the use of device passcodes, appropriate backup and storage and adherence to best practices for avoiding social engineering attacks. The biggest problem area regarding user behavior has to do with apps. Even though Android apps provide permissions notifications, does any given user really know what data, device features and other apps a given app is accessing? Does IT? Mobile content and application management are clearly more critical than ever to control the flow of data among apps. And don't hesitate to blacklist third-party apps that raise security concerns.
In a BYOD world, users expect to do whatever they want with what are, after all, their own devices. EMM is the backbone of good organizational security practice for now, but Dual persona and mobile virtualization -- which separate a single device into separate work and personal environments -- will become more common. The good news is that Android device management supports these technologies, whereas iOS does not.
The Android community is very aware of the importance of good security and will continue to make progress. But we should all remember there is no such thing as absolute security.
The open source nature of Android should provide some comfort that the architecture and security mechanisms of a given implementation are appropriate, effective and uncompromised. Many, however, remain skeptical of open source in general and of Android in particular, thanks to past problems with app security. Vigilance remains a core requirement in all IT departments.
Take our Android security quiz.
Here's everything you need to know about managing Android devices.
Learn the fundamentals of Android application security.