Top 5 Android security tips for the enterprise

Keep your device secure by following these simple steps which include using Android's encryption features and Google's Device Policy app.

4. Keep up-to-date

Google generally carries out one major upgrade per year with the latest being Android 4.0 Ice Cream Sandwich. In between the major refreshes regular updates are pushed out to fix bugs, address security holes and improve general performance. It is important to keep up-to-date in order to benefit from this updates, especially the security fixes.

As Android application developers support newer versions of Android, those running older versions could be left with unsupported software with potential security vulnerabilities. History has shown that older operating systems become security liabilities as attackers are able to exploit a greater number of vulnerabilities to undermine devices.

Organisations should systematically audit devices to make sure they are being supported by device manufacturers and consider replacing those units that will not receive future software updates. Those firms looking to deploy Android devices now should consider devices running Android 4.0 and beyond and encourage users to upgrade.

3. Don't ROOT your device

Android is a Linux-based operating system, with applications running with less permission in order to sandbox any potential security threat from a single application. Running applications under restrictive user accounts also limits what applications can do with lower-level access forbidden. However, this can be circumvented by 'rooting' an Android device, allowing certain applications to have full access to the Android operating system.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Android enthusiasts and power users like to root devices because it gives the ability to alter Android's look and feel, load custom versions of the OS (known as ROMs) and run applications that have kernel level interaction. It is possible to increase the clock speed of the processor, for example.

While all of that sounds good, users should realise that by allowing wide reaching access, malicious applications could run amok with access to sensitive data stored on the device.

Google warns against rooting encrypted Android devices as doing so allows applications to access the private key used for encryption. This effectively erases any security benefits provided by encryption. Google's advice may pertain to encryption keys but the general point remains, rooting devices can give malicious applications and remote attackers access to the whole device.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020