Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

8 Android security tips for IT, corporate users

James A. Martin | May 21, 2015
The security pros interviewed for our article, "Experts bust Android security myths," offered up the following eight Android security tips for IT administrators and users

The security pros interviewed for our article, "Experts bust Android security myths," offered up the following eight Android security tips for IT administrators and users

1) Don't root that Android device

"To do significant damage in the mobile world, malware needs to act on devices that have been altered at an administrative level," according to Dionisio Zumerle, principal research analyst at Gartner. "The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices ...

While these methods allow users to access certain device resources that are normally inaccessible ... they also put data in danger."

2) Don't overlook Android security or focus only on malware 

"Perhaps one of the biggest risks of mobile malware is the fact that mobile malware, in itself, is not yet abundant," says Domingo Guerra, president and cofounder of Appthority. "This creates a false sense of security in government and enterprise organizations." 

Guerra also identified a number of additional Android risks, including "corporate data exfiltration, poor app development practices, mismanagement of user names and passwords, poor implementation of encryption, and data harvesting and sharing for marketing purposes.

"These risks are often overlooked by shortsighted, malware-only security strategies," Guerra says. 

3) Don't install Android software from unofficial app stores

"Only install apps from the Google Play store that are from known and trusted developers," says Terry May, an Android developer with Detroit Labs. "It would also be a best practice to take advantage of the multiple users feature in Android and have a user account that is just for enterprise."

4) Pay attention to Android app permission requests 

Reading an app's access requests is critical, according to Mark Huss, senior consultant at SystemExperts. For example, a flashlight app doesn't need access to services that cost you money (such as SMS messaging), system tools, your call list or any personal information, network communication or location service, Huss says.

5) Always keep Android software and firmware updated

"Always check for available firmware updates and patches and download the latest version if possible," says Gleb Sviripa, an Android developer at KeepSolid. "The newer the version is, the fewer the chances that hackers can attack your device."

6) Install security and VPN apps

It's simple to find a plethora of security apps for Android. Look for apps that scan for malware and block apps from non-approved sources, according to Geoff Sanders, cofounder and CEO of LaunchKey. Disk encryption should be enabled, and apps that have "overreaching access to potentially sensitive data" should be denied, he says.

When surfing the Internet, Android devices should be protected with virtual private network (VPN) software such as VPN Unlimited, Sviripa says.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.