What is Android device management?

Android device management (ADM) is an organized approach to provide a workforce with Android-based mobile tools, content and applications for productivity while keeping corporate data secure

Woman looking into a smartphone

Android device management explained

More than 80% of all mobile devices worldwide run Android, a mobile operating system created by Google. This higher percentage means company employees are more likely to use Android for both work and personal use than other device types.

Android devices, if accessing critical business data, can threaten security if hacked, stolen or lost. But with a single ADM platform, IT and security departments can manage all of a company's mobile devices, keeping them secure and the workforce flexible and productive.

Android device management allows IT administrators to manage and secure Android devices. It provides system visibility, remote app management capabilities, automatic security updates and installs, kiosk mode, security alerts, geolocation or geofencing that can auto-lock lost or stolen devices.


What are major Android security threats?

Android OS is the most widely used mobile operating system in the world, according to Statista. 1 And logically, Android users encounter more security compromises compared to Apple iOS users and others. Two major Android security threats are malware and data leaks.

Malware

Mobile malware is undetected software created to damage, disrupt or gain illegitimate access to a client, computer, server or computer network. It can exploit OS vulnerabilities to steal data, change device configurations to pull more malicious software with additional functionality, deliver pop-up ads or trigger strings of premium SMS messages for monetization. Some can cripple devices, making them unusable for some time.

Data leaks

Data leaks are the unauthorized or unintentional transfer of sensitive information from a mobile device over the internet—sometimes because of malware. A leaking app is one of the most common mobile security risks. Unencrypted data makes data more readily available to a cybercriminal utilizing the same network as the device with a vulnerable app, a practice known as a man-in-the-middle (MitM) attack.

Excessive app permissions

There are millions of Android apps available in the Google Play store. And while some are safe and treat personal data with the utmost care, many are unsafe. Apps can be compromised.

Compromised apps can lead to data leaks. Personal or corporate data can funnel to unscrupulous third-parties from unsafe apps. One way data can leak is through excessive app permissions. App permissions determine what functions an app has access to on a user's device. Some app permissions are riskier than others, so users need to pay attention to the permissions they grant.

According to Wandera's study, "Understanding the mobile threat landscape," 45% of the most requested permissions on Android are considered high risk. But which permissions are high risk and how? Here's a list of regularly accepted permissions on Android that Wandera considers as higher risk:

  • Find accounts: This allows the app to get the list of accounts known by the phone.
  • Read contacts: This allows the app to read data about contacts stored on a device.
  • Read phone status: Allows the app to access the device's internal features, such as phone number and device IDs.
  • Read SD card: This allows the app to read the contents of an SD card.
  • Write to SD card: This allows the app to modify or delete an SD card's contents.
  • Precise location: This allows the app to get a precise location using GPS or network location sources.
  • Record audio: This allows the app to record audio with the microphone at any time.
  • Take pictures and video: This allows the app to use the camera at any time.

Out-of-date operating systems
Per Wandera's study, "65% of organizations have at least one device with an out-of-date operating system," and the data shows "57% of Android devices are running an OS at least two full versions behind the current one." Updated operating systems not only improve device performance but also include critical security patches. So without OS updates, Android devices remain vulnerable to cyberattacks.

Sideloading apps
Sideloading Android devices describes an app installation process outside of using the default Google Play store. While an Android OS default configuration doesn't allow sideloaded apps to be downloaded and installed from unofficial sources, it's possible to configure Android OS settings to allow apps from third-parties. So users can download application packages from websites or install apps from third-party app stores.

Wandera's research shows around 20% of Android devices have this setting enabled, which opens up the device to threats. Users that sideload apps face increased security risks because it bypasses Apple and Google's application vetting process on their official app stores. Thus, the device has less protection against inadvertently installed malware. "35% of organizations have at least one device with one or more sideloaded apps installed," according to Wandera's study.

Rooting
Rooting is the process of allowing Android users to gain control over internal OS systems. And as the name implies, the technique provides root access to the device. Users of rooted Android devices can make drastic changes, up to and including changing the device's operating system. Rooting an Android OS is similar to jailbreaking an Apple's iOS. Both are privilege escalation methods, but rooting provides more control to Android users than Apple users gain through jailbreaking.

Per the Wandera study, "6% of organizations have at least one jailbroken or rooted device." Although popular with users trying to free a device from carrier lock, these risky configurations allow them to install unauthorized software functions and applications. Some users might jailbreak or root their mobile devices to install security enhancements. But most look for a more straightforward method to customize the OS or install applications that aren't available on the official app stores. Whatever the case, rooting opens up the device to cyberthreats.


How Android device management works

A successful ADM program works best with Android Enterprise. Android Enterprise is a Google-led initiative, enabling the use of Android devices and apps in the workplace. It provides a fast, streamlined method for deploying corporate-owned Android devices, and it's the default management solution for Android devices running 5.0+.

The program offers APIs and other developers' tools to integrate support for Android into their enterprise mobility management (EMM) solutions. For example, IBM Security MaaS360 with Watson, an Android Enterprise Recommended (link resides outside of ibm.com) unified endpoint management (UEM) platform, integrates with Android Enterprise to support the Android EMM solution APIs. It brings a unified experience of management to the Android operating system.

An Android Enterprise integration allows an organization to:

  • Gain insight into each device, including its OS system and version, manufacturer details and root detection. 
  • Perform actions to locate devices and lock or wipe (full and selective) the lost ones. And control apps with blocklist, allowlist and auto-install or removal. Enforce geofencing on hardware features like the camera to protect sensitive data.
  • Set policies to enable access to corporate resources from email to wifi and VPN. Manage passcode updates and length to meet corporate standards, and enforce encryption and kiosk mode.
  • Disable hardware functions like the camera, USB storage and microphone. Protect data level leaks with feature restrictions for the clipboard, cut and paste and screen capture functions.
    • Enforce OS updates to reduce vulnerabilities or pause updates until your corporate applications are vetted and ready for deployment.
    • Zero-day support for new Android OS versions and devices using OEMConfig.
    • Zero-touch enrollment with out-of-the-box configuration and one-time setup for large scale deployments.

Privacy peace of mind for BYOD, by shielding personal app information, device location, physical address, SSID and browsing history. With an Android work profile, personal data can stay private while work data remains secure. The user can switch between work and personal profiles without sharing data between the two.


Solutions

Mobile device management

Get adequate visibility, manageability and security for running iOS, macOS, Android and Windows. And take advantage of seamless over-the-air (OTA) device enrollment for easy, rapid deployment.

Mobile security

Whether you support a single operating system type or have a mixed variety of devices, IBM mobile security offers the most secure, productive and intuitive solution on the market. IBM harnesses the power of AI technology to help you make rapid, better-informed decisions.

Unified endpoint management

Powered by AI and analytics and integrated with your existing IT infrastructure, IBM simplifies and accelerates the support of a diverse, complex endpoint and mobile environment. Simplify the management and security of smartphones, tablets, laptops, wearables and IoT.

Enterprise mobility management

Enterprise mobility management (EMM) combines user, app and content management with robust data security to simplify how you manage your device environment. Get the right balance between user productivity and mobile security with IBM EMM solutions.

Bring your own device security

When an employee can use their personal device, you empower them to do their best work in and out of the office. BYOD programs can have the added benefit of saving the budget by shifting hardware costs to the user. But employees need to know that you're protecting their personal use and privacy. Secure your remote workforce with IBM.

Zero trust security

Today's open, multi-cloud environment requires a different security model: zero trust. Zero trust means maintaining strict access controls and not trusting anyone by default, even those already inside of your network. IBM offers many zero-trust security solutions that help protect your data and resources by making them accessible only on a limited basis and under the right circumstances.


¹ "Mobile operating systems' market share worldwide from January 2012 to January 2021," Statista, February 2021, https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009 (link resides outside of ibm.com).