More than 80% of all mobile devices worldwide run Android, a mobile operating system created by Google. This higher percentage means company employees are more likely to use Android for both work and personal use than other device types.
Android devices, if accessing critical business data, can threaten security if hacked, stolen or lost. But with a single ADM platform, IT and security departments can manage all of a company's mobile devices, keeping them secure and the workforce flexible and productive.
Android device management allows IT administrators to manage and secure Android devices. It provides system visibility, remote app management capabilities, automatic security updates and installs, kiosk mode, security alerts, geolocation or geofencing that can auto-lock lost or stolen devices.
Android OS is the most widely used mobile operating system in the world, according to Statista. 1 And logically, Android users encounter more security compromises compared to Apple iOS users and others. Two major Android security threats are malware and data leaks.
Mobile malware is undetected software created to damage, disrupt or gain illegitimate access to a client, computer, server or computer network. It can exploit OS vulnerabilities to steal data, change device configurations to pull more malicious software with additional functionality, deliver pop-up ads or trigger strings of premium SMS messages for monetization. Some can cripple devices, making them unusable for some time.
Data leaks are the unauthorized or unintentional transfer of sensitive information from a mobile device over the internet—sometimes because of malware. A leaking app is one of the most common mobile security risks. Unencrypted data makes data more readily available to a cybercriminal utilizing the same network as the device with a vulnerable app, a practice known as a man-in-the-middle (MitM) attack.
There are millions of Android apps available in the Google Play store. And while some are safe and treat personal data with the utmost care, many are unsafe. Apps can be compromised.
Compromised apps can lead to data leaks. Personal or corporate data can funnel to unscrupulous third-parties from unsafe apps. One way data can leak is through excessive app permissions. App permissions determine what functions an app has access to on a user's device. Some app permissions are riskier than others, so users need to pay attention to the permissions they grant.
According to Wandera's study, "Understanding the mobile threat landscape," 45% of the most requested permissions on Android are considered high risk. But which permissions are high risk and how? Here's a list of regularly accepted permissions on Android that Wandera considers as higher risk:
Out-of-date operating systems
Per Wandera's study, "65% of organizations have at least one device with an out-of-date operating system," and the data shows "57% of Android devices are running an OS at least two full versions behind the current one." Updated operating systems not only improve device performance but also include critical security patches. So without OS updates, Android devices remain vulnerable to cyberattacks.
Sideloading Android devices describes an app installation process outside of using the default Google Play store. While an Android OS default configuration doesn't allow sideloaded apps to be downloaded and installed from unofficial sources, it's possible to configure Android OS settings to allow apps from third-parties. So users can download application packages from websites or install apps from third-party app stores.
Wandera's research shows around 20% of Android devices have this setting enabled, which opens up the device to threats. Users that sideload apps face increased security risks because it bypasses Apple and Google's application vetting process on their official app stores. Thus, the device has less protection against inadvertently installed malware. "35% of organizations have at least one device with one or more sideloaded apps installed," according to Wandera's study.
Rooting is the process of allowing Android users to gain control over internal OS systems. And as the name implies, the technique provides root access to the device. Users of rooted Android devices can make drastic changes, up to and including changing the device's operating system. Rooting an Android OS is similar to jailbreaking an Apple's iOS. Both are privilege escalation methods, but rooting provides more control to Android users than Apple users gain through jailbreaking.
Per the Wandera study, "6% of organizations have at least one jailbroken or rooted device." Although popular with users trying to free a device from carrier lock, these risky configurations allow them to install unauthorized software functions and applications. Some users might jailbreak or root their mobile devices to install security enhancements. But most look for a more straightforward method to customize the OS or install applications that aren't available on the official app stores. Whatever the case, rooting opens up the device to cyberthreats.
A successful ADM program works best with Android Enterprise. Android Enterprise is a Google-led initiative, enabling the use of Android devices and apps in the workplace. It provides a fast, streamlined method for deploying corporate-owned Android devices, and it's the default management solution for Android devices running 5.0+.
The program offers APIs and other developers' tools to integrate support for Android into their enterprise mobility management (EMM) solutions. For example, IBM Security MaaS360 with Watson, an Android Enterprise Recommended (link resides outside of ibm.com) unified endpoint management (UEM) platform, integrates with Android Enterprise to support the Android EMM solution APIs. It brings a unified experience of management to the Android operating system.
An Android Enterprise integration allows an organization to:
Privacy peace of mind for BYOD, by shielding personal app information, device location, physical address, SSID and browsing history. With an Android work profile, personal data can stay private while work data remains secure. The user can switch between work and personal profiles without sharing data between the two.
Get adequate visibility, manageability and security for running iOS, macOS, Android and Windows. And take advantage of seamless over-the-air (OTA) device enrollment for easy, rapid deployment.
Whether you support a single operating system type or have a mixed variety of devices, IBM mobile security offers the most secure, productive and intuitive solution on the market. IBM harnesses the power of AI technology to help you make rapid, better-informed decisions.
Powered by AI and analytics and integrated with your existing IT infrastructure, IBM simplifies and accelerates the support of a diverse, complex endpoint and mobile environment. Simplify the management and security of smartphones, tablets, laptops, wearables and IoT.
Enterprise mobility management (EMM) combines user, app and content management with robust data security to simplify how you manage your device environment. Get the right balance between user productivity and mobile security with IBM EMM solutions.
When an employee can use their personal device, you empower them to do their best work in and out of the office. BYOD programs can have the added benefit of saving the budget by shifting hardware costs to the user. But employees need to know that you're protecting their personal use and privacy. Secure your remote workforce with IBM.
Today's open, multi-cloud environment requires a different security model: zero trust. Zero trust means maintaining strict access controls and not trusting anyone by default, even those already inside of your network. IBM offers many zero-trust security solutions that help protect your data and resources by making them accessible only on a limited basis and under the right circumstances.
Mobile device management (MDM) is an organized approach used to provide a workforce productive mobile tools and applications while keeping corporate data secure. IT admins and security departments can manage all of a company's devices with a single MDM platform no matter their type or operating system, keeping devices secure and the workforce flexible and productive.
Catch up on the news about current trends and threats in mobile device security, including a post on "Silent Night" malware and one about Android malware that channels malicious activity through accessibility services.
The future of computers and communication lies with mobile devices, such as laptops, tablets and smartphones with desktop-computer capabilities. And with ubiquitous wireless internet access, all varieties of mobile devices are becoming more vulnerable to attacks and data breaches. So IT organizations and security teams need to reconsider how to achieve the security requirements in light of device capabilities, the mobile threat landscape and changing user expectations.
¹ "Mobile operating systems' market share worldwide from January 2012 to January 2021," Statista, February 2021, https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009 (link resides outside of ibm.com).