Its seems like just about every day there is another Android device that is wooing consumers into a purchase. Google reported some pretty impressive stats at this years Mobile World Congress; that included a year-on-year growth rate of more than 250%. With 850,000 new Android devices being activated each day and over 150,000 apps (half being worthless) to choose from in the Android Market, the Android platform is doing pretty well in the mobile device world.
As the Android platform it bombards its way through the consumer market, it has also been embrace by enterprise consumers as well (thanks to BYOD). As the Android platform continues to grow, many organizations have already embraced it with open arms, but have they embraced it too quickly?
BYOD: Security does matter
Sometimes the word security in an enterprise environment gets tossed around so much that underlying importance of it gets lost. Employees are now dictating what devices they want to use at work and trending devices like Apple's iPhone are finding their way into more CEO's hands. The problem is that a large portion of the BYOD devices are Android devices, and they simply just don't have what it takes to be fully embraced by an organization that requires a secure device.
Security matters the most when something bad happens, it matters the most when an organization finds themselves with a massive data breach because they threw caution to the wind.
Security matters because the threats to high-powered organizations are real. A couple of weeks ago the FBI issued a security warning regarding Android devices. The warning informs users of Android smartphones about two of the latest malware threats that have been attacking the Android platform; Loozfon and FinFisher. According to the warning, " Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user’s address book and the infected device's phone number."
FinFisher is another spyware that is capable of hijacking a mobile device. Its more sophisticated than Loozfon, and targets mobile users using a trojan. Once a device is infected the spyware is then capable of taking over various components of the device, and sending that information to a remote attacker.
Android devices are inherently more vulnerable security flaws than BlackBerry devices. A report from Duo Security, the makers of X-Ray a free Android vulnerability assessment tool; show that over 50% of Android devices are vulnerable. Even those numbers are fairly conservative considering the large amount of Android devices that are out there.
Too many choices
Options are good, but sometimes too many are a bad thing. Android device fragmentation is a real problem, not just for developers, but for organizations as well. With so many devices to choose from it becomes a nightmare to secure the various OS versions that they are running.
Patches and updates
Updates and patches are a real problem with Android devices. Updates to the latest versions are not always available and organizations are often at the mercy of carriers for delivery. Although sometimes getting the latest update may not seem like a priority, it is when there are security issues that new updates fix.
Since there are so many Android devices available it has become a favorite target for malware. The more widely used a platform is, the more likely bad guys are willing to write malicious code for it. In addition, as an open platform anyone can do anything to their device. To Androids defense, the recent updates Ice Cream Sandwich and Jelly Bean have provided some additional enterprise features like better device encryption, enhanced VPN connectivity and face unlock features. However, there is still much room for improvement.
Smart choices for BYOD
Data security, compliance, and even employee privacy are major concerns when adopting BYOD, but yet organizations are continuing to allow the most exploited OS on the market handle their company data. Its time for organizations to make smart choices when reviewing the devices that enter their infrastructure. The writing is on the wall when it comes to smartphone security. BlackBerry is number one in security, there is no second guessing, there is no question what device an organization should choose when securing their data is a top priority.