With the heightened spread of malware in the smartphone market, it seems like Android is going down the same road that PC did a few years ago. It is one of the occupational hazards of being so popular. Android is available to phone makers for free and its source is exposed, which means that anyone can use it – and misuse it. Google’s only way of screening apps on Google Play is by letting users review and rate them. This has led to hundreds of unsafe apps and has even prompted mobile carriers like Verizon to put their own Android app screening processes in place.
Android’s threat is very real since Android phones are in the hands of thousands of people across the world. The reality of this threat is only augmented when the concept of BYOD is brought into the picture. With blurring work-personal life lines, more employees are now turning towards BYOD – even large companies like IBM. An unsafe Android phone in the hand of one person is a threat, but when that same phone is brought inside the walls of an enterprise is becomes a disaster. Security analysts have predicted that 1 million high-risk Android apps are likely to enter companies, thanks to an infected operating system and lenient BYOD policies.
It is quite outrageous that, in spite of the increase in threats, companies are reducing the money they spend on security. That helps qualify recent studies that found that 92% of all incidents were identified are discovered by third parties, not by the company itself. 85% of all threats took up to two weeks to identify. This kind of speed and inaction could easily cost a company thousands of dollars, particularly if company employees are attaching their phones to the company network.
There are several tools that can help in these situations. A simple solution is to mandate that all employees that connect to the network should do so through a VPN SSL. This will ensure that all data transactions between the phone and the network are encrypted, and cannot be read by an invader. VPN software is usually available for free or really cheap. Other tools include MDM/MAM that remotely controls and manages all mobile devices, passwords, ACLs and Firewalls, Internet Security Suites and logfile alerts. A general level of security training among employees is also a very useful investment.