Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to secure a Google Android phone

Protect a business network from Android mobiles

Article comments

Two years ago almost nobody had heard of Android. Now it's nearly ubiquitous among smartphone users and it's on track to become the most popular mobile operating system in the US. When it comes to business use, though, Android still has some growing to do. Here's how to keep your Android phones and tablets safe from malware and hackers.

Some security concerns, such as the nefarious wallpaper apps issue (in which the apps allegedly collected personal information and sent the data to a website) or the compromise of sensitive information via apps are more hype than reality, but there are still plenty of legitimate problems that you should be aware of.

Android smartphones typically have 16GB or 32GB of internal storage, and many have SD Card slots that enable users to extend the data capacity. That means users could potentially walk around with 32GB or more of business data in a handheld device that is vulnerable to loss or theft.

Android's ability to encrypt data on removable storage depends largely on third party software-based encryption, which is inferior to hardware encryption. IT admins also don't appreciate Android's lack of a remote tracking capability, as well as the inability to impose standard sets of apps (or other IT and security policies) remotely.

To sync contacts from Lotus Notes or Microsoft Outlook to an Android smartphone, you must first sync the data with Google's cloud. But incidents such as a hacked Google Apps account resulting in a serious security breach at Twitter, along with general concerns about cloud security, give IT admins good reasons to be apprehensive. The requirement that sensitive data be stored on the web with Google could be reason enough for some IT departments to ban Android devices altogether.

Android does have some useful security controls and remote management capabilities built in, and you can overcome most security concerns with a bit of planning and some good app downloads. Here's how to lock down your phones.

Working with Android

As with the Apple iPhone, the primary framework for remote configuration and management of Android smartphones is Microsoft Exchange Server and ActiveSync. Using Exchange, IT administrators can impose configurations and enforce policies, up to a point. Let's examine some of the pros and cons of managing Android devices with ActiveSync.

Researchers have found that the connect the dots pattern screen for unlocking an Android smartphone is vulnerable to cracking: A thief could trace over the fingerprint smudges on the display to unlock the phone. Fortunately, Google has added PIN and alphanumeric password options to Android 2.2 (aka Froyo) and IT admins can select and enforce a password policy across Android devices using Exchange ActiveSync. Unfortunately, only about a third of Android devices are currently running version 2.2.

Another useful Android security feature gives you the ability to remotely wipe the data on a device in the event that it is lost or stolen. Using Exchange ActiveSync, IT admins can remotely reset an Android device to factory defaults, in the process removing any sensitive or confidential data stored on it.

However, although Microsoft Exchange and ActiveSync can also disable functions such as the smartphone camera or Bluetooth connectivity, those security controls are not available to Android. If your organisation is concerned about the security implications of smartphone cameras or the possibility that an attacker could hijack the smartphone's Bluetooth connection and use it to access the other network resources the device is attached to, those shortcomings are crucial.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *