With the growing popularity of mobile devices in the consumer market, it is only natural that these devices are quickly transitioning into the realm of the enterprise. With Android taking 78.4 percent of the global consumer market in 2013, the platform is quickly gaining traction. While in enterprise, iOS was the preferred platform. However, with the growing popularity of Android, it is expected to see more of these devices in the enterprise in the coming years. According to the recent “Gartner Forecast: PCs, Ultramobiles and Mobile Phones, Worldwide, 2011-2018, 4Q14 Update” the share of Android devices is expected to increase from 45 percent installed in 2013 to over 66 percent installed in 2015.
With the convenience of having the world of the Internet in your pocket, smartphones and apps with always on connections lead to the usage of services such as cloud storage, social media on the go, and a plethora of apps that have been absorbed into users’ daily lives. And a big part of the user’s daily life is their work.
With enterprises realizing that employees can be more productive on the device of their preference, this has paved the way of Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD) into the realm of the enterprise.
However, these advances have brought many security obstacles to IT, especially with Android, due to its open source platform, and the main challenge is securing the company data that is on the multitude of Android devices out there.
Platform Fragmentation
Due to the multiple OS versions available on Android devices, which can vary from the manufacturer to the carrier, Android has 11,868 variations of operating systems available for its platform, while iOS, which is regulated by Apple, only has a few variations. Since the Android OS is a wildly open platform, obtaining patches for each and every version of the Android OS can be an arduous task for any IT member.
Patching operating systems is a vital step in device security, since unpatched software can leave a device susceptible to security vulnerabilities in the code, which hackers often target.
Unregulated App Marketplaces
Apple regulates their apps through the Apple App Store, which is the only source that iOS users can download apps from. Apple analyzes each app for possible security vulnerabilities and potential malware issues. As a result, iOS apps rarely have as many security issues as Android apps. With Android apps, there are a multitude of sources available outside of the Google Play Store where users can obtain apps from, and since these sources do not usually regulate the apps, this adds an undesirable layer of security issues to the Android platform. As a result of how Android apps are delivered to the user’s phone, enterprises are often left in the dark as to where their employees are obtaining their apps, and therefore limit the security measures that can be implemented by IT.
Android Threat Landscape
According to Symantec’s 2014 Internet Security Threat Report, Android alone was targeted with 3,262 different versions of malware in 2013. In addition, the report’s findings state that mobile malware appeared to be almost entirely targeted at the Android platform.
In addition to the threat of mobile malware, many legitimate apps run the risk of displaying grayware activities. Grayware apps are normal apps that can overstep their boundaries by collecting device data that is unintended for the app’s original purpose. Some of this data that these apps are collecting can contain sensitive data, as these apps can sometimes access email apps, text messaging apps and more, without the awareness of the user.
Luckily, no enterprise has yet to report any major data breaches via a mobile app, however app vulnerability is a growing security threat due to the expanding popularity of Android devices on the market today and unregulated app usage. Since there is awareness of the growing threat landscape for the Android platform, there are certainly steps to keep the user protected from these emerging threats.