Corporate use of Android 5.0: security recommendations

Android is one of the most popular mobile operating systems in the world. It is used by about one and a half billion people. But, despite this prevalence, this OS has been diligently avoided for some time in a corporate environment, fearing security threats.

This situation was not accidental. In Android, up to version 5, there were many vulnerabilities. Now, Google seriously took up security. In addition to supporting data encryption and automatic screen locking, devices running newer Android versions are restricted in rights. This contributes to the level of security of the platform.

Another important improvement in this area is Google’s new initiative for organizations - Android for Work. As part of Android for Work, it is proposed, firstly, corporate-level security, and secondly, the possibility of containerizing workspaces, separating users' work and personal data.

These improvements seriously change business, allowing you to safely use Android devices in a business environment. Naturally, provided that organizations will make efforts to eliminate security problems inherent in its features, the Android platform. In this article, we will look at four recommendations for managing Android devices. Namely:
')

• Prevent users from getting elevated privileges on devices.
• Protection against mobile malware.
• Mandatory use of reliable information protection methods.
• Implementing device management policies.

Prevent elevated privileges

In the Android environment, hacking into devices in order to obtain elevated privileges is called “rutting.” This is a slang, but a very common word - Russian version of English "rooting". It means “obtaining superuser rights”, which in the Unix-like OS environment is called “root”. In fact, this is the removal of restrictions imposed by the manufacturer on the device, and getting full access to it. Users hack phones and tablets on their own. The thing is that you can install any applications on the ruled Android device, including potentially dangerous ones. You can configure, at any level, the operating system, change the firmware of the device.


Application for obtaining superuser rights on Lenovo Yoga Tablet

Rugged devices present a serious security issue for organizations. These devices are at high risk of malware infection. Working in a corporate network, they can cause "data leaks", can make the network vulnerable to hacker attacks.

The problem associated with the user receiving elevated privileges is not only characteristic of the Android platform. For example, in the environment of mobile devices from Apple, there is the term "jailbreaking." It comes from the English jailbreak, which literally means “jailbreak”. Jailbreaking is the removal of standard restrictions on Apple devices running on iOS. In particular, such as the iPhone, iPod touch, iPad, the second generation of Apple TV. Removing the restrictions lies in the software or hardware modification of devices, thanks to which the user gets full access to the iOS file system. It opens up new opportunities for setting up the device, for installing applications, extensions and topics that are not available in the Apple App Store. However, as a result, safety suffers and the warranty on the device is lost.

To combat rutting, it is recommended to prohibit the connection of hacked Android devices to the corporate network. In addition, it is useful to conduct information security classes with employees. In particular, in such classes it is worthwhile to raise the topic of the threat that rotated devices pose to an organization, and of what consequences a data leakage or irretrievable loss may have.

Protection against mobile malware

Users of Android devices can install applications not only from Google Play, but also from other sources. Among the programs installed from unreliable sources, there are quite a few that carry a malicious component. The risk of installing a malicious application, although very small, thanks to Google’s security policy, also exists when working exclusively with Google Play. This can affect the organizations in which users work, since malicious programs can steal usernames and passwords to access critical resources, open access to corporate networks to unauthorized persons, and can cause the loss of important data.

The best way to protect corporate resources from mobile malware is to install security applications on devices that connect to the organization’s network. Here is a small list of solutions that should be considered when choosing protection against malware:

• Dr.Web Antivirus
• Antivirus and Mobile Security (Avast)
• Mobile Security and Antivirus by ESET
• Armor for Android
• AntiVirus Security Free by AVG
• Mobile Security and AntiVirus by Avast
• Zoner AntiVirus Free
• BitDefender AntiVirus Free
• Hornet AntiVirus Free
• Norton Security Antivirus

In addition, it is necessary to take into account that all applications installed on the user's device should be accessible to the protection application. It should have the function of detecting malicious programs in real time, the ability to keep “black lists” of potentially dangerous applications. Ideally, for distributing and updating authorized applications in an organization, you need security software to support the use of a secure corporate directory or storage of such applications.

The use of reliable methods of information security

If mobile devices can be connected to the corporate network, reliable security measures are required to protect the information. Specific approaches to security in different organizations may vary, they depend on the specifics of the activity. We want to offer a set of basic recommendations that should be included in the corporate policy of mobile device management.

• Passwords to access resources must be complicated.
• It is necessary to apply data encryption wherever possible.
• It is required to control the use of applications, based on information about connecting the device to the enterprise's Wi-Fi networks, and, based on access policies and information about the approximate location of the device, to block certain functions. In particular, such functions include copying and pasting data, location services, email and messaging applications, camera and microphone use.

Overview of Google for Work

In addition to the above, here we would like to give an overview of the Google for Work opportunities, which are based on advanced approaches to the organization of convenient and safe work of mobile corporate users.

Security and data sharing . The deployment of Android for Work uses hardware encryption and security policies managed by the administrator. This allows you to separate business data and user data. These organizations are safe, they are protected from malware. User information is not available to anyone but him.

Support for corporate devices and employee personal devices . Android users for Work can safely use the same device for work and personal use. Companies can provide pre-prepared corporate devices to employees, as well as customize work profiles on devices that belong to employees.

Remote control . Administrators can remotely manage security policies related to organization operations, applications, and data. Critical data can be deleted from the device remotely, while not affecting personal user data.

Comfortable work with personal and corporate applications . Android for Work allows you to create a homogeneous work environment on all devices. Personal and work applications are in the same lists of installed and recently used applications. Switching between different kinds of applications is easy. In addition, the icons for running business applications are highlighted with special icons that clearly distinguish them from personal applications.

Simplified installation of applications. Administrators can use Google Play to search for applications that are allowed in the organization, add them to the white list, and install business applications on devices running Android for Work. In addition, Google Play can be used to deploy your own applications of companies intended for internal use only. Learn more about this in the Google Play for Work Help Center.

Separate set of applications for work. Users who do not have Google Apps for Work can use a full set of secure working applications specially created for use within Android for Work, but they also work independently. The set includes a mail program, calendar, notebook, task list and download manager.

Google offers the Android for Work system along with a suite of Google Apps for Work applications. All this is suitable for immediate deployment. The system allows application administrators of the Google Apps for Work package to use corporate mobile device management functionality using the administrative console. This expands the ability to manage devices.

Implementing device control policies

The company's IT service should be able to centrally manage and configure Android devices. It is recommended to perform remote cleaning of lost or stolen devices. In addition, the cleaning should be carried out after a certain number of unsuccessful attempts to unlock a smartphone or tablet. It is very useful to organize a system for applying security policies based on the location of the device.

About security in the Android ecosystem

Google, working on the Android OS and the Google Play platform, is committed to making the Android ecosystem safer. This goal is guided by the Android Security team, which is doing everything possible to ensure that Android devices are as vulnerable as possible.
Google takes a layered approach to security. The first level is to prevent the very possibility of a threat. Next is the detection of malicious applications and quick response when any problems occur. Namely, this is what Google does to improve security:

• The company seeks to prevent the occurrence of security problems. This is done through the analysis of solution architecture, penetration testing systems, code auditing.
• Before the release of new versions of Android and Google Play security analysis is carried out.
• Android source code is open, available to anyone. As a result, it can be analyzed by a large developer community, identifying problems and helping to make Android the safest mobile platform in the world.
• Everything possible is being done to minimize the effects of security problems. In particular, using solutions such as an isolated application execution environment.
• Apps on Google Play are regularly checked for vulnerabilities and security issues. If the application can pose a threat to devices or data, it is removed from the site.
• We are working closely with our partners to fix the detected security problems as quickly as possible and to release updates.

The Android development team works closely with the community of security experts to discuss ideas, apply cutting-edge solutions to work, improve the system. Android is part of the Google Patch Reward Program. The program provides rewards for developers who are contributing to improving the security of popular open source projects, many of which are the foundation for the Android Open Source Project (AOSP). In addition, Google is a member of the Forum of Incident Response and Security Teams (FIRST).

Conclusion

Google’s efforts have made Android safer, Android for Work allows you to take control of mobile devices that employees use to solve business problems. However, one should not forget that there are no completely protected computer systems.
On the basis of Google solutions, it is possible to organize the safe operation of Android devices in an organization, but only if the peculiarities of such work, including the human factor, are taken into account. We hope this material will help you in building a secure mobile work environment.