Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Thursday, 6 February 2014
Why Android devices are a security nightmare for companies
Fiery arguments between the rival camps of Android and Apple iPhone lovers about the merits of their respective devices aren't likely to be extinguished any time soon, but there's one thing that's clear: Android is a lot less safe than iOS.
Why do I say that? Well, not only because new money-making malware is being written and distributed by criminal gangs every day for Android devices (some of which gets into the official Google Play store), but also because Apple has been much more successful at keeping its customers updated with the latest security patches and OS updates.
New statistics reveal that the latest Kitkat version of the Android operating system is installed on less than 2% of all active devices.
Yes, a mere 1.8% of all Android phones and tablets are running Kitkat 4.4, despite it being released four whole months ago.
Compare that to iOS 7 (released in September) which already has an impressive 80% usage.
Some Android devices are only now receiving an update to the previous incarnation of the Android OS - Jellybean 4.3 - with no clear timetable for when they'll be able to benefit from KitKat.
Astonishingly, some 20% of devices are still running creaky old Gingerbread - a version of the Android OS not updated since September 2011.
It's clear that Android devices simply aren't being kept up to date with fixes, enhancements and OS updates anything like as well as iPhones and iPads, and that's a potential opportunity for cybercriminals and bad news for businesses.
Because there's little that your company can do about it, if your users insist on bringing their Android devices into work, and accessing work data, emails and your network via it.
Even if you *want* to upgrade the OS on your staff's Android devices you might not be able to, because no Android update is going to be available for those devices without the assistance and goodwill of the manufacturer and mobile phone carrier.
And it's not as if your company is going to be comfortable with users rooting their devices and installing a home-brewed version of Android OS they downloaded from some unofficial website...
You have to suspect that some Android manufacturers and carriers have no interest in actually pushing out new legitimate versions of the operating system, preferring their customers to buy new devices instead.
All of these headaches against a growing backdrop of Android malware, including many instances of the Google Play store being infiltrated by criminals spreading malware, adware and other dodgy apps.
To reduce the risks, mobile devices in the workplace have to be carefully managed, and policies enforced. If a device isn't compliant, or risks putting your data at risk, then you have to consider whether you want it going anywhere near the data on your network.
And, with the current state of Android OS fragmentation, it's easy to understand why some companies consider Android a real security nightmare.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment