Lock down your Android devices

Learn how to protect the Android phones on your business network

Two years ago almost nobody had heard of Android. Now it's nearly ubiquitous among smartphone users, and it's on track to become the most popular mobile operating system in the United States. When it comes to business use, though, Android still has some growing to do. Here's how to keep your Android phones and tablets safe from malware and hackers.

Some security concerns -- such as the nefarious wallpaper apps issue (in which the apps allegedly collected personal information and sent the data to a Website) or the compromise of sensitive information via apps -- are more hype than reality, but there are still plenty of legitimate problems that you should be aware of. Android smartphones typically have 16GB or 32GB of internal storage, and many have SD Card slots that enable users to extend the data capacity. That means users could potentially walk around with 32GB or more of business data in a handheld device that is vulnerable to loss or theft.

Android's ability to encrypt data on removable storage depends largely on third-party software-based encryption, which is inferior to hardware encryption. IT admins also don't appreciate Android's lack of a remote-tracking capability, as well as the inability to impose standard sets of apps (or other IT and security policies) remotely.

To sync contacts from Lotus Notes or Microsoft Outlook to an Android smartphone, you must first sync the data with Google's cloud. But incidents such as a hacked Google Apps account resulting in a serious security breach at Twitter, along with general concerns about cloud security, give IT admins good reasons to be apprehensive. The requirement that sensitive data be stored on the Web with Google could be reason enough for some IT departments to ban Android devices altogether.

Android does have some useful security controls and remote-management capabilities built in, and you can overcome most security concerns with a bit of planning and some good app downloads. Here's how to lock down your phones.

Working With Android

As with the Apple iPhone, the primary framework for remote configuration and management of Android smartphones is Microsoft Exchange Server and ActiveSync. Using Exchange, IT administrators can impose configurations and enforce policies, up to a point. Let's examine some of the pros and cons of managing Android devices with ActiveSync.

Researchers have found that the connect-the-dots pattern screen for unlocking an Android smartphone is vulnerable to cracking: A thief could trace over the fingerprint smudges on the display to unlock the phone. Fortunately, Google has added PIN and alphanumeric-password options to Android 2.2 (aka Froyo), and IT admins can select and enforce a password policy across Android devices using Exchange ActiveSync. Unfortunately, only about a third of Android devices are currently running version 2.2.

Another useful Android security feature gives you the ability to remotely wipe the data on a device in the event that it is lost or stolen. Using Exchange ActiveSync, IT admins can remotely reset an Android device to factory defaults, in the process removing any sensitive or confidential data stored on it.

However, although Microsoft Exchange and ActiveSync can also disable functions such as the smartphone camera or Bluetooth connectivity, those security controls are not available to Android. If your organisation is concerned about the security implications of smartphone cameras, or the possibility that an attacker could hijack the smartphone's Bluetooth connection and use it to access the other network resources the device is attached to, those shortcomings are crucial.

Tools to Manage Android

The rise of third-party offerings for managing and protecting mobile devices is not directly related to Android, or to any other platform per se. It is more about filling a need for a framework capable of managing a diverse, heterogeneous collection of smartphone platforms. Businesses are increasingly allowing employees to choose the smartphone that suits them best and then working to accommodate those choices, rather than simply dictating which smartphones are -- and are not -- acceptable.

For less-mature platforms like the Apple iPhone and Android smartphones, though, third-party products provide a much more robust and comprehensive set of smartphone management tools than those of the respective device vendors. And third-party tools tend to be more suitable for cross-platform work environments.

Zenprise MobileManager can apply and update ActiveSync policies, and it also provides security controls that extend beyond the basic protection Android alone offers. Symantec has a comprehensive set of tools for managing and protecting mobile devices, as well, and it recently introduced Android support for some of those applications.

With these tools, IT admins can monitor and track Android smartphones to enforce compliance with established security policies, as well as set policies to define password requirements, lock company smartphones after a period of inactivity, and wipe a device after a set number of failed password attempts. The mobile-security platforms will also detect noncompliant Android devices and suspend ActiveSync access to prevent them from connecting to sensitive information and networks.

The most established third-party product for managing mobile devices, though, is Good for Enterprise from Good Technology. Good for Enterprise provides IT admins with a Web-based console for managing and troubleshooting remote mobile devices -- including Android smartphones. For businesses deploying Android smartphones, one of the most important features of Good for Enterprise is the ability to ensure protection of data using AES-192 encryption.

Obviously, such third-party management tools require an additional investment; IT admins will also need time to become familiar with the policies and protection required, as well as to get things properly configured. But once you overcome the initial learning curve and the tool is up and running, it can pay for itself in reducing the effort necessary to monitor and protect mobile devices, and in freeing up IT administrators for more important tasks.

Android Invasion Marches On

Android is a powerful platform that has a lot to offer for mobile business productivity. The diverse array of smartphones available, combined with the impending explosion of Android-based tablets, virtually guarantees that Android's presence in business will continue to grow.

Here's hoping that as Android matures, the tools available to manage, maintain, and secure Android devices within a business-network infrastructure evolve as well. Whether Android expands to include more of the functionality that IT admins expect, or whether more third-party developers step up to fill the void, the long-term success of Android as a business tool depends on it.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitysmartphonesPhonesconsumer electronics

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?