A Brief Guide to Android Security

                    - By Ryan Farmer

New technologies always create new areas of concern for information security teams. Usually early adoption of such products is slow and it allows some maturity to develop in the market, providing time for the development of effective security controls. Indeed often these new devices will be slowly introduced to the corporate environment as part of an internal strategy. The rapid growth of the smartphone market and the use of these devices for email, online banking, and accessing other forms of sensitive content has lead to the emergence of a new and ever-changing threat landscape. This combined with the fact that anyone can be a user has led to smartphones appearing as part of the corporate estate before the appropriate controls are in place - it is a brave CISO who will tell the CEO they can't use their new smartphone or tablet at work.

Even without these technologies connecting to the corporate network, there are security implications brought about by their mere presence in an office environment. A malicious user or malware on the device can create a number of risks for an organisation, and so the fact that these devices are not necessarily connected does not translate to a lack of security risks.

This paper will discuss why it is important to secure an Android device, what some of the potential vulnerabilities are, and security measures that can be introduced to provide a baseline of security on Google's mobile OS.