Android and security: How secure are Android devices?
When it comes to mobile operating systems, Android is decisively ahead. In Q3 2023, Android’s global market share in this area was an impressive 70.46 percent. This means that almost three quarters of all people use an Android device.
They make bank transfers, register for doctor’s appointments or use company smartphones to contact customers. All of these uses involve extremely sensitive personal data.
The protection of this data—whether our own or that of others—must therefore be a central component of every operating system.
In the past, Android has sometimes been heavily criticized. The focus was often on the security of the Google Play Store. This is where users can download apps for their devices. In an investigation in 2020, many of the apps did not meet current security standards.
The fear is that downloading unsafe apps from the Play Store could lead to malware being installed on end users’ devices. For a long time, the Android operating system was therefore considered inferior to Apple’s iOS by the general public.
While “only” users’ personal data would be affected in the private sphere, the security issue in the corporate context is of a completely different magnitude. Sensitive company data and customer information can be affected, cyber criminals can extort huge sums of money or, in the worst case, bring entire companies to a standstill.
In 2023, in Germany alone, Sky Deutschland, Bayerischer Rundfunk, Rheinmetall, Badische Stahlwerke and Barmer Krankenkasse, for example, were affected by such attacks. Every company should therefore do everything in its power to ensure maximum protection on mobile devices.
Android security compared to iOS devices
How does Android security compare directly with its competitor iOS? With regard to the dangers of unsafe apps just mentioned, Apple can score points with its restrictive approval in its own app store: Most malware attacks still target Android apps.
However, there is a solution that is equally helpful for both operating systems, especially for company cell phones. Mobile device management (MDM) can be used to centrally determine which apps are installed on all company cell phones (and which are not).
Another risk is the theft or loss of a company smartphone. This could also give external parties access to confidential company information. In this case, both operating systems allow a device to be located and data to be wiped remotely.
Finally, the duration and number of updates for cell phones with Android operating systems was also a point of criticism for a long time. While iOS updates come directly from the manufacturer Apple, the respective device manufacturers have to do the programming work for Android updates first (apart from Google itself).
This not only slows down the rollout of updates, but also generates enormous costs. This is one reason why low-cost entry-level models in particular are not included in Android upgrades. Smartphone manufacturers would need an additional armada of programmers just for this.
In the meantime, however, the various Android manufacturers have caught up enormously. On its website, Google promises guaranteed version and security updates for its 2023 Pixel 8 model until October 2030, i.e. for seven years.
Samsung also promises regular security updates and several major Android updates over a period of four years. This puts the two manufacturers in a similar timeframe to Apple, which offers regular updates for five to six years. Samsung’s “Enterprise Edition” in particular is intended to provide planning security for IT, which of course includes securing the respective Android version.
What measures increase security under Android?
The Android operating system already provides various integrated security functions. However, companies can also take additional measures to ensure the protection of their own data.
- A lock screen and integrated data encryption protect your company content from unauthorized access.
- Sandboxing: Apps are executed separately from each other, which also contributes to security. This function is always activated.
- The GDPR (General Data Protection Regulation) must be complied with by all companies operating in Europe. Google, and therefore the Android service, has also committed to complying with this regulation.
- Remote wipe, i.e. the remote deletion of data from lost or stolen devices, is possible with Android. For companies, we generally recommend the use of mobile device management (MDM). With an MDM, your company can centrally manage all company devices.This includes registration, setup with selected apps and the separation of private and business use for COPE (corporate-owned, personally enabled).
- In addition to MDM, we also recommend mobile threat defense (MTD). This protects your company from attacks via apps, networks and operating systems. More on this below.
If your company has to dispose of company devices, you must also ensure appropriate security here. In order to dispose of an old cell phone properly, you should make sure that all data on the device is carefully deleted.
Do I need a security app for Android?
We are all familiar with antivirus programs from our personal lives. The question arises as to whether such an application also makes sense for use in the workplace.
The biggest hurdle here is the individual installation on the various company devices.
However, if a company uses the aforementioned mobile device management, this becomes much easier. On the one hand, MDM is used to containerize the personal area and the work area. This is particularly interesting for companies that allow their employees to use their work devices for private use at the same time.
By separating the private and work areas, the data is protected on both sides and in compliance with the GDPR. Work files cannot be shared via private applications and private data cannot be viewed by the employer either.
An MDM also manages the company smartphones centrally. Whether security software, software updates, access permission, or other regulations: They are rolled out simultaneously to all devices registered in the MDM.
In this way, your company ensures that all employees adhere to the specified rules and laws. And company data and professional contacts are successfully protected.
But is mobile device management enough to protect your internal data?
Mobile Threat Defense—A good idea with Android
If you want to be on the safe side, we also recommend Mobile Threat Defense (MTD). This offers your company additional protection, regardless of whether you borrow or rent your smartphones, or whether you have purchased or leased them.
As mobile devices play such a central role in the world of work today, they are increasingly becoming targets for attack. However, many companies have not yet invested enough in mobile security. Attackers know this too.
But it’s not just the technology that is vulnerable: The people who use the smartphones are also a decisive factor. Phishing attacks and social engineering are now a daily occurrence.
A mobile threat defense solution continues what was started by mobile device management. Everphone is proud to have won the industry leader Check Point with “Harmony Mobile” as a partner for mobile threat defense.
Check Point’s “Harmony Mobile” is compatible with all common MDMs and zero-touch enrollment. This means that the application and all its updates can be rolled out centrally and immediately to all company devices.
Harmony Mobile also provides your company with comprehensive protection against attacks via apps, networks, and operating systems. What’s more, administration is simple, the application complies with the GDPR (and many other national and international regulations), and the performance of the devices is not impaired.
As an Everphone customer, Stadtwerke Dinslaken has had very good experiences with “Harmony Mobile”. In the following video, Benjamin Wiehn, Head of IT at Stadtwerke, talks about the collaboration: