Get a $100 Visa Gift Card for FREE...!!! [Limited Time]
This year began with legitimate questions about the security shortcomings of Android, deficiencies that have seriously slowed the adoption of Google's mobile OS by the enterprise.
Now, as 2013 draws to a close, it's fair to say that Google made huge strides in providing users and IT professionals with tools to better secure the open source mobile platform. Don't be surprised to see this result in a significant increase in enterprise support for Android in the coming year.
The latest version of Android -- KitKat, or Android 4.4, which was released on Oct. 31 and since has had two upgrades -- includes one enterprise-friendly security upgrade that allows IT to use the SELinux mandatory access control (MAC) system inside the Android sandbox to block attempted intrusions. Previously IT administrators would only be notified of an access "event." For an IT professional, there's a big difference between being notified that your network has been penetrated and being able to block the attempted intrusion.
Don't miss: Cell phone location data: Today the police, tomorrow the world
Google, however, didn't wait until KitKat dropped to beef up Android security. Back in August, Google released Android Device Manager, which gave users the ability to remotely locate, lock down and wipe their missing devices from a desktop or another mobile device.
And just a month before, the last full release of Jelly Bean (Android 4.3) added the ability to restrict user profiles, a feature that is particularly useful for tablets, which in some work settings could be used by multiple employees.
I'm just hitting the highlights above, but there were other security features added to the Android kernel in 2013, including verified-boot capability (which helps prevent rootkits from holding onto root privileges in compromised devices) and another that detects and blocks fraudulent Google certificates in secure SSL/TLS communications.
These additions collectively give Android a big security boost at the core level, and Google developers continue to add security features and bug fixes with each update.
That being said, Google's progress this year in upgrading Android security wasn't all linear. There were several setbacks and at least one decision that has drawn serious criticism from privacy advocates.
Over the summer, Bluebox Security discovered a 4-year-old vulnerability in Android's security model that allows a hacker to turn any legitimate application into a malicious Trojan. Until a subsequent fix, this "master key" vulnerability was lurking on 99% of Android devices.
Meanwhile, documented Android malware seemed to grow exponentially throughout the year, even as the percentage of infected Android devices remained in the 1% range. (Which isn't much, but it's double the average infection rate of all other mobile OSs.)
Then there was the recent uproar over Google's removal of a tool in the most recent KitKat update that allowed users to decide which permissions to accept (and deny) from an app they want to download. Google claimed that the permissions UI, called Apps Ops, was inadvertently made available to users. But the Electronic Frontier Foundation blasted the search giant (one day after saying it "deserves praise"), questioning Google's concern about the "massive privacy problem" created by excessively intrusive apps permissions.
Missteps aside, it's inarguable that Android is a much more secure enterprise mobile platform than it was back when PSY was performing Gangnam Style in Times Square on New Year's Eve. Which really seems like a long time ago, doesn't it?
No comments:
Post a Comment