Android isn't exactly the preferred mobile OS in most enterprises, thanks to security concerns. Even as Google's open source platform dominates the mobile consumer market, it lags far behind Apple's iOS in the enterprise, based on activation numbers from mobile device management vendors such as Good Technology and Citrix.
But Android is a presence in the enterprise. Citrix reports that 35% of the devices it activated in Q4 through its cloud-based mobile management platform were running on Android. Even Good Technology's lowball activation figure of 23% in Q4 means nearly one in four new enterprise mobile devices on its MDM platform are Androids.
Those are the ones being managed, anyway. As any IT pro can tell you, it's the unmanaged devices you have to watch out for. The personal smartphones employees use to access work data often fly under the radar screen -- that's what sparked the BYOD revolution. Most enterprises no longer fight BYOD, but try to manage it to one degree or another.
And even if an enterprise approves the use of Android devices, not all are using MDM vendors or security platforms such as Samsung's SAFE and KNOX.
Still, while there's nothing to be gained by giving up on the notion of Android security, there's plenty to lose. And while Android's susceptibility to malware in Google Play and lack of enterprise-level security features in its basic code is well-documented, there are some basic steps your employees can use to better secure their devices. If you're lucky, they're already doing some or all of them. If not, you can send along these tips.
1. Always lock your Android device.
A no-brainer, but too often ignored because someone doesn't want to go through the hassle of typing in a four-digit PIN to unlock their phone. If that device is lost or stolen, it's an open book -- a book contains personal or work information.
In addition to using a PIN, you can secure any device running Android 4.0 or newer versions by using Face Unlock. This security feature hasn't exactly been air-tight -- it could be fooled with a photograph -- but reportedly Google is rolling out an improved version.
Still another way to lock an Android device is a pattern lock, in which you access the device by drawing a specific pattern on the touchscreen. Again, this isn't optimal: Patterns can be detected on the touchscreen by holding it at the right angle, though there's a "secure wipe" feature that limits the number of access attempts.
Bottom line: When it comes to securing your hardware, something is better than nothing.
2. Install antivirus software
People are so used to everything being on their mobile devices these days that some assume they're automatically protected from viruses and malware. Such naivete would be touching if it weren't so dangerous to your enterprise.
Sadly, while Google reportedly now does a better job policing its Play apps store, the sheer number of apps (more than 700,000) mean some nasty malware is going to sneak in and await download from a trusting mobile device owner, who may work for your enterprise. Further, there are many sketchy websites out there, loaded up with viruses ready to infect an unsuspecting visitor.
The non-profit community site Gizmo's Freeware offers some detailed reviews of free Android antivirus apps. The one it recommends is TrustGo Antivirus & Mobile Security, which runs on Android 2.2 and up and includes strong anti-malware protection, secure web browsing, data back-up and a system manager to monitor resource allocation.
3. Always use encryption
Encrypting data makes it impossible for someone else to read what's on your Android device. An Android owner can do this by merely going to Settings, Location & Security, Data Encryption. There's also an option that allows users to encrypt files saved to the phone's memory card.
4. Never download apps from unsolicited emails and texts
Mobile devices are more "personal" and less formal than computers to many users, so some let their guard down and will out of curiosity follow links from mystery emails and texts ("it must be from one of my many social media friends!"). This is an extremely unsafe and unnecessary practice. Not only should apps not be downloaded from third-party sites, they shouldn't be downloaded until the user reads a review of the app. Two minutes of research can save a lot of problems down the road.
5. Always check apps permissions
What makes Android versatile -- developers and manufacturers can roll their own versions -- also makes it dangerous. That's because apps developers are free to mess with the permissions, so Android apps can come with wildly different rules for what the app can do on a device. That may include sharing and sending data from an Android. This is the last prevention step a user can take to control what an app can do to their phone and data. It's worth spending the extra time.
Remember, if you send these five tips along to the employees who use Android devices (with or without your permission), some might actually listen. It's worth a shot, isn't it?