Is The Android Operating System Too Risky For Enterprise Business?


The CRN Test Center examined three security apps for Android that we liked and that could help secure a device.

Lookout's eponymous security app is a free and simple download from the Android Market onto a device. A device scan will check for spyware and malware, and the app provides a "Privacy Advisor" that will let a user know what tracking software is on a device.

On one device, Lookout told us that we had 10 apps that tracked our location, 10 apps that could read our identity information, one app that could access our text messages and six apps that had access to our contact list. None were malicious apps, but a couple of them we needed to examine more closely to determine why, exactly, that app needed access to certain sets of data.

We also examined Trend Micro's Mobile Security. The full app is $3.99, but a 30-day trial is free. Mobile Security, unlike Lookout, provides call and SMS filtering and blocks unwanted calls or messages. A realtime scan zeros in on malware on a device, and Mobile Security appears to scan files just as an antivirus application would scan a Windows PC -- although on our Android phone it was a lot quicker and provided much less granular detail on the results.

Finally, we installed AVG Antivirus for Android. Like Lookout and Mobile Security, AVG will scan for malware and vulnerabilities. We liked AVG, too, for the details it provided after every scan. For example, after an initial scan, the app told us we had 176 installed apps, 1,375 activity screens, 112 content providers, 243 receivers and 233 services. The AVG app was free but -- and we seldom say this about software we evaluate -- it served up advertising in the app itself. That struck us as odd and un-enterpriselike.

What we didn't see throughout the Android universe, though, were enterprise-ready, centrally managed security solutions like many in IT are used to seeing on platforms like BlackBerry and Windows Mobile/Windows Phone 7. While we don't see any for Apple's iOS platform, either, there's a basic understanding that Apple's lockdown of the hardware and App Store platforms will go a long way toward securing iPhones and iPads. (That understanding will change, though, the first time there's a significant data breach on an iOS platform.)

Standard enterprise best practices for IT security continue to apply in enterprises that adopt Android as part of their framework: deployment of antivirus technology, network password authentication, quarterly or monthly security audits, asset management and monthly or weekly inventory, firewalls, employee education and hardware security, among others.

With mobility, solution providers have also long recommended device standardization across an enterprise -- even with smartphones. This is especially challenging in an environment where one generation of devices will give way to another generation of devices sometimes in less than a year; in the case of Android, the OS can be expected to be slightly different with each upgrade as well. In addition, carrier restrictions may also factor into device life cycles in an enterprise.

The result: In an enterprise that supports Android devices, it may be necessary to simply restrict many aspects of network access from one generation to the next; as more security features and apps become available on the Android platform, those restrictions can loosen over time.

NEXT: The Test Center's Android Recommendation