Google Ramps Up Android Security As Threats Grow


Google is taking steps to bolster the security of its highly targeted Android platform, which security experts warn is significantly outpacing other mobile platforms in introducing risk to corporate networks.

Android is now part of Google's patch reward program, which gives cash to developers to contribute to security patches to popular open source projects. The move, unveiled last month, encompasses all open-source components of Android, wrote Adrian Ludwig, an Android security engineer, in the company's official Android blog.

"The Android team works very closely with the security research community at large to foster public discussions and implement improvements," Ludwig wrote.

 

[Related: Top 5 Android Malware Threats]

Ludwig said the company pushed out security improvements in Android 4.4, known as KitKat, reinforcing the Android sandbox to prevent mobile apps from extending to other device processes. The sandboxing technology is core to most mobile device platforms and significantly increases the difficulty in carrying out attacks that can root or takeover a mobile device. In addition, Ludwig highlighted the enforcing mode, which is enabled by default on Android devices, to prevent malicious code from violating or attempting to bypass security restrictions.

Google is responding to reports that consistently document attacks targeting the platform. Android smartphones and tablets make up more than 90 percent of the attacks targeting mobile devices, according to data collected by a variety of security vendors. Google remains fairly tight lipped about the actions it takes to address mobile threats, such as malicious applications and mobile malware attacks.

The latest threat report, issued last month by McAfee, found mobile malware that allows an attacker to bypass mobile application restrictions. The firm documented approximately 700,000 new Android malware samples. The company pointed to the rising threat posed by malicious applications overstepping their bounds. One gaming app bilked more than 37 million email addresses from the contacts associated with 810,000 Android phones and tablets.

Solution providers told CRN that more businesses are considering implementing security as part of their core mobility strategy.

While the increasing amount of mobile malware gets the most attention, small and midsize businesses are concerned about data loss associated with lost or stolen devices. Security policies designed to prevent employees from accessing the most sensitive data on mobile devices is also difficult to enforce without new technology, said Bill Hoblin, sales manager at Redding Calif.-based West Coast Technology.

Firms understand that restricting employees to a single platform is difficult, Hoblin said. West Coast Technology's conducts educational and informational sessions focused on mobile security, which are gaining interest, he said. Not surprisingly, according to Hoblin, most interest is coming from firms in highly regulated industries, such as healthcare, where data leakage is a growing concern with mobile.

"They're implementing email encryption to protect sensitive data and making sure that they can remotely wipe lost devices that may contain sensitive data," Hoblin told CRN.

 

NEXT: Business Must Develop Plan To Address Mobile-Based Threats