You’ve seen the news headlines, '900 Million Android Devices Vulnerable!', which at first glance seems pretty shocking – after all, that’s roughly half of all active Android devices. But this kind of news is becoming all too common.
It seems there is always some new hack, exploit or vulnerability. Before this, it was Stagefright – the vulnerability where an attacker could gain control of your device with just an MMS message.
When it comes to mobile devices, there is a certain sensitivity. For most of us, if someone is able to gain control of our device, they can probably access most, if not all, of our digital life. Social, personal, banking, work – it’s all there.
In general, however, mobile devices are safe, but there are some best practices everyone can implement in order to to stay safe:
- Accept the latest OS upgrades. New features and security fixes are included with every release, so don’t delay on applying that upgrade.
- Do not jailbreak. A regular user should never need to do this, and if you do, just know you are much more likely to be compromised.
- Do not connect to unknown WiFi networks. Unless you know the network, this is a very common way to steal data and credentials.
- Keep up-to-date with security patches. Many vendors now send monthly OTA patches for the most recently announced vulnerabilities, along with ones that have not yet been announced, so it is always a good idea to 'Accept' that patch when it comes your way.
- Never, ever, enable the 'Allow unknown sources' option in Security settings. (Unless you know what you are doing). This is how Google can manage ‘bad apps’ and most all of the major vulnerabilities need to be side loaded, requiring this option to be enabled.
- Do not 'root' your phone. Android has had a protected boot feature for some time now, and circumventing that protection by rooting your phone is not going to do you any favours.
- Use a new device. Some of the best security features are only available in the latest OS, which generally is only available on devices that are fewer than 2-3 years old. It may be time to upgrade that S4.
- Use a 'Nexus' device. If you are really serious about security for your mobile device, look into the current 'Nexus' devices from Google. They are more expensive, and cannot be subsidised by a carrier (usually), but they always get the most current updates and patches before any other devices.
- And like iOS, do not connect to unknown WiFi networks.
Enterprises also are concerned about these threats, as more and more companies are allowing employees to access business applications from mobile devices.
Tips to keep enterprise accounts and data safe on mobile
- Use an SSO (Single Sign On) solution that embraces mobile – this will prevent the caching and saving of passwords on the device. If a device is compromised, there are no passwords to steal.
- Deploy an EMM (Enterprise Mobility Management) solution that allows flexible policy, and contains and manages enterprise apps and data. This keeps everyone happy: IT is satisfied enterprise data is protected and can be removed if necessary, and the user is happy knowing IT can ‘wipe’ their personal data from the device. Really, this is one of the best ways to deploy a BYO (bring your own) model.
So don’t worry, the sky is not falling; keep using your phone.
Jonathan Bensen, Director Product Management, Centrify
Photo credit: wk1003mike / Shutterstock