Maintaining Android in the enterprise
Risk Management
Conclusions
Android is insecure; the add-on software that many manufacturers offer does nothing to change this. Add-ons are not enough to instill confidence in an insecure OS. If you want to avoid big expenditures, you need to take steps yourself to provide a clean, working device to your employees if worst comes to worst.
With the right analysis tools, you can perhaps also find out which door was left open and then use apps such as the AFWall+ firewall to introduce appropriate measures and close the door in the future. There is no alternative to hoping your employees act sensibly and building up mutual trust.
Security experts, such as those at the it-sa IT Security Expo, agree: Android and Apple devices in the enterprise are like PCs in Internet cafes: They are insecure and constantly exposed to threats that cannot be controlled. The only remedy is a regular reinstall.
Infos
- SUSECon: http://www.susecon.com
- "Architectural Failures" by Markus Feilner. Linux-Magazin , October 2012, p. 28 [in German]
- Android SDK: https://developer.android.com/sdk/index.html
- XDA Developers: http://www.xda-developers.com
- AndroidPIT: http://www.androidpit.com
- Superuser: https://play.google.com/store/apps/details?id=com.noshufou.android.su&hl=en
- Network Log: https://play.google.com/store/apps/details?id=com.googlecode.networklog&hl=en
- AFWall+: https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall
- Titanium Backup: https://play.google.com/store/apps/details?id=com.keramidas.TitaniumBackup
- "Admin's Little Helpers" by Holger Gantikow and Markus Feilner: Linux Magazine , issue 158, pg. 30: http://www.linux-magazine.com/Issues/2014/158/Admin-s-Little-Helpers
- CyanogenMod: http://www.cyanogenmod.org
- Sleuth Kit: http://www.sleuthkit.org/
- viaForensics: https://viaforensics.com/android-forensics/google-nexus-yaffs2-images.html
- Yaffs: http://www.yaffs.net
- Wear leveling: http://en.wikipedia.org/wiki/Solid-state_drive
- "Volatility 2.3" by Markus Feilner and Hans-Peter Merkel: Linux Magazine , issue 157, pg. 42: http://www.linux-magazine.com/Issues/2013/157/Volatility-2.3
- Sample memory images: http://code.google.com/p/volatility/wiki/SampleMemoryImages
- Creating your own memory dumps: http://code.google.com/p/volatility/wiki/AndroidMemoryForensics
- Google NDK: http://developer.android.com/tools/sdk/ndk/index.html
Buy this article as PDF
(incl. VAT)