Android Security: Third-Party Options
Android By The Numbers
#1 Smartphone in market share (shipments) since late 2010
220+ Million Android Devices
700K+ activations per day (Nov 2011)
400+ Android different devices
Android is here in full force and isn’t going away (and neither are the data thieves that are targeting the platform). For the security vendor market, Android is actually a blessing that Apple never delivered with iOS.
The operating system's openness in both the platform and laxer vetting of applications within its market vis-à-vis Apple has created a burgeoning security software market. McAfee recently published a report noting important weaknesses in the Android platform
- Security Model – Users must decide the list of permissions for each app installation. If all rights are not allowed, the application cannot be installed. The crux is on users to understand and make the right decision. There is a human element of instant gratification and social engineering at play. Additionally, developers might be tempted to require many more privileges than actually needed.
- Application signing is essentially irrelevant, since these certificates can be self-signed
- Storage (SD cards) are world readable – meaning that corporate IP that’s on the storage is at the whim of any malware application
- Nearly all infections come from application markets/stores (Third-party stores exist within the ecosystem)
- Limited Security API
Security vendors are racing to provide users the right security and privacy capabilities to manage security on their Android smartphones. At least eight vendors currently have offerings on the Android Market: Lookout, Symantec (Norton), McAfee, Webroot, Kacpersky, NetQin, AVG, and Trend Micro.
Vendors have similar features and have quickly commoditized any differentiators that were previously evident. Some vendors provide a lite (or free) version with limited capabilities. Premium versions of products have an annual subscription free (anywhere from $9.99 to 39.99 a year, per device).
Mikhael Felker is an IT pro who has worked in Defense, Healthcare, High-Tech and Non-Profits. He teaches, writes, and speaks at numerous Southern California venues about technology. See here to check out all his Tom's IT Pro articles.