From self-destructing smartphones and “tap-proof” mobile messaging software to malicious attacks and adware campaigns, this week’s roundup of news from the Android Secured blog reflects the familiar arms race between those trying to secure mobile application use and those hell-bent on breaking it.
As the collection of stories show, there’s a lot going on around Android, and mobile security in general, these days. And it’s not just about malware threats and exploits alone, but also about device and application management, secure messaging and integrating better security controls at the device and operating system level.
Here’s a look at some of the more important stories that I highlighted on Android Secured this past week.
‘Tap-Proof’ Or Not, Secure Messaging Capabilities Are A Good Thing
Security vendor G-Data may have opened itself to unwanted attention from black and white hat hackers when it touted its recently launched Secure Chat messaging app as being “tap-proof.” But features like the end-to-end encryption, timed messages, phishing filters and other functions available in products like this and BlackBerry’s BBM Enterprise (formerly known as BBM Protected) are precisely the sort of features enterprises need for secure mobile messaging.
A new survey by BitGlass shows that when mobile management policies get too restrictive, employees will challenge them or reject them outright. The survey results are a timely reminder about the fine line to be walked between using Enterprise Mobility Management tools to securely manage mobile use and to totally control it. The success of your mobile strategy really depends on your willingness to embrace that distinction.
Mobile Data Loss: It’s Not The How, But The What That Really Matters
With smartphones and tablets being increasingly used to access and store all kind of sensitive data and applications, enterprises should be concerned not just with mobile malware and exploits but with the consequences of a data loss incident as well. So declared Gartner research director Dionisio Zumerle in a recent Q&A with the U.K. Banking Exchange.
Despite Security Concerns Few Organizations Test Or Manage Mobile Application Development, Use
This really shouldn’t come as too big of a surprise considering that many organizations continue to view security investments as a major pain rather than a necessity. Still, it is somewhat disconcerting to know that nearly half of all organizations that design, develop and deploy mobile apps on their networks have few processes for testing or managing the applications.
New App Permissions, Fingerprint-Scanner Support Bolster Security In Android Marshmallow
Google’s soon-to-be-released Android Marshmallow mobile operating system will support a new runtime permissions function and a fingerprint scanner technology that should be of at least some comfort for IT security teams.
Attacks On Google, Apple App Stores Signal Troubling New Trend
Security analysts often like stressing the importance of downloading mobile applications only from official stores like Google Play and Apple’s App Store to minimize the risk of downloading rogue applications on your device. That is still fundamentally good advice. But recent attacks on Google and Apple’s app stores suggest attackers may be trying to take advantage of the inherent trust that users have in such stores to try and plant malicious applications in them.