Android Security Roundup: Stagefright Vulnerability, Ghost Push Malware and More

BYOD

Android Secured

Three separate news items in Android Secured over the last few days highlight the challenges enterprises face in managing Android devices in the workplace.

With 1.4 Billion Users There’s No Avoiding Android In the Workplace

One of them pertains to Google CEO Sundar Pichai’s claim that there are some 1.4 billion Android devices currently in use around the world.

New Stagefright Flaws Heighten Need For Better Security Update Processes By Android Device Makers

The other is news from security vendor Zimperium zLabs about two fresh Stagefright vulnerabilities in Android that together impact a staggering 1 billion Android devices.

‘Ghost Push’ A Reminder Of Third-Party App Store Risks

The third story is about how an estimated 600,000 Android devices are being infected daily by a data-stealing malware tool named “Ghost Push” because users continue to download apps from third-party stores rather than Google Play and other legitimate app stores.

Phone lockThese Security Threats Pose Serious Challenges For IT Managers

Together, the stories are a reminder of the enormous challenges IT managers face in harnessing Android use in the workplace. On the one hand, Android clearly is popular. Whether IT administrators like the technology or not, consumers do. And many of those consumers are using Android devices in the workplace, with or without IT’s blessing. And their numbers will keep increasing.

If that isn’t a challenge enough, many users of these Android devices clearly don’t know about, or care enough about, the risks of downloading applications from third-party stores. For all the concern about Android malware, the fact is that a vast majority of people with infected devices are those who download apps and software from unvetted sources. Many of them are likely to be from outside the U.S. Even so, the fact that Ghost Push infects 600,000 daily is an indicator of the scope of the problem.

Then there is the issue of Android security patches. After Zimperium first disclosed the Stagefright vulnerabilities earlier this year, Google announced it would start issuing security patches for Android on a monthly cycle, just like Microsoft and others have been doing for year. But the company is by far not the only Android device maker. Unless everybody else commits to regularly patching their devices, Android users will remain dangerously vulnerable to threats they don’t even know about.

Some of the other news making Android Secured this week includes the following:

Marshmallow ‘Security Patch Level’ Feature A Good Idea, But…

Google’s Android 6.0 Marshmallow comes with a new Android Security Patch Level option that lets device owners know at a glance when the device manufacturer last issued a security patch for their smartphone or tablet. The option appears to be an attempt by Google to pressure Android device makers to respond faster to threats like Stagefright. If it works, more power to Google.

Data Privacy Not Exactly A Priority For Mobile Health Apps

This one isn’t specific to Android. Rather it speaks to the overall sloppiness of mobile app vendors when it comes to issues like privacy and security. Researchers at the Global eHealth Unit at Imperial College, London, studied 79 healthcare apps accredited for use by no less that the U.K.’s National Health Service and discovered that a vast majority had less than stellar security controls.

Learn how to take the pain out of securing business data on your employees’ Android devices. Join Google and BlackBerry at a free, half-day seminar, Bring Android to Work with BlackBerry Software, hosted at Google offices in Toronto, Chicago, San Francisco, Washington DC and New York City.

About Jaikumar Vijayan

Vijayan is a freelance journalist and technology content writing specialist with 20+ years of award-winning experience in IT trade journalism. He is a former Senior Editor at Computerworld Inc.and is a frequent contributor to Christian Science Monitor Passcode, Computerworld, Dark Reading, eWEEK and other publications. Vijayan is the author of BlackBerry's "The Definitive Guide to Mobile Security: Strategies and Tactics for Business & IT Decisionmakers" e-book on mobile security and an author of security white papers for the SANS Institute.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus