A few weeks ago I was able to attend a training seminar on mobile device security. I had many questions about the best practices for securing Android and iOS devices in an enterprise environment. Here are some questions that I was able to get good answers to that are not the easily answered by a quick Google search.
Since attending this seminar Google has come out with a great management tool via the Google Apps Device Policy app (market link) for Android. I got to play with this new tool and it works GREAT, however it is only available for Google Apps accounts at this time (not ready for Microsoft organizations).
Which platform is most secure/has the least amount of risk?
Blackberry is the most locked down in terms of security options, management, and lack of “openness”. These factors all lead to Blackberry not being a large target for hackers which also lowers its risk.
What are the additional risks inherit in rooting/jail-braking a phone OS?
iOS: Makes the standard user-name and password vulnerable (u:root p:alpine). If this password is changed, then there is no additional risk.
Android: No additional risk.
The large risk in rooting/jail-braking is the additional (and most of the time unauthorized) apps that users install. Up to 60% of “stolen” apps have been repackaged with a virus or spy-ware. Also, most rooted or jail-broken phone users don’t keep up to date with software releases and security patches.
Does my phone need antivirus software?
At this time it , no. Android is the only platform capable of installing and running a third party antivirus app.
Can phone memory be encrypted?
iOS is encrypted. Android can be encrypted starting with OS 3.0 (Honeycomb). At this time Active Sync does not support a protocol for enforcing encryption when possible.
How safely deleted is data when wiping a phone (factory reset)?
You can trust that a wipe or factory reset safely deletes the data from the phone. Note that wiping a device does not delete the external memory card (Blackberry and Android). There is currently no way to remotely wipe a memory card.
Is there a way to monitor apps on iOS or Android phones owned by users?
Not at this time.
Is there a way to monitor GPS on iOS or Android phones owned by users?
Not at this time. Android can do it for Google Apps accounts.
Any additional security issues?
iOS places the burden of application security on Apple. Android places the burden of application security on the user. Remember to treat a phone like a PC. If you are unsure about trusting an application or knowing exactly what it does, don’t install it. Avoid public WiFi connections.