Android Security: Which Smartphones Can Enterprises Trust?
Google's Android operating system dominates smartphone use worldwide, in fact in every region except North America and Oceania. Therefore, companies in many regions can support and release their employees' Android devices as their primary mobile device. Even in regions where the iPhone dominates or is on par with Apple in terms of market share, companies tend to support or release Android devices as at least a secondary option.
But despite the significant security improvements to the platform a decade ago in response to the security standards set for iPhones, Android security has long been a top concern for IT, which has quickly garnered approval. This complicates the CIO's decision to buy and support Android phones, whether they're company- responsible devices (such as devices companies buy for their employees), employee-responsible devices, or BYOD devices. That computer technology allows at least access to work e-mail and calendars, and often to web services.
This article covers the basics of Android security, and then ranks the best Android vendors by security level to help IT professionals narrow their purchasing and support options. (Our sister publication Computerworld outlines other considerations for buying an Android device for business.)
Security considerations for Android devices
Apple has tight control over the iPhone and its iOS operating system, providing CIOs with firm assurances over software updates, security fixes, and maintenance. By contrast, the Android world is extremely diverse, with dozens of manufacturers using Google's Android platform but offering varying levels of quality, support, and in many cases little to no operating system and security updates.
In the early days of Android, the main concern for IT professionals in the growing smartphone market was security. In the 1990s and early 2000s, BlackBerry Research in Motion set the standard for mobile security when early Android (and iOS) devices fell short of IT professionals' expectations.
In the early 2010s, Apple and then Samsung made mobile security suitable for BlackBerry, and a few years later Google followed suit, making encryption the Android standard and thus separating work and personal data and containers. Part of Android 5.0 Lollipop since 2015. In 2017, the Android platform has strong security capabilities. More advanced features have become available through hardware and software extensions, such as Samsung's Knox platform for enterprise devices in 2013 and Google's Android for Work (later renamed Android Enterprise) for the rest of the Android world. Android Enterprise support is a standard feature in Android 9.0 Pie 2018.
Today, IT relies on all Android devices for basic security. However, some users, such as high-level executives handling sensitive company data or operations personnel managing critical infrastructure or supply chains, require a higher level of security.
Android vendor availability varies widely around the world, so choosing the right secure hardware to run your organization will also vary; To help you find potential candidates for your business, our partner site Computerworld has shown which markets Android vendors visit the most. According to StatCounter, 13 Android vendors currently have usage of 1% or more in at least one region:
- Huawei
- Navigate through Infinix
- Mobile phone
- Motorola Mobility is owned by Lenovo
- Nokia
- One plus
- in front of
- Chongqing Realm Telecommunications
- Samsung Electronics
- Tech car
- Vivo mobile communications
- xiaomi
Google has a certification called Android Enterprise Recommended (AER) that focuses on business concerns regarding performance, device management, mass device enrollment, and mandatory security updates. Google launched an AER tool for IT professionals to find out which devices in different regions are eligible for this certification, as well as to find out the supported Android versions and security update due dates. Please be aware that AER tool results can be outdated and incomplete, so don't rely on them alone.
There are three levels of Android security to consider, and many organizations need more than one to cover different groups of employees
The basic definition of Android security
This level is suitable for personal devices that allow access to core enterprise systems such as e-mail. Basic security devices provide encryption, password enforcement, lockout, remote wipe, and sandbox security capabilities. All modern Android devices support this layer, even with basic management tools like Google Workspace or Microsoft 365.
Moderate Android security definition
This level is appropriate when IT allows use of personal devices for enterprise applications and access and use of authorized company devices for personal use. Moderate security provides a base layer that goes beyond separating corporate data and apps from personal data and apps using containers via a Unified Endpoint Management (UEM) system that supports Google Android Enterprise Platform or, for Samsung devices only, Samsung Knox platform. advice Compare the capabilities of the top UEM platforms in the Computerworld directory.
All modern Android devices with at least 3MB of RAM support splitting Work and Personal, but some UEM platforms may require the device to be running a newer version of Android than the Enterprise version.
Definition of Android Extended Security
This level is suitable for executives, HR professionals, finance professionals, and anyone involved in accessing critical data and systems in government, defense/military, finance, healthcare, and critical infrastructure such as utilities, energy, and transportation. Advanced Security provides mid-level chip-based security to reduce unauthorized access by hackers and intruders, and complies with the latest American Common Security Standards.
Chip-level security detects tampering with the operating system, firmware, memory, and other key systems and consequently locks or shuts down the device using the Android KeyStore service. Hardware-grade security is not a recommended Android enterprise requirement, but is required for military-grade security.
Only a few devices use chip-level security to protect system integrity: Samsung's Knox-protected Android phones use Arm's TrustZone chip for trusted boot, the Google Pixel series uses the Titan-M chip for its Trusted Execution Environment (TEE), and Motorola All Android devices claim to use Arm TrustZone chip for Strongbox. (Apple iPhones also have this feature through the Secure Enclave.) Other Android vendors didn't answer my questions about their security capabilities, but according to their website specs, they do support hardware security.
Common standards enforce certain protections that the US government knows can be relied upon for all devices. While the Common Criteria is not a recommended Android enterprise requirement, it is a good standard for enhancing security for IT professionals everywhere in the world.
Android models from many vendors meet common standards: many from Google, Huawei, Motorola, Oppo, Samsung, Sony, and some high-end custom devices from Honeywell and Zebra Technologies. (Browse the Common Criteria web tool for current lists and filters.) The Apple iPhone also qualifies.
Government security certification for Android devices
Organizations may wish to research government certification to identify their Android devices for limited use. That's big news: BlackBerry has been around for a long time. government monopoly on approval.
Such announcements are rare nowadays, and the government is instead focused on ensuring that an EMU-approved platform exists to handle the widely used iPhone and Android phones. The US Department of Defense recently approved some Samsung phones and some high-end Android devices from Honeywell and Zebra Technologies for sensitive use due to common standards. Recently the Australian Communications Authority has also approved several Samsung mobile phones.
Security guarantees and operating system updates for Android devices
IT professionals usually need to ensure that devices receive security and operating system updates for several years to reduce the risk of being compromised by older devices that don't support their security. Google's recommended Android Enterprise certification requires a future OS upgrade. There is no minimum for security updates, only requiring vendors to post their update promises on their website, and this information can be hard to find.
According to my reviews on Android vendor sites, the Android security update commitment on enterprise-class devices is typically three to five years, and OS updates are typically for one to three future versions of Android. (Apple, in contrast, typically provides seven years of security updates and five years of iOS updates.) The Android vendors with the most OS updates are Motorola, Oppo, and Xiaomi, which use only one major Android update for their business class. model. Google and Samsung have promised the best update.
Vendor released update commitments for commercial Android devices include:
- Google: Five years of security updates and three years of OS updates
- Motorola: Three years of security updates and one year of OS updates
- Nokia: Three years of security updates and two years of OS updates
- OnePlus: Four years of security updates and three major OS updates
- Oppo: Three years of security updates and one year of OS updates
- Realme: Three years of security updates, two major OS updates
- Samsung: At least four years of security updates and three generations of OS updates
- Live: Three years of security updates and three years of OS updates
- Xiaomi: Three years of security updates and major OS updates
I couldn't find any up-to-date information on the Huawei, Infinix, Itel, and Tecno websites and the companies didn't respond to my inquiries.
For certified devices, you can use Google's recommended Android Enterprise tool to narrow down the security update expiration date for specific models from different vendors. Be aware that the tool may not show the latest models. I'd also recommend that vendors buy older hardware and check to see if they live up to their promises and how recent security updates are available - do they live up to their promises?
Finally, keep in mind that carriers may cancel, slow down, or block updates in many countries, voiding any promises made by device vendors. For example, Google notes on its Pixel page that Pixel phones purchased directly from Google often receive updates more quickly than those purchased through a carrier. This carrier control was an old reality, long before the advent of modern mobile devices, and only Apple could take full control over updates from carriers.
Buying Guide: Rating Android Phones by Security Level
The Android market is divided into four security categories based on how vendors address key enterprise IT security concerns:
- উন্নত নিরাপত্তা: এই বিক্রেতারা একটি উচ্চ স্তরের নিরাপত্তা প্রদান করে সরকারি এবং ব্যবহারের ব্যবহারের জন্যও উপযুক্ত সংবেদনশীল ডেটাতে ডেটাতে অ্যাক্সেস।
- পরিমিত নিরাপত্তা: এই প্রদানকারীরা পর্যাপ্ত স্তরের নিরাপত্তা এবং মৌলিক ব্যবহারের জন্য আপডেট গ্যারান্টি করে করে করে করে করে করে করে অ্যাপ্লিকেশন অ্যাপ্লিকেশন ওয়েব টুল।
- মৌলিক নিরাপত্তা: এই প্রদানকারীরা পর্যাপ্ত স্তরের নিরাপত্তা করে করে, কিন্তু আপডেটের অপর্যাপ্ত গ্যারান্টি।
- অবিশ্বস্ত: এই বিক্রেতারা প্রধান সরকার তাদের ব্যবহারের তীব্র বিরোধিতা করে করে।
উন্নত নিরাপত্তা - সবচেয়ে নিরাপদ অ্যান্ড্রয়েড প্রদানকারী
বিশ্বব্যাপী শুধুমাত্র একটি অ্যান্ড্রয়েড প্রস্তুতকারক উপলব্ধ যা এন্টারপ্রাইজ এন্টারপ্রাইজ এন্টারপ্রাইজ গ্রেড গ্রেড গ্রেড সামরিক সামরিক সামরিক সামরিক নিরাপত্তা নিরাপত্তা নিরাপত্তা নিরাপত্তা বছর ক্রয় ক্রয় নিরাপত্তা প্রদান করে করে করে করে করে এটি Samsung কে বিশ্বের যে কোন জায়গায় ব্যবসার ব্যবসার জন্য জন্য ডিভাইসের জন্য সেরা (এবং প্রায়শই একমাত্র) পছন্দ করে তোলে। এর এন্টারপ্রাইজ-শ্রেণির মডেলগুলি (যাকে স্যামসাং বলে Android সিকিউরড বাই নক্স) এর মধ্যে রয়েছে Galaxy S সিরিজ, Galaxy A5x, Galaxy A3x, Note, XCover, Z Flip3 এবং Z Fold3। এই মডেলগুলির জন্য, প্রাথমিক প্রকাশের পরে পাঁচ বছরের সুরক্ষা আপডেটের আপডেটের প্রতিশ্রুতি হয় হয় হয় হয় Samsung তার এন্টারপ্রাইজ-শ্রেণির ডিভাইসগুলির জন্য নিরাপত্তা প্রকাশ করে করে করে করে ডিভাইস ডিভাইস অনুসারে পরিবর্তিত হয়
গুগলের Pixel 7 সিরিজের ফোনগুলোও নিরাপদ। Google প্রাথমিক প্রকাশের পরে পাঁচ নিরাপত্তা আপডেটের প্রতিশ্রুতি দেয় দেয়। যাইহোক, pixel 7 সিরিজ শুধুমাত্র অস্ট্রেলিয়া, কানাডা, ডেনমার্ক, ফ্রান্স, জার্মানি, ভারত, আয়ারল্যান্ড, ইতালি, জাপান, নেদারল্যান্ডস, নরওয়ে, নরওয়ে, স্পেন, সুইডেন, সুইডেন, তাইওয়ান, যুক্তরাজ্য এবং মার্কিন যুক্তরাষ্ট্রে।।।
