Top 5 Android security tips for the enterprise

4. Keep up-to-date

Google generally carries out one major upgrade per year with the latest being Android 4.0 Ice Cream Sandwich. In between the major refreshes regular updates are pushed out to fix bugs, address security holes and improve general performance. It is important to keep up-to-date in order to benefit from this updates, especially the security fixes.

As Android application developers support newer versions of Android, those running older versions could be left with unsupported software with potential security vulnerabilities. History has shown that older operating systems become security liabilities as attackers are able to exploit a greater number of vulnerabilities to undermine devices.

Organisations should systematically audit devices to make sure they are being supported by device manufacturers and consider replacing those units that will not receive future software updates. Those firms looking to deploy Android devices now should consider devices running Android 4.0 and beyond and encourage users to upgrade.

3. Don't ROOT your device

Android is a Linux-based operating system, with applications running with less permission in order to sandbox any potential security threat from a single application. Running applications under restrictive user accounts also limits what applications can do with lower-level access forbidden. However, this can be circumvented by 'rooting' an Android device, allowing certain applications to have full access to the Android operating system.

Android enthusiasts and power users like to root devices because it gives the ability to alter Android's look and feel, load custom versions of the OS (known as ROMs) and run applications that have kernel level interaction. It is possible to increase the clock speed of the processor, for example.

While all of that sounds good, users should realise that by allowing wide reaching access, malicious applications could run amok with access to sensitive data stored on the device.

Google warns against rooting encrypted Android devices as doing so allows applications to access the private key used for encryption. This effectively erases any security benefits provided by encryption. Google's advice may pertain to encryption keys but the general point remains, rooting devices can give malicious applications and remote attackers access to the whole device.