October 17, 2014
Android Lollipop Top Security Features
Android got a security leg-up in today’s roll out of Lollipop, the latest mobile operating system version to come out of Google (which we’re really hoping has some dentists on retainer). Here are our thoughts on three changes we think are most noteworthy in this new release, straight from the mouths of our employees.
Factory Reset Protection
"Google's Factory Reset Protection is a great step forward in the industry's aim to alleviate phone theft. This concerted effort from both legislators and industry players targets the heart of the phone theft issue, which is primarily a question of economic incentives. New features such as Factory Reset Protection make it more difficult to use a stolen phone, thereby reducing the incentive to steal them in the first place.
Still, a kill switch will not be the last step in solving the phone theft epidemic. This is a constant cat-and-mouse game between the phone industry and phone thieves. Ultimately, the most significant progress in phone theft reduction will only come through a multi-pronged approach involving widespread industry collaboration, technology innovation, and broad consumer adoption of these new features. If the technology is too difficult to set up or use, it will be effectively useless.
Kill switch is a loaded word - it's a generalization for many different technologies. To some, a kill switch means having the ability to "brick" a phone on demand. To others, this Google Factory Reset Protection does the job. The most effective approach to a “kill switch” will use a combination of intelligent locking and disabling technologies, including tools that let the proper owner of a device re-enable their phone if they recover it. A robust consumer-centric approach such as this would maximize customer adoption and efficacy. Soon, a stolen smartphone would become useless for anyone but its proper owner.” - Samir Gupte, Senior Product Manager
Encryption by default
"Though it might seem small, enabling full device encryption by default is a big step forward. Full device encryption has been available since Ice Cream Sandwich, but it's been an optional device setting that required users to manually activate it. The vast majority of Android users don't delve deep into the Security Settings menus and turn this on, so a lot more smartphone users are going to be much better protected going forward.
Another noteworthy security change in Android L is setting the default SELinux policies to "enforcing mode," which means your phone is much more protected against privilege escalation attacks and malicious rooting threats. It will likely have the unfortunate side-effect of causing compatibility issues for non-malicious "root apps" that are popular in the device enthusiast community, but the security up-side is significant and it's a big step forward." - Derek Halliday, Director of Product Management
Enterprise profiles
Mobile devices are entering the workplace with velocity. According to Gartner, half of all enterprises will require employees to bring their own devices by 2017. With the convenience and productivity gains mobile devices provide, they also become attractive targets for criminals. These devices can store and transmit immense amounts of data, are highly portable, and are constantly connected to unsecured networks. All of this make mobile devices the weakest link in the enterprise IT security ecosystem, attracting malicious app, device and network-based attacks. In addition, as the enterprise security perimeter expands to encompass SaaS, mobile devices become the weakest link in the use of of cloud-based APIs as well. This requires an approach to mobile threat protection that traditional security solutions simply don’t provide. Here's what our VP of Enterprise Aaron Cockerill thinks about enterprise security enhancements built into Android Lollipop:
“We’re excited about Google’s focus on the enterprise in Android Lollipop. Support for a corporate user profile on Android smartphones means companies will be able to fluidly protect corporate data. The technology provides an elegant way of segmenting and managing corporate data without significantly impacting usability, and maintaining user privacy. For businesses, the separation of consumer and corporate profiles means much more control over corporate assets, stopping third-party apps from accessing corporate data, while letting the consumer profile act in the free environment that makes Android, well... Android.
Corporate user profiles in Lollipop go a long way towards making Android devices great mobile productivity tools. But if the device itself is compromised in any way, corporate data is put at risk. Combined with effective Mobile Device Management and a reliable way to establish that the device or operating system are not compromised, with Lollipop, CIOs can confidently allow mobile productivity while securing corporate data on Android devices.” Aaron Cockerill, VP of Enterprise