Security guide for using Android devices in companies

Configure and secure devices with Android operating system

Android is a mobile operating system developed and marketed by Google and used on various portable devices such as smartphones, tablets and more. Although this guide applies to multiple versions of Android, it was designed using devices running Android 10 and configured for business models. Below is a list of configuration policies that you can use as a starting point for setting up your own device.

Securing Android devices


General recommendations

  • When deciding which Android devices your company will use, keep in mind that Android devices typically receive software updates for up to 3 years after product launch. Once a device is considered old, it no longer receives security updates and updates. Newer equipment should be purchased at that time. Please note that operating system updates depend on the device manufacturer – Google provides a list of end-of-service data for Pixel and Nexus devices. For other brands of equipment, consult the manufacturer.
  • For the highest level of control over the policies applied, the device should be managed by the company.
  • After registration, Android devices should be monitored using mobile device management services to enforce the necessary security restrictions.
  • Depending on the device used by the company, an Enterprise Mobility Management (EMM) system should be implemented to allow the configuration of OEM (Original Equipment Manufacturer). OEM standards have been introduced by Google to enable OEMs to develop applications that offer additional device-specific configurations. These applications are available in the Google Play Store and allow IT administrators to access the security policies applied to their devices through the EMM console.
  • Configure Mobile Device Management (MDM) activity logging and monitoring options.
  • Use one of the recommended network architectures to allow the user remote access to the company’s services.
  • If a virtual private network (VPN) is required, you should use a dedicated third-party application.
  • The professional use of third-party applications (“managed applications”) must be approved and centralized in a company’s application catalog. These may be automatically installed when the device is set up, or available in the company-run Google Play Store. ⚬ Consider activating professional Google Accounts on users’ devices. This allows you to manage various Google features through your device policies.
  • Configuring an antivirus or other security programs on mobile devices is not recommended.
Work applications

Most companies will want to offer users a range of productivity and business applications so that they can access documents, create content and collaborate remotely to increase employee productivity. It is recommended to use the integrated applications in the services of the company you belong to. These applications have a higher degree of trust and security, as their manufacturers offer traceability of their technical qualities and a package of benefits for users.

Third-party applications used at work should come exclusively from the company’s application catalog, which contains only pre-approved applications and is managed by a well-secured MDM service. Applications installed in this way will be able to be monitored, having access to service data from wherever they are used. Highly privileged applications, such as the third-party keyboard application or network extensions, should be included in the approved catalog, as these types of applications can access large amounts of data and therefore pose a higher risk for company in terms of cyber attacks.

If your Android device is configured to be exclusively dedicated to business, the company’s private Google App Store will only allow user access to pre-approved apps. However, in hybrid configurations, both for personal and professional use, some applications installed in the public Google Play Store will not be monitored by the company and must not have access to the same data. This guide is intended for companies, from choosing and purchasing devices to providing advice to end users.

Share:

More posts

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages through communication applications. It is about the attackers trying to gain access to the WhatsApp accounts of certain target people through advanced social engineering techniques. How does this type of cyber attack work? To use

news

Cybersecurity

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages …

See more →
Cybersecurity

Infection of devices with malware by using the image of some banks in Romania

Romanian bank customers are still the target of cyber attacks by several methods, one of which is e-mail attacks. A …

See more →
Cybersecurity

Flubot attacks – a variant of malware especially for users of the Android operating system

Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in …

See more →

Services

CYBER SECURITY / PENTESTING

Cyber security is the application of technologies and processes to protect systems, networks, devices and data from cyber attacks.

Hardware Development

In this segment of technology, we rely on the actual construction of prototypes for security.

Networking and robotics

Our company offers indoor or street car park management services. This is essential, given the steady increase in the number of cars that require well-developed logistics.

Custom cloud services

Our company offers cloud servers, customized with security included and backup solutions for cyber attacks. How do cloud services work?

Scroll to Top