Are your users savvy enough to detect malicious Android downloads from mobile app stores? Want to bet your job on it? Didn’t think so. Android malware is tricky—and it’s a problem.
Recently, CopyCat malware infected 14 million handsets, including work devices, when downloaded from a third-party app store. Dozens of applications in the Google Play store exposed users to malware laced software for download.
This rash of bad apps for Android stem from a comparatively lenient vetting process for app makers. Users get more apps, most are safe, but the security risks are well-documented.
What does Android malware look like?
False downloads of SimSimi and other popular apps is how CopyCat infected 14 million devices worldwide. Once on a mobile phone, CopyCat projects fake visual overlays on a mobile screen. Ad pop-ups generate revenue for the malware maker, while attempting to trick users into downloading more exploits with misdirected buttons and text capture boxes.
Malicious programs Booster Cleaner Pro and Wallpapers Blur HD contained ‘autorooting’ malware that grabs hold of central phone functions, locking out users—and example of ransomware on a mobile device.
The spyware-type malware Lipizzan, discovered during Google investigation of Pegasus apps, steals password information stored in browser cookies. WPS keys and e-mail logons, app logons, banking information—sometimes without the end user even noticing.
What happens when a malicious app is on a phone?
When downloaded, malware injects itself into a core Android process called Zygote, which throws a phone’s Android Packet Kit (APK) off kilter. The APK is like the central nervous system for Android, but the disruption (or ‘perturbation’) is undetectable to many users.
What tools prevent malware for Android?
A combination of server-hosted MDM software and policy, Next-Generation Firewalls, and business-grade Antivirus endpoint combats malware and secures endpoints and network assets.
Your goal is to stop users from downloading sketchy apps onto a company phone. To do this, set permissions and restrictions for each device using mobile device management (MDM) suite. It enables IT to centrally control a mobile device in the field.
In BYOD situations, you will need application-level control over business-specific user apps on each device. Granular control over business-specific data on a mobile app management (MAM) software. As always, restrict access to company network for devices that do not meet criteria for safety. A mobile device management policy explicitly lays out the items mentioned above.
Confused by all the three-letter gobbledygook? Here’s a cheat sheet: decoding device management alphabet soup.
What are MDM Basic Functions?
- Remote locate, lock, and wipe features.
- Encryption policies for business data like Wi-Fi passwords, specific files with company information—assisting with BYOD management.
- Automation in pushing out “bulk settings” across a fleet of devices.
- Pushes security updates out to employee devices.
Decide what belongs in your MDM policy and enforce with hardware
Hardware and software give you the power, but you have write the rules first.
Standard firewall rules block mobile access to the company network when certain criteria is unmet. For example:
- No device encryption detected
- No PIN to unlock the device
- The PIN is over a certain age
- The PIN under a certain length
- Device lockdown after failed password attempts
- Missing certificate for Wi-Fi and VPN profiles
- Missing certificate for Wi-Fi SSID
- VPN code required for entire domain
- VPN code required at the application level
Five MDM suites with Android-specific features
Need licensing for a MDM solution? NeweggBusiness can help. Call (888) 482-6678 to reach a certified Microsoft, VMware and Citrix Account Executive.
VMware AirWatch – Has an Android MAM designed for BYOD offices. It is part of the AirWatch EMM suite of products. | AirWatch datasheet
Citrix XenMobile – XenMobile is an EPP that builds into Android Enterprise systems. Ideal for companies that use Google Suite for collaborative work. | Citrix Xenmobile-datasheet
Microsoft Enterprise Mobility Suite (EMS) – A tailored solution for mobiles in MS Office 365 environments that supports Android devices and Chrome just as well. Microsoft EMS licensing is available at NeweggBusiness; it bundles together Microsoft Intune MDM for on premises datacenter hosted MDM, Azure Rights Management Premium for cloud, and Microsoft Identity Manager on Azure Active Directory Premium for hybrid setups.
Cisco Meraki Systems Manager – When you buy Cisco Meraki licensing you get a full on EMM. Better known for cloud management of APs and wireless networks, but Systems Manager offers everything you need to manage a fleet of mobile devices. Meraki Systems Manager datasheet
Sophos Mobile – Supports Android Enterprise especially well, according to AV-TEST. If you have a Sophos UTM or NGFW, the front end incorporates into the Sophos Central monitoring GUI. Note: the free Mobile Control app works only if subscribed to the EMM solution. A Sophos Mobile subscription is needed to push updates to users. | Sophos Mobile datasheet
What Android mobile antivirus is best?
The quick answer is whichever has the most to date library of known malware. That is why installing AV patches is so critical.
Most malware is recycled by hackers, meaning they download known rather than code it themselves. AV vendors and OS designers update detection and patch vulnerabilities with each new version of software. That’s why updates need swift implementation. Do you trust your job to users keeping AV and OS software up to date? Didn’t think so.
Original exploits are the most dangerous. At Black Hat Las Vegas, a Georgia Tech team of white hat hackers created Android malware called AVPASS, and slipped it by all 58 AV vendor products.
If you’re looking for the ‘best android antivirus’ refer to AV-TEST.org. They are the authority on testing AV software. Click the image for the most current result.
AV-TEST is the authority on for security software. Click the image for updated information.
Businesses with over 10 seats should shop in the software licensing for business category, not the boxed products in the software store.
Firewalls with MDM built-in
UTMs and NGFW have VPN apps that are installed on mobile devices, authenticating use of a secure, encrypted pathway to a business network.
Certain firewall solutions have MDM applications built in. Added value for a mobile workforce needing secure access to company applications and data.
- SonicWall TZ series with TotalSecure (VPN only)
- ZyXel USG series with SecuExtender (VPN only)
- Barracuda X series with Total Threat Detection (VPN+MDM)
- Cisco Meraki MX series (VPN+MDM)
- Fortinet FortiGate with FortiGuard (VPN+MDM)
Conclusion
Keeping your mobile workforce free of harmful apps means AV software, MDM suite, and network protection are documented in working order. With the right approach and the right gear, keep your endpoints free and clear of Android Malware.
