Analysis: Will Android dominance increase IT security threats for business?

Google's Android mobile operating system is gaining ground against the odds with an explosion of applications and accelerating adoption, but does this mean that IT security threats are also set to increase?

The Android Market is forecast to become the world's biggest mobile content platform by August 2011, according to research by mobile application research firm Distimo.

The Google Android Market has eclipsed the Apple App Store for iPhone in terms of free applications, offering 134,342 free applications compared with App Store's 121,845 free applications.

According to Distimo, if all application stores maintain their current growth

pace, by August the Android Market will be the largest app store, followed by the Apple App Store for iPhone and iPad, Windows Phone 7 Marketplace, BlackBerry App World and Nokia Ovi Store.

Increased security threats

Security firm AVG believes this will undoubtedly translate into increased security threats for business because of Android's application development model.

"We have seen a significant increase in the volume and sophistication of threats on the Android platform, says Omri Siegelmann, vice-president of AVG's Android security software, Mobilation.

There has been a 400% increase in Android malware since mid-2010, according to the first malicious mobile threats report by Juniper Networks.

The fact that Android will soon become the biggest mobile content platform will only accelerate that trend, Siegelmann told Computer Weekly.

In March, more than 50 applications available via the official Android Market were found to contain malware, according to mobile security site Android Police.

The fact that Android is open source and its adoption is accelerating is making it an increasingly popular malware target, says Siegelman.

Being open source could mean Android is easier to exploit than other operating systems because cyber criminals have access to the source code, and as user numbers increase, so does the cyber criminals' business case, he says.

Fast expanding user base

Android recently crossed its 100 millionth activation milestone, and is growing at its fastest pace yet with 400,000 devices activated each and every day, according to Engadget.

Reports say there are 200,000 Android applications in the Market, with an accumulated total of 4.5bn installs.

Google's strategy of winning the application war by making it easy and fast to publish applications with minimal interference is achieving its objective, but is also opening up opportunities for cybercriminals, says Siegelman.

"Because applications are not monitored and checked by Google, it gives bad guys the opportunity to distribute malware embedded in applications worldwide, making it a significant threat," he said.

Protect mobile devices

Businesses whose employees use Android phones must ensure they cover the basics in securing the hardware so that if the phone is lost or stolen, the device can be located, locked or wiped remotely, says Siegelman.

"IT departments must be comfortable with the operating system, manage it, and bring it into the organisation with the appropriate procedures in place and the ability to enforce them," he said.

AVG recommends that with all new employees, organisations implement the necessary controls on application downloads, web browsing and calls to improve security.

It is important for businesses to understand and manage the threat associated with employees using Android devices to store, access and transmit corporate data, says Siegelman.

Android is here to stay, it is enormously popular and adoption is accelerating, so the best thing for businesses to do is recognise the threat, embrace the operating system, and put controls and procedures in place to limit the risk of data leaks as much as possible.