Android devices already have a pretty poor reputation security-wise within the Enterprise as well as amongst enlightened users.
In a bizarre turn of events, it looks like Google has decided to shoot the Android platform (in the Enterprise at least) straight through the back of the head by announcing that it will not be providing patches for Android versions 4.3 and earlier. That is reported to be about 60% of Android phones in use, just the 930 million.
Yes you read that right, unless you are running KitKat (4.4) or above, no patches for you. Give us a break! (<— Ghastly KitKat joke)
Here at ITC Towers we are debating which will happen first, the humiliating U-Turn or the product specialists looking for work on LinkedIn. Both seem likely.
This really presents a serious issue, with bugs such as the webview exploit in Android rampant, machines may become as insecure as if they are JailBroken, but without the ability to identify the tampering.
Whilst the pressure builds on Google, we recommend that our customers review their BYOD policies and if they have a Network Access Control platform, distinguish between patched and unpatched and unpatchable Android devices, and move versions 4.3 and below somewhere outside of the shark infested moat until they get a new set of sweet armour (KitKat or Lollipop, we’re not fussy).
ITC’s NetSure360° managed security service has the capability of identifying out of compliance devices and side-lining them to somewhere safe until they play ball. This must be a consideration in an environment when many devices are unpatchable!
As Obi-Wan-Kenobi once said.: “These aren’t the droids we are patching any more”. Sort it out Google.
If you would like to discuss the security of your mobile estate including logging user traffic and controlling access to corporate resources, please contact us on: [email protected] or call 020 7517 3900
