It's been a big week since Google made an attempt to confront what some experts suggest may be security shortcomings in its Android operating system.
Yesterday, I posted on the back and forth over potential fragmentation of the operating system into cousins that look quite like each other but essentially don't run the same applications in the same way and have other troublesome differences.
eWeek posted a story on changes to Android security. The piece says that Google has released a version of the Apps Device Policy application that can "locate an Android smartphone on a map, ring the device and reset the device PIN or password remotely," the story said. The new capabilities are only available to devices using Android 2.2 or later. On the Honeycomb front-Android version 3.0, which is optimized for tablets-administrators using version 2.0 of the Google Apps Device Policy will be able to encrypt data if there is encrypted storage on the device.
There has long been fear about how much personal information is sent by devices without the awareness of users. This is a privacy matter that goes hand-in-hand with security. Veracode found that the Pandora Android-based app sends users' birth data, gender, Android ID and GPS location to advertising companies. The story at Endgadget points out that this information can be used to figure out such things as the person's vocation, with whom they associate and even who they are.
There is a lot to think about when it comes to Android security. At eSecurity Planet, analyst Lisa Pfifer writes that it's "[O]ne of IT's biggest challenges: Android's consumer roots mean minimal support for enterprise-class security."
She highlighted the top 10 concerns. These include lost devices, "flimsy passwords," lack of hardware encryption, text phishing (SMShing), insecure surfing, apps that don't protection personal information, repackaged/fraudulent apps, malware, fake anti-malware and "lack of visibility and control." Clearly, some of these are generic but, in the view of some security experts, are bigger threats to Android.
The thinking goes that the open source nature of the product leads to less control and, subsequently, more security challenges. Apparently, Google is attempting to confront both this and the fragmentation issue.