Allen Storey explains the need for collaboration within the entire industry to bolster security on the Android platform
The Android platform is often seen as a weak link in the mobile security ecosystem. The freedom and flexibility it offers app developers can come at the expense of end-user security, with malware and spyware a threat to the platform. With questions about its ability to deal with sensitive data, can a user feel safe disclosing personal information from an Android device?
From Heartbleed to Dropbox, last year’s high profile hacks have heightened not only awareness of cybersecurity threats, but fear of becoming the next victim. Trust is a huge part of what drives the m-commerce industry; if a consumer does not trust their phone to keep their personal data safe they will not use it for sensitive transactions.
With this in mind, cybersecurity specialists must turn their attention to Android. A 2014 study by Intercede revealed over 53% of UK consumers would never use mobile banking services, with 50% avoiding mobile payment apps and almost a quarter (24%) not feeling safe shopping on their handsets. In order to allow Android to thrive when it comes to adopting m-commerce, there must be a concerted effort to gain trust.
In a bid to increase customer faith and reduce the risk from malware, Google Play recently announced it would be manually screening all apps uploaded to the Play Store before making them available to the public. The decision is good news for Android security. The image of a team of Google software engineers scouring each app for any trace of malicious code, liberating Android from its battle with malware, is a comforting image to users and will undoubtedly garner trust.
However, although a step in the right direction, it is not cause for celebration quite yet, as the Android platform reaches far beyond the Google Play Store. The Amazon App Store and Samsung Galaxy Apps are just two of the best known examples of alternative Android app stores and there are plenty of other providers also deploying apps directly onto the OS. The move by Google Play is an important one, but to offer real protection there must be a shift towards both blanket and more rigorous screening in order to make assurances that the platform is secure.
The issue isn’t that Google Play isn’t doing enough; it is that everyone in the industry needs to be doing more to reposition Android as a safe and secure environment for its users. There isn’t one answer to the security problems now synonymous with Android but there are a variety of ways to ensure users feel safe divulging sensitive data from their smartphones.
One such way of ensuring data remains safe is for app developers to make use of the Trusted Execution Environment (TEE). The TEE is an initiative designed to offer a safe and secure area for apps containing and dealing with critical data. It is built into over 350 million leading Android devices at the point of manufacture.
To utilize the TEE, an app developer works in tandem with a TAM provider which enables them to load their applications into secure containers within the TEE. Each container is a siloed area that ensures trusted apps are protected, not only from anything running within the Android operating system, but also other trusted apps within the TEE, keeping data cryptographically locked away and secure. In deploying applications such as payments and banking services to the TEE, developers not only empower customers to confidently use this technology but also push the entire mobile industry to thrive.
There is never a quick fix when it comes to cybersecurity and the key to dealing with the security risks on the Android platform is collaboration. From screening apps to using the TEE, each initiative is part of a bigger solution which will redefine Android as a platform able to marry flexibility and freedom with safety and security.
About the Author
Allen Storey is Product Director at Intercede, bringing 25 years’ experience in the IT industry, 13 of which have been in cybersecurity. He has advised on major projects for UK, US, Kuwaiti, Dutch and Australian governments, in addition to aerospace and defence, financial institutions and high value IPR corporates. Prior to joining Intercede Allen managed the deployment of software solutions for large corporations such as Ford, Debenhams and Marks & Spencer.