1. Business Ideas
  2. Business Plans
  3. Startup Basics
  4. Startup Funding
  5. Franchising
  6. Success Stories
  7. Entrepreneurs
  1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
  1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
  1. Leadership
  2. Women in Business
  3. Managing
  4. Strategy
  5. Personal Growth
  1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

Should Your BYOD Policy Treat Android Devices Differently?

Should Your BYOD Policy Treat Android Devices Differently? Left to right, the Google Nexus One, Nexus S, Galaxy Nexus and Nexus 4 Android smartphones. / Credit: Android Open Source Project/Creative Commons

Many small businesses have blanket bring-your-own-device (BYOD) security rules for employee smartphones and tablets. However, one-size-fits-all policies may not be the best way to go. 

In fact, some experts say that it might be best to create separate BYOD policies for Apple's iOS platform and Google's Android platform, because the latter has so many more security issues.

"This is really a tricky issue for most organizations because, in some cases, they're not all that comfortable or familiar with an Android necessarily, at least when they're being used in corporate settings," said Christian Kane, enterprise-mobility analyst at Forrester Research Inc. in Cambridge, Mass.

"Android still isn't the primary platform in companies," Kane said. "iOS is still dominant in terms of users, and it's definitely IT sanctioned and supported."

"Most companies have started with iOS," he said. "When they think of Android, they think of it as inherently less secure, and they think about what it would take to have a baseline of security across all devices."

Controlling who gets on the network

Many companies believe that separate polices for each operating system would increase their overhead, Kane said, so instead they have policy requirements for each new device rather than allowing all BYOD devices.

"It will be more controlled —they'll say, 'We'll only support or allow certain versions of iOS and certain versions of Android,'" Kane said. "Because of what they have from a security standpoint and a management standpoint, that [requirement] will allow companies to have a single baseline for security across the board."

Tech-market analyst Rob Enderle agreed that businesses should select which Android phones they'd allow. The Android platform is so badly fragmented, he said, that workers shouldn't be allowed to bring in any Android device they'd want.

"You have to have them bring in the versions of the operating system that you have validated to work with your stuff," said Enderle, principal analyst for the San Jose, Calif.-based market-research firm Enderle Group. "There are probably some unique requirements that should surround Android because it has been found to be so unsecure."

MORE: Worker BYOD: A Double-Edged Sword for Employers

Extra requirements

Enderle said one additional constraint imposed upon Android users might be to have them agree not to use side-loaded applications, which come from outside the official Google Play app store.

"Youhave to ensure that users only load approved apps, and that they're working off a whitelist [of approved apps] as opposed to a blacklist" of banned apps, Enderle said.

Because Android isn't locked down by Google to the extent iOS is controlled by Apple, businesses have to be sure that users are running anti-virus software that will protect their Android phones.

"Any lockdown requirements have to be met before the phone has been used in the wild by the user, to make sure that no rootkits [powerful forms of malware] have been installed on the phone," Enderle added.

The typical company policy requirement tends to favor using a Samsung-made Android phone, because Samsung has put its own security technology on top of the Android operating system in an attempt to make its devices safer, Enderle said.

"The Apple phones, because they're already locked, the only specific policy is that [they] not be jailbroken," Enderle said. "But with Android, because it really doesn't have to be jailbroken to do all this stuff, you really have to place a series of unique restrictions on it so that it doesn't become contaminated with malware."

One of the problems, though, is that it's not always easy for companies to be sure employees are complying with policy requirements.

"You can put management software on the phone," Enderle said. "Strangely enough, the Blackberry [security-management] software works on an Android phone."

"A lot of companies have just been banning Android, but I'm not sure that's practical long-term," he added. "You can certainly push the user to a more secure platform, like LG's or Samsung's, and then make sure that they understand that there are rules in place so they know what they're not allowed to do."

Starting your own business means wearing many hats. You have to be in sales, marketing, finance and human resources. You have to be willing to risk it all while initially making little or no profit.
So do you have what it takes? Take our quiz to see if you're ready to start a small business of your own.
concerns, doubts
0 of 20 questions complete
Are You Ready to Start a Business? 20 Questions to ...
Starting your own business means wearing many hats. You have to be in sales, marketing, finance and human resources. You have to be willing to risk it all while initially making little or no profit.
So do you have what it takes? Take our quiz to see if you're ready to start a small business of your own.
Start Quiz
concerns, doubts
0 of questions

grow-your-business
See All