Android Security Apps for BYOD Users
A look at 8 security apps that experts recommend for Android.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt7646d17534b20dbf/64f0d8dd52361763d794899c/01-Cover.jpg?width=700&auto=webp&quality=80&disable=upscale)
With Android-toting employees increasingly infiltrating the workplace as part of the growing BYOD corporate culture, CISOs at large organizations as well as security managers at small organizations face an increasing security challenge.
For starters, 98% of Androids aren't running the latest version of Android software, putting the corporate network at risk of attack via a compromised device. If employees aren't updating their mobile OS, it begs the question of whether they practice good mobile security hygiene in general.
The data is telling: some 49 of federal employees do not secure their mobile devices with a security app or solution, according to a report by Lookout, which surveyed over 1,000 federal government employees.
Meanwhile, a report by Webroot found that 37% of 2,129 adults in the US have no security apps installed on their device other than what came with the handset. The 2014 report also found that only 19% of survey respondents had a security app on their phone, which they personally selected, while 17% of survey participants had a security app installed that their employer required.
Android-toting BYOD workers are finding employers requiring certain security apps for their smartphone either as part of the organization's enterprise license agreement with a mobile security software vendor, or as a gentle nudge from the CISOs office that such a move would be welcomed. Some of these apps - both enterprise and consumer - offer encrypted messages and voice calling, virtual private networks, and map potentially unsafe Wi-Fi networks.
"The most important security app for an individual to buy is a mobile threat defense tool to look for unusual device behavior," says John Girard, a vice president and distinguished analyst with Gartner.
Of course, BYOD users should only acquire Android apps from the Google Play store, which screens apps for not only their functionality but also adds a layer of security to the process. Even so, the Google store isn't necessarily bulletproof: Last month, 41 apps in Google Play that were developed by a Korean company were found to come with malware dubbed "Judy," according to a report by Checkpoint Software.
Meantime, here are eight solid security apps security experts recommend for Android BYOD users. Let us know in the Comments section if you have some favorites we didn't include.
The Skycure Mobile Threat Defense enterprise app is designed for both consumers and the enterprise. The company uses the same free public app for both its consumer version in Google Play and its enterprise edition used by BYOD workers.
Phil Hochmuth, program director and enterprise mobility for IDC, says one of the most important features of the app is its potential ability to map unsafe public WiFi networks. The company claims its app can offer "multi-layered" detection and analysis like user behavioral analysis, look for signatures and source origin, as well as abide by third-party blacklists.
Skycure's app is free for both consumers and enterprise users, offering such features as security alerts that the user will have to fix for themselves. A service option at $10 a month includes a console to monitor Android devices on the corporate network and more visibility into the threat landscape, Duckering says. That monthly rate could be lower with volume discounts, he notes.
Mobile security vendor Lookout offers both a consumer and enterprise version of its software. For employees whose companies do not require or offer mobile security apps for their devices, there is Lookout Personal, which offers features including identity protection, theft prevention, and protection against malware, adware, and phishing attacks. Michael Akamine, Lookout's director of partner product management, notes that the mobile app not only secures data but also tracks the physical loss of the device. It detects multiple PIN input attempts, for example, and can take a photo of the thief and email it to the user with the device's location. Lookout also allows the victim to remotely wipe data off of a stolen device.
IDC's Hochmuth notes that Lookout's offering has a strong feature set as well as a huge installed base, and as a result, has a broad number of devices from which it can analyze and see threat patterns and gather big-data intelligence.
Pricing for Lookout Personal ranges from free to $3 per month per user for its premium version. It also sells a Premium Plus version for $9.99 per month that comes with a breach report and identity theft insurance and restoration. The enterprise version of Lookout is based on a tiered, custom-pricing model based on services and mobile device count, according to a company spokeswoman.
Wandera's Enterprise Mobile Security combines threat detection with other features, such as measuring and limiting cellular data usage when roaming internationally, as well as split billing for BYOD and corporate use, Hochmuth says.
The software scans apps installed on smartphones, and identifies apps that might be leaking sensitive data or carrying improper permission levels. Other features include monitoring a device's network connectivity, analyzing unusual configurations and behaviors, and scanning for vulnerabilities.
Wandera does not offer a consumer version of its Android app. For an enterprise user to use the app, his or her employer must be a subscriber to Wandera's enterprise service. The cost of the enterprise service is based on the number of devices, terms of the contract, and other issues, according to Wandera. That the service generally costs from $5 to $10 per user, per month.
Zimperium Mobile IPS, aka zIPS, is an enterprise app that is designed to offer real-time mobile intrusion prevention and threats to apps, the company says. IDC's Hochmuth, meanwhile, notes: "[It offers] strong on-device threat detection with an SDK and app development integration capabilities to build security into other apps."
zIPS pricing depends on the number of devices an organization wants to protect, or it could instead opt for an enterprise license agreement.
Enterprise mobile security company Appthority, which markets an app under the same name, focuses on delivering mobile threat detection, Hochmuth says. He noted the company's specialty is in detecting risky apps based on behavior analysis. The app provides risk scores that make its threat reporting more visible; it also identifies upstream risks.
Pricing for the enterprise service is based on the number of devices under management, similar to the pricing model of EMM/MDM, says Domingo Guerra, Appthority president and co-founder. The price can range from $2 to $6 per device, per month, based on volume.
Better Mobile Security, which sells an enterprise app with the same name, offers an app with low-battery consumption and an on-device app that has network and device threat detection, Hochmuth says.
A subscription for Better's MTD costs 99 cents per month, with the option of adding its mobile Next-generation firewall (mNGFW) for an additional $6 per month, says Senai Ahderom, Better Mobile Security's CEO, noting the company only sells to government agencies and enterprise customers, not consumers.
Virtual private network provider NordVPN serves both the consumer and business market. Its VPN is designed to deliver consumers double data encryption, a strict no-logs policy that prohibits the storing of user activity, and an automatic kill switch that will halt software that is specified as off-limits, says Jodi Myers, head of NordVPN's marketing. She adds that NordVPN as well as other makers of VPNs provide BYOD workers with a way to secure their data as it moves to and from their device over networks.
The pricing for the VPN service is $11.95 under a one month plan, or $5.75 per month under a one-year subscription, according to its pricing published on its website
Virtual private network provider NordVPN serves both the consumer and business market. Its VPN is designed to deliver consumers double data encryption, a strict no-logs policy that prohibits the storing of user activity, and an automatic kill switch that will halt software that is specified as off-limits, says Jodi Myers, head of NordVPN's marketing. She adds that NordVPN as well as other makers of VPNs provide BYOD workers with a way to secure their data as it moves to and from their device over networks.
The pricing for the VPN service is $11.95 under a one month plan, or $5.75 per month under a one-year subscription, according to its pricing published on its website
With Android-toting employees increasingly infiltrating the workplace as part of the growing BYOD corporate culture, CISOs at large organizations as well as security managers at small organizations face an increasing security challenge.
For starters, 98% of Androids aren't running the latest version of Android software, putting the corporate network at risk of attack via a compromised device. If employees aren't updating their mobile OS, it begs the question of whether they practice good mobile security hygiene in general.
The data is telling: some 49 of federal employees do not secure their mobile devices with a security app or solution, according to a report by Lookout, which surveyed over 1,000 federal government employees.
Meanwhile, a report by Webroot found that 37% of 2,129 adults in the US have no security apps installed on their device other than what came with the handset. The 2014 report also found that only 19% of survey respondents had a security app on their phone, which they personally selected, while 17% of survey participants had a security app installed that their employer required.
Android-toting BYOD workers are finding employers requiring certain security apps for their smartphone either as part of the organization's enterprise license agreement with a mobile security software vendor, or as a gentle nudge from the CISOs office that such a move would be welcomed. Some of these apps - both enterprise and consumer - offer encrypted messages and voice calling, virtual private networks, and map potentially unsafe Wi-Fi networks.
"The most important security app for an individual to buy is a mobile threat defense tool to look for unusual device behavior," says John Girard, a vice president and distinguished analyst with Gartner.
Of course, BYOD users should only acquire Android apps from the Google Play store, which screens apps for not only their functionality but also adds a layer of security to the process. Even so, the Google store isn't necessarily bulletproof: Last month, 41 apps in Google Play that were developed by a Korean company were found to come with malware dubbed "Judy," according to a report by Checkpoint Software.
Meantime, here are eight solid security apps security experts recommend for Android BYOD users. Let us know in the Comments section if you have some favorites we didn't include.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024