The digital landscape is constantly evolving, and with it, the threats to our devices. A common question that arises, particularly in enterprise settings utilizing managed Android devices, is whether...
Updated 10 days ago
Version 2.0
Blog Post
Interesting article Bigdogburr , thanks for sharing.
I like Android's philosophy on being a platform that can be used on wide range of devices and where users are able to bypass standard settings to create a device that works for them. You are not limited to what Android can do by default, but you are able to add apps that are able to do what you want.
But thats also a big big downside when looking at the security side of things. I understand GPP helps a lot, but some of the reports about malware are about the AOSP version, shouldn't there be more focus on security on the core OS side perhaps? That might help to set Android in a more positive light. I have so many discussions with customers saying that the "other" platform is more secure than Android, its getting a bit annoying. And that coming from someone who sells and works with both Android and its alternative competitor.
Alex_Muc, can you tell more about the accessibility services being targeted or what you did to prevent that?
Michel I think we took the hint from an older Verizon Business Mobile Security Index report. Malicious apps with permission to access the Accessibility Services can read the display content and therefore access/steal sensitive data. However, they can also manipulate the user interface and input data. However, such an attack usually goes hand in hand with sideloading.
Using the Enterprise Policies, you can allow certain apps for the accessibility services via “permittedAccessibilityServices”.
https://developers.google.com/android/management/reference/rest/v1/enterprises.policies
Hi Alex_Muc , I think that was a screen overlay issue a few years ago. Now by default, screen overlays are controlled with permissions and screen overlay was hardended such that apps need an identifier to access the api.
