Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It?

Android applications are used in a variety of domains, including business, social, media, health, scientific, and even military. On one hand, enterprises can take advantage of the richness of Android applications to support their business needs. On the other hand, Android devices contain rich sensitive data -- e.g., GPS location, photos, calendar, contacts, email, and files -- which is critical to the enterprise and unauthorized access to this sensitive data can lead to serious security risks. In this paper, we describe the nature and sources of sensitive data, what malicious applications can do to the data, and possible enterprise solutions to secure the data and mitigate the security risks. The purpose of this paper is to raise employees' and enterprises' awareness and show that a suite of easy-to-implement measures can improve both employee and enterprise security.