Android 4.0: Security Holes in “Ice Cream Sandwich”
By Tony Bradley
Android 4.0 “Ice Cream Sandwich” is imminent with the launch of the Samsung Galaxy Nexus smartphone. Early reviews suggest that Android 4.0 is a cutting edge mobile OS with a variety of awesome features to look forward to. Some of those whiz-bang features come with potential security concerns, though.
According to Good Technology, a provider of multiplatform mobile management and security tools, Android 4.0 introduces some new security holes that users and IT admins need to be aware of. None of these are glaring security gaps that should cause you to run the other way or choose to avoid “Ice Cream Sandwich”, but you should at least know what the potential security risks are so you can take steps to defend against them.
Support for on-device encryption is a good thing, but it also introduces a variable which can make the encryption on one Android device stronger than the encryption on the next one. Encryption is only as strong as the combination of the encryption algorithm used, how well the encryption keys are protected, and the strength of the password used to unlock it. If any of these is lacking, it becomes the weak link in the chain, and the Achilles heel of the encryption.
Email Copy and Paste
The ability to copy and paste from email could lead to data loss. IT admins in particular should be aware that it could be possible to take email content or data from file attachments and open it in third-party apps that may not provide the same level of security.
Facial Recognition Unlock
Face unlock is a cool feature. Android may be one of the first to implement it, but it is not the only OS considering facial recognition as a means of authentication. It is awesome for your smartphone or tablet to just recognize you and log you in without having to remember or type passwords or PINs, but if you can unlock the device with your face, so can someone else. A decent picture of you might be all someone needs to activate the facial recognition and access the Android device.
Users will appreciate the ability to wirelessly beam data and contacts from one Android device to another. But, if data is not encrypted in transit, there is potential for information to be exposed or intercepted in transit.
Capture Screen Shots
The ability to capture screen shots is a crucial function for a smartphone or tablet in my opinion. It helps for storing important information, and troubleshooting. As a tech writer, I need it so I can capture images of what I am talking about to use with my posts and articles. IT admins may not appreciate the feature as much, though, because screen capture can be a method of capturing sensitive data that can then be stored or shared in ways that can compromise it.
Android 4.0 “Ice Cream Sandwich” appears to be a phenomenal mobile platform with a variety of cool features and functions. Just make sure you are also aware of the security implications of some of those features so you can use ICS safely and avoid exposing or compromising your sensitive information.