Be aware of a new Android vulnerability named Quadrooter. Sounds painful!
The Quadrooter vulnerability affects Android devices with Qualcomm chipsets by allowing malicious apps to gain root access on the device.
The good news here is that Google has already issued a statement asserting that the “Verify Apps” security feature will block and remove any app that attempts to expose the vulnerability. The “Verify Apps” feature has been turned on, by default, since Android 4.2 Jelly Bean, so there’s a great chance you’re already protected! Additionally, as Quadrooter apps don’t come from Google Play apps, users also have to allow the “Install from Unknown Sources” option on the device.
But that’s still not good enough, right? A single vulnerable device, if exploited, could be costly to your organization.
In addition to the Google defenses with “Verify Apps,” Qualcomm has already issued patches, but those could take some time to be consumed by device manufacturers.
What should you do in the meantime?
XenMobile can help.
The XenMobile enterprise mobility management (EMM) platform provides extra layers of security to give you peace of mind when managing a wide variety of Android devices.
XenMobile MDX container technology makes it much harder for attackers to penetrate corporate data since MDX encrypts application data-at-rest by default.
XenMobile has built-in rooting detection features that protect both MDM and MAM deployments. The default MAM policy is to lock MDX apps on rooted devices. MDM policies can also assign actions for rooted devices.
Additionally, we recommend that XenMobile customers apply the policy that disables mobile app installations from a untrusted app sources.
Fragmentation of the Android market continues to be a challenge. The best way to combat the inevitable vulnerabilities is to implement mobile security measures such as enterprise mobility management. The XenMobile EMM platform combines detailed device visibility with actionable controls to defend against malicious threats.
For more information visit us at citrix.com/XenMobile.