Android Security Management Services

ANDROID SECURITY MANAGEMENT SERVICES

With more devices being connected every day, malware practices have increased over the years. While ransomware attacks have increased to 36% over the years (almost 4000 a day), Microsoft estimates that the potential cost of global cybercrime is at about $500 billion. Up to the first quarter of 2018, Android’s global market share was at 85.9% up from 76% in 2017. With almost 98% of malware attacks being targeted on the Android platform, it is becoming a prime target for hackers. For enterprise devices, enterprise customers must minimize security vulnerabilities to keep their devices secure due to increased business impact. For consumer devices, OEMs find it challenging to protect their investment and reduce total cost of ownership over the devices’ lifetime. Consumer Electronics OEMs are also coming into the fold of the Android Enterprise Recommended Program to ensure market confidence and are supplying devices to enterprises in order to increase their market share.

Android maintenance is mandated by Android Enterprise Recommended Program for both enterprise and consumer devices and involves providing security patches every month as a compliance.

With over 1200 person months’ experience, Sasken has played a crucial role in delivering Android Security Management services and addressed 6000+ common vulnerabilities and exposures (CVEs) on 90+ models for both consumer electronics and enterprise device customers. Sasken has successfully ported all versions of Android from Eclair to the latest Android 10 and enabled leading OEMs to launch their Android-based consumer and enterprise devices on various chipsets (Qualcomm, MediaTek, Texas Instruments, etc.) in operator networks in North America and Asia. Sasken’s Android Security Management Center of Excellence (CoE), comprised of Android Security Management experts and an Android Security Management lab, provides subscription-based Android Security Management services that enable OEMs to reduce efforts in managing security upgrades and provide long-term maintenance of security upgrades.

OFFERINGS

Complete ownership of providing security patches to OEMs for Android devices
Pre-built and tested part-patch-update at a defined cadence:
- Analysis on OEM’s Device:
  - Verify Target OS relevance for that device
  - Analysis of patches
- Integration:
  - Direct integration for supported Android versions
  - Propagating patches
  - Resolving merge conflicts
- Validation:
  - End-to-end platform testing
  - Google pre-certification
  - Resolving merge conflict
  - Analysis on OEM’s Device:
    - - Verify Target OS relevance for that device
      - Analysis of patches
- Certification support:
  - Google Compliance (CTS, GTS, CTS-on-GSI, CTS Instant, VTS, STS)
  - Carrier Certification Support
- OTA campaign deployment support
- Backporting of patches to legacy Android versions
- Dedicated engineering team working in factory-model on all chipsets variants ensuring uninterrupted support and integration ready patches available every month
- Sasken Security Package (SSP) contains integrated AOSP and chipset security patches

FAQs

Frequently Asked Questions

Why do Android devices require monthly security patches?

Monthly security patches are mandated by the Android Enterprise Recommended Program to maintain compliance for both consumer and enterprise devices. These updates protect users from increasing malware attacks, which target nearly 98% of the Android platform, helping OEMs maintain market confidence and reduce security vulnerabilities.

What Android security services does Sasken provide?

Sasken provides subscription-based Android Security Management services including the analysis, integration, and validation of security patches. Their offerings cover complete ownership of security patches, backporting to legacy versions, and certification support for standards like CTS, GTS, and VTS to ensure Google compliance.

What is Sasken’s experience in managing Android vulnerabilities?

Sasken has addressed over 6,000 common vulnerabilities and exposures (CVEs) across more than 90 device models. With over 1,200 person-months of experience, their experts have ported all Android versions from Eclair to Android 10, supporting leading OEMs on various chipsets like Qualcomm, MediaTek, and Texas Instruments.

Which certifications are supported during Android security management?

Android security management includes support for various Google compliance certifications such as CTS, GTS, VTS, and STS. Additionally, services encompass carrier certification support and end-to-end platform testing to ensure that integrated patches do not conflict with device-specific software or operator network requirements.

Which chipsets are compatible with these security management services?

These security services are compatible with several chipsets, including Qualcomm, MediaTek, and Texas Instruments. A dedicated engineering team works on all chipset variants to provide integrated AOSP and chipset security patches, ensuring uninterrupted support through a factory-model approach for diverse hardware platforms.

Can security patches be applied to older Android versions?

Security management services include backporting patches to legacy Android versions to maintain the protection of older hardware. This process involves resolving merge conflicts and verifying Target OS relevance to ensure that older devices remain resilient against modern cyber threats and evolving malware.

Why is Android security critical for enterprise devices?

Security is critical for enterprise devices because hackers target Android for 98% of malware attacks, leading to significant business impacts. Companies must minimize vulnerabilities to secure sensitive data, while OEMs use these services to protect investments and reduce the total cost of ownership over a device’s lifetime.

Android Security Management Services