Mar 19, 2012

Will your company allow employees to use rooted Android devices?

Does it make a difference to you if someone's BYOD has been rooted? Probably 50% of the people I know that use an Android have rooted it. I'm sure that the percentage of the general public that roots their device is much lower than that, but still, there are plenty of rooted Androids out there. The majority of the time on older devices, most of my friends rooted their phones to get rid of bloatware, but as internal memory size has increased that is less compelling of a reason. As concern about security vulnerabilities of mobile devices rises, are more businesses starting to consider root access when developing their BYOD policies? Would you allow a rooted Android smartphone at your company?

Do you allow end users to be administrators on their computers in your company? That is what root does... same exact thing

I guess it is a legitimate security concern.  I'm not sure if you have a VPN set up how great of a risk it is, but it could be a vulnerability.  I would be in trouble though, my Android was rooted within an hour after I opened the box.  There are some pretty handy root apps out there.  SetCPU is one I really like for good clean overclocking fun.  But beware!!! Rooting opens the door to flashing ROMs, and that is where the real fun begins!  


The problem is that a rooted android not only can you do whatever you want, attackers can do the same, and they write malicious code and/or viruses.  Then they can use the system root privileges to do whatever they want.  Oops, there it goes; executing and populating hostile payloads all over the place.  Even though it is hypocritical, since I have rooted my android phone, I would not want a bunch of rooted devices connecting to my network.

If I were an IT admin, I would not allow it. It seems like it might be more of a security risk. I can understand why a user would do it, but why let yet another potential security problem onto your network?

The prudent thing to do would be to issue company Android devices that are not rooted and have extra security precautions in place.
Answer this