Due to the large success of Android operating system and a rising number of installations
worldwide (nearly 75% in Europe) there is also an increasing number of threats based on
Malware and Spyware.
One example for such a Spyware is the Remote Administration Tool (RAT) "Dendroid" which was
identified in March 2014. This software was embedded into a normal App and was offered inside
the Googe Play Store.After installation of Dendroid the program was able to take over the control
about Camera, Microphone and so on.
In order to prevent such a misuse of Gigaset Android phones it's the goal of this document to
provide a guideline for information security procedures. According to this the document defines
the most important measures for Android hardening.
1. Update firmware and operating system to the latest version
Gigaset is always working to improve the reliability and security of the complete product portfolio.
This means that the phone firmware is permanently enhanced to face threats like malicious software.
Thus it's absolutely recommend to keep the device firmware always up to date.
For the same reason it's best practise to keep also the operating system up to date.
2. Installation of a Virus and Trojan scanner
Despite all security procedures the likelihood is quite high to get malware or spyware. To detect
these threats it's crucial to install a Virus and Trojan scanner. By means of these programs the
system has got the ability to find and remove malicious software.
3. Don't root the device
The shipped Gigaset Android devices has got no "root" administrator permissions. However, the
internet offers a lot of software to obtain these rights and to adjust the own device in a deep level.
Please be aware that these changes incorporates a lot of risks.
Due to this it's not permitted to conduct such changes. Rooting administration of a device
affects the loss of all Gigaset warranty.
4. Usage of Google Playstore
It's recommend to use only Google Playstore and to disclaim for the usage of third party App
stores. Nevertheless it's necessary to respect certain security rules for the Google Playstore
download.
It's a best practice to check the trustworthy of each software . This can be done by a
App rating check. Negative ratings and comments should be considered. If ratings or comments
are missing the customer should balance the benefits and risks in terms of the new software.
5. Restriction of permissions
The selection of permissions has got a large impact for the operation of a Android device. Thus it
should be strictly considered which permissions are really necessary and which not.
So the level of permissions should be respected for each App installation. Not every application needs
the access to the internet or to special hardware components like cameras or other service resources.