Australian Cyber Security Centre Releases Guides to Secure Android and iOS Devices

• Australian Cyber Security Centre (ACSC) has published two guides to help secure Android and iOS devices.
• These guides are for commercial organizations, enterprises, and the Australian government.

An overview

Two guides have been published by the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC).

Designed to help the government and industry partners secure Android and iOS devices, the guides are for mobile device system administrators who are familiar with the basic networking concepts.

“Some security configuration instructions within this guide are complex, and if implemented incorrectly could reduce the security of the device, the network or the organisation’s overall security posture. These instructions should only be interpreted by experienced systems administrators and should be used in conjunction with thorough testing,” says ACSC.

Recommendations

The publications recommend certain essential strategies.

• Application whitelisting must be configured to restrict the installation of applications from unknown sources in Android. In iOS devices, specific versions of applications must be enforced using cryptographic signature.
• Patches for applications and operating systems must be applied as prompted by the device.
• Pop-ups and Java must be blocked from executing.
• Administrative privileges must be restricted by default for apps and users.
• Also, multi-factor authentication must be enabled to verify devices and user identities.
• Daily backup must be performed. In case this is not possible, administrators are encouraged to develop applications or solutions for suitable backup procedures.

The recommendations in the publications apply to Samsung Galaxy S9 and S9+ running Android 8.0 or higher and Apple iOS 12 devices, including iPhones and iPads, used within Australia.