Nuffield-Logo-White
Contact us
You Must Test Mobile Device Security Updates: Here’s What We Recommend cover

You Must Test Mobile Device Security Updates: Here’s What We Recommend

November 7, 2024
Software Development
cyber attacks, cyber security, OS, Phones, security threats, Windows CE to Android Migration

Managing Android security updates for your Zebra mobile computers puts you between a rock and a hard place. On the one hand, you must deploy operating system (OS) updates to protect your organisation from threats. On the other, these updates could play havoc with your core business apps by causing critical incompatibility failures.

Welcome to a very tricky dilemma that can raise competing voices in an organisation.

  • IT security team: ‘It’s essential to update the OS to protect against cyber risks – this is nothing less than due diligence.’
  • Operations team: ‘It’s working today, so “if it isn’t broken, don’t fix it”. We can’t risk a firmware or Android version incompatibility that could take business operations down for some unspecified threat down the line.’

Resolving these opposing issues will take work. But it’s not all bad news. Firstly, if you’ve chosen or recently migrated to Android, you’re using the most suitable OS for business. (See the rationale for our Android is the best OS claim.) Secondly, if you’ve picked Zebra’s devices and their LifeGuard for Android security solution, you’re deploying rugged, enterprise-grade mobile computers with robust ongoing support.

There’s just a little more you must do to keep devices secure for the long term while also avoiding potential software failures. And we’ll reveal what that is in this post.

You Must Update Your Devices

You can’t avoid updating your software. It’s that simple.

The UK government’s Cyber Security Breaches Survey 2024 revealed that half of businesses (50%) and around a third of charities (32%) report having experienced some form of cyber security breach or attack in the last 12 months. This is clearly not something that only happens to ‘other organisations’ any more. The results can be devastating. Cyber criminals bring operations to a standstill, steal data and destroy reputations. The clean-up costs and compliance penalties can be huge.

The threat appears to be growing. The National Cyber Security Council Annual Review 2023 revealed cyber criminals – once typically bedroom hackers or small gangs – are increasingly sophisticated state actors. China, Iran, North Korea and Russia are all actively targeting western infrastructure.

Meanwhile, AI and large language models (LLMs) will amplify existing threats, increasing the volume and sophistication of attacks.

Android OS updates are a solid defence against cyber criminals because they help to:

  1. Protect against known exploits.
  2. Mitigate against newly discovered vulnerabilities.
  3. Enhance system security.
  4. Help you comply with industry regulations and standards.

The case for rolling out regular updates is clear. But how do you go about it?

LifeGuard for Android – the Right Way to Update Zebra Devices

As a mobile security specialist, we have no hesitation in recommending Zebra’s LifeGuard for Android solution. This software security product helps protect your Zebra mobile devices from cyber-attacks and also extends their lifecycle.

Zebra LifeGuard for Android is user-friendly and can simplify many IT complexities. For instance, you can opt for over-the-air automatic updates, which requires zero work from your IT department. Or you can control every aspect of security updates manually.

One thing we (and you should) appreciate about LifeGuard for Android is that it provides monthly patches, surpassing the frequency of updates offered by most competitors. From a security hardening point of view, this is a compelling reason to choose this product.

But What About Those Critical Failures?

So, you update your Android OS and move on. Simple?

As the introduction to this article suggests: actually, it’s not so simple. An Android software update is a phenomenally sophisticated operation. It’s not an ‘add-on’ to an existing system – it’s a fundamental change to that system. And it occurs in mere moments as your phone downloads the update, reboots and configures itself.

To quote a fascinating book, Androids: The Team that Built the Android Operating System, ‘…you’ve just had your phone completely replace the fundamental pieces of itself on the fly, and it all just worked. It’s like having your brain swapped out while you’re standing in line at the coffee shop, and then continuing to order as if nothing happened.’

But sometimes things do happen. This could be because the update is incompatible with something on the device – an app, for instance. Or an error could have crept into the update. And, when it comes to errors in software, the tiniest ones can cause big problems.

In 1962, NASA’s Mariner 1 was set to undertake a flyby of Venus. Only it didn’t. It veered off course and crashed 294 seconds after lift off. Thankfully, no lives were lost – just a reported $18.5million hard cash. The failure was partly down to an almost insignificant (unless you know better) piece of code – the omission of an overbar for the symbol R for radius (R instead of R̅) in an equation. Arthur C Clarke described the error as ‘the most expensive hyphen in history’. (Incidentally, according to NASA this famous statement was an error in itself – no hyphens were involved.)

Mariner 2 Engineering Model (A19760027000) silhouetted against black background. Mariner 2 was identical in design to Mariner 1
One small coding oversight, one giant failure: The Mariner 1 crash of 1962 reminds us that even the tiniest software errors can lead to significant consequences. Photographer: Eric Long

More recently, a software failure caused an explosion – figuratively this time – across the globe. In July 2024, Microsoft experienced a global outage that affected users of Windows worldwide. The culprit was a faulty update from cyber security software company CrowdStrike, which led to widespread blue screen of death (BSOD) issues for private and public sector organisations across the globe.

While your update failures may not involve exploding rockets or global outages, they can pose a serious threat to your organisation.

The worst problems fall into one of two categories:

  1. Device malfunction: Updates may introduce changes that conflict with existing apps, causing them to malfunction, crash or enter the dreaded boot loop – where your device keeps rebooting.
  2. Data Loss: Failed updates or compatibility issues can sometimes result in data corruption or loss. This could halt all operations and/or result in serious compliance breaches.

But there are other irksome issues which, while not headline news, could lead to a ‘death by a thousand cuts’ for your organisation. For instance, some updates can negatively impact device performance, especially on older hardware, slowing down your operations. Occasionally, they may result in increased power consumption, leading to reduced battery life, so your devices won’t last a full shift.

How to Roll Out Critical Security Updates Safely

The answer to rolling out updates in the right way may not surprise you. You or your IT Managed Services partner must test your updates before deploying them across your organisation. But be warned – testing is no easy matter.

The Android ecosystem is diverse, which is a polite synonym for fragmented and complicated. This means testing may cover a wide range of device models and OS versions. Also, ensuring app compatibility may involve testing the updates against multiple apps to ensure continued functionality.

A typical testing regimen may look like this:

  • Creating comprehensive test plans.
  • Setting up test environments that mirror production scenarios.
  • Executing manual and automated tests.
  • Analysing test results and identifying potential issues.
  • Collaborating with development teams to address discovered problems.
  • Conducting regression testing to ensure fixes don't introduce new issues.

This rigorous testing process can be extremely time-consuming and resource-intensive. And here’s an industry open secret: it’s not just internal IT departments that struggle to execute the above diligently. Outsourced IT teams and software developers often simply do not have the resources to undertake this necessary work to the required standard.

Which means that, yes, too many businesses are rolling out essential OS updates without properly testing them, or not rolling out the updates for fear of knocking out their devices. This is a methodology commonly known as closing your eyes, crossing your fingers and hoping for the best. And it’s never an ideal solution.

Choosing not to listen: The danger of ignoring proper testing before update rollouts.

What Can I Do?

Despite the many difficulties outlined above, you DO need to test comprehensively before rolling out your updates.

If you are an IT department or an outsourced IT team struggling with this essential work, talk to our team at Nuffield Technologies. We have developed a methodology that ensures rigorous and comprehensive testing of Zebra LifeGuard for Android updates. It provides complete assurance that your Android mobile device, and the apps on it, will perform as expected, maintaining business continuity and keeping the mobile devices secure. Crucially, our rigorous approach significantly reduces the time and cost of undertaking testing.

Our solution will ensure you implement your Zebra LifeGuard Android updates in a safe and timely way, while reducing costs and the burden on your IT teams or partners.

To find out more about this service, get in touch.

0
No products in the cart