http://www.digitaljournal.com/tech-and-science/technology/android-10-promises-increased-security-but-there-are-risks/article/557086

Android 10 promises increased security, but there are risks Special

Posted Sep 2, 2019 by Tim Sandle
A leading security expert explains why the release will still leave security issues, some of which is tied to the behaviors of late adopters.
The Androids are in town
The Androids are in town
Digital Journal
Android 10 (codenamed Android Q during development) is the tenth major release of the Android mobile operating system for smartphones and other devices. The new operating system is released on September 2, 2019. With its many features comes the promise of enhanced cybersecurity.
Enhanced security includes a requirement that all apps to transmit a randomized MAC address (a unique identifier for the network hardware within the smartphone). Furthermore, all apps will now need additional permissions to access a device's International Mobile Equipment Identity and the serial numbers. However, due to slow adoption and concerns among businesses about adopting new releases (which may contain bugs), there will still be some on-going security issues according to industry expert Sam Bakken.
Commenting on the the Android 10 release, Sam Bakken, Senior Product Marketing Manager, OneSpan told Digital Journal why the enhanced security benefits of Android 10 may not be realized by all consumers: "Many malware and mobile vulnerabilities are enabled by older versions of Android, and even though Android 10 comes with updated security features, many consumers won’t be able to access them because their carrier or device manufacturer will not distribute the updated OS."
One driver for this, according to Bakken relates to adoption rates: "Trends show slow adoption of the current OS, Android Pie (9), which only 10.4 percent of Android users had installed in May, nine months after its release." He adds that: "While Google is taking steps to make it easier to get updates to all users, there are still challenges."
There are also factors arising from the corporate world, according to Bakken: "For businesses, this again speaks to the fact that mobile devices are untrusted and potentially hostile environments. Financial institutions and other companies that develop apps handling sensitive user data can’t cross their fingers and hope that the Android ecosystem will protect their apps."
There are, however, things that businesses can do to close the cybersecurity gap, Bakken explains: "Businesses can take additional steps by adding strong authentication capabilities and advanced security technologies like app shielding and runtime protection to monitor for and take action on malware and attacks attempting to exploit app vulnerabilities -- before the damage is done."