Android Security Update Audit

Discover Android Devices with an Outdated Security Patch Level

Discover devices in your IT environment that have an outdated security patch level. Every month, Google released a new Android security update which contains details of all the security-related issues that are being fixed in that month's security update.  Mobile devices contain some of the most sensitive information, therefore it is critical the latest security patches are applied if possible.

Lansweeper scans mobile devices using Microsoft Intune and with it, retrieves the security patch level of Android devices. In the July 2019 security update, 33 vulnerabilities were found, 9 of which had a critical severity rating. You can find more information about in the July 2019 security patch update blog post.

Android Security Update Query

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblADusers.Username,
  tsysAssetTypes.AssetTypename As AssetType,
  tblIntuneDevice.Manufacturer,
  tblIntuneDevice.Model,
  tblIntuneDevice.OperatingSystem As OS,
  tblIntuneDevice.OsVersion,
  tblIntuneDevice.AndroidSecurityPatchLevel As [Security Patch Level],
  Case
    When GetDate() >= DateAdd(month, DateDiff(month, 0, GetDate()), 4)
      And Cast(tblIntuneDevice.AndroidSecurityPatchLevel As datetime) >=
      DateAdd(month, DateDiff(month, 0, GetDate()), 4) Then 'Up to date'
    When GetDate() < DateAdd(month, DateDiff(month, 0, GetDate()), 4) And
      Cast(tblIntuneDevice.AndroidSecurityPatchLevel As datetime) >
      DateAdd(month, DateDiff(month, 0, GetDate() - 30), 4) Then 'Up to date'
    Else 'Out of date'
  End As [Security Patch Status],
  Case
    When GetDate() >= DateAdd(month, DateDiff(month, 0, GetDate()), 4)
      And Cast(tblIntuneDevice.AndroidSecurityPatchLevel As datetime) >=
      DateAdd(month, DateDiff(month, 0, GetDate()), 4) Then '#d4f4be'
    When GetDate() < DateAdd(month, DateDiff(month, 0, GetDate()), 4) And
      Cast(tblIntuneDevice.AndroidSecurityPatchLevel As datetime) >
      DateAdd(month, DateDiff(month, 0, GetDate() - 30), 4) Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor,
  tblIntuneDevice.SubscriberCarrier,
  tblIntuneDevice.Imei,
  tblIntuneDevice.SerialNumber,
  tblIntuneDevice.EnrolledDateTime,
  tblIntuneDevice.LastSyncDateTime,
  tblAssets.Lastseen,
  tblAssets.Lasttried
From tblAssets
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAssetCustom On tblAssetCustom.AssetID = tblAssets.AssetID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblIntuneDevice On tblIntuneDevice.AssetId = tblAssets.AssetID
  Left Join tblADusers On Lower(tblIntuneDevice.EmailAddress) In
    (Lower(tblADusers.email), Lower(tblADusers.UPN))
Where tsysAssetTypes.AssetTypename = 'Android' And tblState.Statename = 'Active'
Order By tblAssets.AssetName

 

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting