Many organisations use Android devices and many of those are owned by their staff and are being used as “BYOD” devices. You need to have a policy about the ones that hold your company’s information.
Android is probably the most attacked OS after Microsoft (see article here) so you need to check your people keep their devices securely patched.
This article from BleepingComputer Computer by Sergiu Gatlan shows the updates available for Android.
September Android updates fix zero-day exploited in attacks
However remember that not all versions of Android are equal – some device vendors are slow or selective about the Android updates they issue!
Clive Catton MSc (Cyber Security) – by-line and other articles