Google's Android platform could complicate security

By Michael Morisy, News Writer 21 Nov 2007 | SearchMobileComputing.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

Computer security firm F-Secure wrote in its blog that Google's openness with the platform could be its undoing.

"If unsigned and unknown applications written by anyone have full access to phone features, we smell trouble," wrote Mikko Hyppönen, chief research officer at F-Secure.

Hyppönen noted one statement in particular from Android's homepage: "…an application could call upon any of the phone's core functionality such as making calls, sending text messages, or using the camera...."

Google has created a page detailing Android security measures, which are largely install-time and permissions based, but the true test will not occur until the first Android phones hit the market and reach a critical mass.

Whether the Gphone or Android platform will make a big splash in the market is not a sure thing, experts said. Google is an outside player trying to overturn the current models of entrenched mobility giants on their home turf.

Francis Sideco, senior analyst at iSuppli, said any estimates of Android's future market share at this point are pure conjecture.

"Until we know what products come out of the Open Handset Alliance (OHA) and where those companies are targeting initially, we're not even going to be able to guess," he said.

Sideco said the release of the iPhone opened up a window for Google to convince carriers and manufacturers to come to the table and build a competitor. If the platform is successful, he said, it could provide "a potential opportunity to build an ecosystem or development environment they can use to address the iPhone challenge."

Sideco added that the current OHA members appear likely to create a consumer-oriented phone rather than an enterprise- or executive-oriented device. Even if that holds true, enterprise IT departments are still likely to find themselves dealing with the devices soon after their launch.

"For more and more of these employees, there's a blurring of the lines between their business life and their personal life," Sideco said. "So if the Android platform helps that melding be more efficient ... where you can do both personal and enterprise type of work, that could really drive adoption."

Several factors will play into Android's potential enterprise adoption. One will be how easy it is to integrate with current policies. Sideco said smartphones were much more welcome into the corporate sphere once remote deletion capabilities allowed IT departments to wipe lost phones of confidential or proprietary data.

More on mobile security Learn how to set goals for mobile security Read what our survey learned about mobile security and policy

Another factor that could affect Google's smartphone success, Sideco said, is how "technology forward" the individual companies are.

"How much confidence do they have in their IT department to secure data in that device?" he said. He added that Android phones might avoid the stigma iPhones face in corporate IT departments if models are designed specifically for the enterprise markets rather than with the strong consumer focus the iPhone had, with its main features being music, video, Web browsing and other mobile entertainment functions.

If and when Android phones develop a sizable market, security issues will probably become a major focus. To help ease these concerns, Android developers might do well to follow familiar paradigms when possible.

Marc Kirstein, president of MultiMedia Intelligence, said VPNs could go a long way in comforting uneasy IT departments.

"The IT department is going to be in effect quarantining the Gphone," he said.

Rick Sizemore, chief strategy officer with MultiMedia Intelligence, said concerns with the Android platform are legitimate, but not unprecedented.

"Any new platform that is different from what [IT departments] are used to [is met with caution]," Sizemore said. "They were leery when BlackBerrys came out. There were a few problems; but overall, they learned to adapt to it."

The bottom line, Sizemore said, is that IT departments are paranoid for a reason: They are chronically under-funded and under-manned, and when the network goes down or glitches occur, they come under a microscope.

Sizemore agrees with Sideco that the Android could definitely work its way into the enterprise as personal users bring it in and intermix personal and professional lives. Problems could really occur if the phones try to access those corporate networks -- for example, by logging into a wireless network.

Regardless of the concerns, Kirstein said, Gphone and the Android platform will probably offer a few "killer applications," and Android-based phones could be the next big thing in both personal and professional circles when they are first released in the second half of 2008.

Tags: Mobile Device Security,  Mobile Policies and Procedures,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research Mobile Policies and Procedures Securing corporate data on your laptops Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security: Asserting control over mobile devices Mobile security culture starts at the top Detecting rogue mobile devices on your network Mobile security policies Defining your mobile security policy Government regulations and mobile security policies Mobile security policies: Why a policy is important

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) screaming cell phone  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary