Skip Links

Google Android security improves, but trails iPhone and BlackBerry

Enterprise concerns about Android security not fully addressed

By , Network World
October 25, 2010 06:06 AM ET

Network World - With the growing popularity of Android, IT administrators are facing demands to support smartphones from employees that use the open source mobile operating system. But while security of Google Android is improving, IT pros say it hasn't quite caught up to the more mature platforms.

"Android still needs to make some improvements in its security model," says Randy Nunez, mobile computing lead at Ford Motor Co., which supports employee use of iPhone, BlackBerry, Symbian and Windows Mobile, but does not currently support Android. "Windows Mobile and BlackBerry had a head start and they have some very mature products in the space."

Android 2.2 on Motorola Droid: First impressions of Froyo|
A Brief History of Android

The iPhone as well has become an accepted enterprise device, even though it was initially aimed at consumers.

Android is "following a parallel path with the iPhone," Nunez says. "With the iPhone 2.0, once they released support for Exchange ActiveSync and the passcode and security policies, it made it more difficult to say no," Nunez says. "And Android, with their 2.2 release, is following in the iPhone's footsteps in that way."

David Glenn, director of enterprise operations for Del Monte Foods, a San Francisco-based food production and distribution company, says smartphones need to provide at least three key security features in order for his company to support it. The phone must force users to type a password in order to bring it up from an idle state; IT must be able to remotely wipe data from the phone; and data on the phone must be encrypted.

"It has to meet those requirements or we cannot roll it out," Glenn says.

Del Monte Foods has approved employee use of a limited number of Android phones. Glenn himself uses a Motorola Droid X.

"We do support the Droid X and we're looking at the Droid 2 right now," Glenn says.

As Nunez mentioned, the 2.2 version of the Android operating system has bolstered security. Motorola has even launched an Android phone aimed at the BlackBerry market, called the Droid Pro, with security features including the ability to remotely wipe data from the phone and the MicroSD card. (Play the Google Android quiz.)

Android encryption

Google's Android now supports numerous features in Microsoft's Exchange ActiveSync, including SSL encrypted transmission and remote wipe.

"Android 2.2 provides a number of enhanced Exchange features, like the addition of the numeric pin password options, remote wipe capabilities, things like that which make it more palatable for enterprises to adopt," Nunez says.

Although software-level encryption in Android 2.2 is an improvement, Android still does not support hardware-based encryption, according to Kaspersky Lab virus researcher Tim Armstrong.

With software-level encryption, it's easier for a hacker to take data off a Micro SD card, whereas with hardware-level encryption the data on the removable storage card is "really locked to a chip on the electronics within the phone," according to Armstrong.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News