Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/11/2013
02:03 PM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Twitter
Facebook
LinkedIn
RSS
E-Mail
50%
50%

Android MDM Fragmentation: Does It Matter?

Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down

Of all the big companies in the Android ecosystem, it's fair to say that Samsung is the only one that takes security seriously, at least in public. Their SAFE and KNOX initiatives create APIs for outside MDM providers to manage the devices. Other Android handset companies have some MDM interfaces, but they don't brag about them the way Samsung does and they've certainly said nothing about extending them into mobile application management as Samsung has with Knox.

Outside of mobile it's assumed that the company that writes the operating system puts security and manageability features into it. For some reason, in the mobile space the standards for these facilities are very low and customers are expected to go to third parties like MobileIron and AirWatch for security solutions. So far, only BlackBerry has delivered on better security through BES 10.

Apple bears much of the blame for our low standards in these markets, but Google has let their customers down even more. At least Apple, Microsoft and BlackBerry provide MDM interfaces. Google doesn't even do that. You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe.

Into the vacuum the Android handset manufacturers stepped to create their own MDM interfaces. Samsung has SAFE. LG has their own, as do Motorola, HTC and the others. All of these interfaces are, for reasons I find unconvincing, not publicized, but the handset companies share them with the MDM companies in order to gain access to the MDM companies' customers. Thee same companies get the MDM interfaces from Apple and Microsoft. BlackBerry customers need a BES anyway.

At one level it seems unimportant that the Android MDM interfaces are unstandardized: That's a problem for the MDM companies to deal with, not you the customer. But the lack of standardization and the lack of public interfaces means that customers don't have a straightforward way to compare the MDM capabilities of different handsets.

The lack of standardization, especially a standard coming from Google on all Android devices, means that security will advance slowly across the Android user base.

It's surprising that Google would be so unconcerned with mobile security when they appear to be so interested in mobile computing. BlackBerry is attempting to leapfrog the competition in BES 10, in part by providing better security and device management. It would not take much for Google to leap even further.

Larry Seltzer is the editorial director for BYTE, Dark Reading, and Network Computing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: - @lseltzer @BYTE - Larry Seltzer BYTE - Larry Seltzer on LinkedIn BYTE - Larry Seltzer on Google+ View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nannasin28
50%
50%
nannasin28,
User Rank: Apprentice
4/16/2013 | 3:02:38 AM
re: Android MDM Fragmentation: Does It Matter?
the security will advance slowly across the Android user base.- 2SA1943
RICB27
50%
50%
RICB27,
User Rank: Apprentice
4/15/2013 | 5:38:55 AM
re: Android MDM Fragmentation: Does It Matter?
Hi Larry,

You -said ... "You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe."

Not true ...

Here's the URL on Google page regarding remotely wiping an Android device:-http://support.google.com/a/bi...

As for application push - you can install, uninstall, and update apps on your device directly from the Google Play store. You can also configure each app to automatically perform OTA updates. Updates to the Android OS are also done OTA. And all of these were already baked into the Android OS (Gingerbread version) well before it's possible in iOS.

Cheers,
Ric
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1074
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or...
CVE-2021-1075
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of se...
CVE-2021-1076
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
CVE-2021-1077
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
CVE-2021-1078
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.