Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/11/2013
02:03 PM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

Android MDM Fragmentation: Does It Matter?

Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down

Of all the big companies in the Android ecosystem, it's fair to say that Samsung is the only one that takes security seriously, at least in public. Their SAFE and KNOX initiatives create APIs for outside MDM providers to manage the devices. Other Android handset companies have some MDM interfaces, but they don't brag about them the way Samsung does and they've certainly said nothing about extending them into mobile application management as Samsung has with Knox.

Outside of mobile it's assumed that the company that writes the operating system puts security and manageability features into it. For some reason, in the mobile space the standards for these facilities are very low and customers are expected to go to third parties like MobileIron and AirWatch for security solutions. So far, only BlackBerry has delivered on better security through BES 10.

Apple bears much of the blame for our low standards in these markets, but Google has let their customers down even more. At least Apple, Microsoft and BlackBerry provide MDM interfaces. Google doesn't even do that. You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe.

Into the vacuum the Android handset manufacturers stepped to create their own MDM interfaces. Samsung has SAFE. LG has their own, as do Motorola, HTC and the others. All of these interfaces are, for reasons I find unconvincing, not publicized, but the handset companies share them with the MDM companies in order to gain access to the MDM companies' customers. Thee same companies get the MDM interfaces from Apple and Microsoft. BlackBerry customers need a BES anyway.

At one level it seems unimportant that the Android MDM interfaces are unstandardized: That's a problem for the MDM companies to deal with, not you the customer. But the lack of standardization and the lack of public interfaces means that customers don't have a straightforward way to compare the MDM capabilities of different handsets.

The lack of standardization, especially a standard coming from Google on all Android devices, means that security will advance slowly across the Android user base.

It's surprising that Google would be so unconcerned with mobile security when they appear to be so interested in mobile computing. BlackBerry is attempting to leapfrog the competition in BES 10, in part by providing better security and device management. It would not take much for Google to leap even further.

Larry Seltzer is the editorial director for BYTE, Dark Reading, and Network Computing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: - @lseltzer @BYTE - Larry Seltzer BYTE - Larry Seltzer on LinkedIn BYTE - Larry Seltzer on Google+ View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nannasin28
50%
50%
nannasin28,
User Rank: Apprentice
4/16/2013 | 3:02:38 AM
re: Android MDM Fragmentation: Does It Matter?
the security will advance slowly across the Android user base.- 2SA1943
RICB27
50%
50%
RICB27,
User Rank: Apprentice
4/15/2013 | 5:38:55 AM
re: Android MDM Fragmentation: Does It Matter?
Hi Larry,

You -said ... "You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe."

Not true ...

Here's the URL on Google page regarding remotely wiping an Android device:-http://support.google.com/a/bi...

As for application push - you can install, uninstall, and update apps on your device directly from the Google Play store. You can also configure each app to automatically perform OTA updates. Updates to the Android OS are also done OTA. And all of these were already baked into the Android OS (Gingerbread version) well before it's possible in iOS.

Cheers,
Ric
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.