Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/11/2013
02:03 PM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Twitter
Facebook
LinkedIn
RSS
E-Mail
50%
50%

Android MDM Fragmentation: Does It Matter?

Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down

Of all the big companies in the Android ecosystem, it's fair to say that Samsung is the only one that takes security seriously, at least in public. Their SAFE and KNOX initiatives create APIs for outside MDM providers to manage the devices. Other Android handset companies have some MDM interfaces, but they don't brag about them the way Samsung does and they've certainly said nothing about extending them into mobile application management as Samsung has with Knox.

Outside of mobile it's assumed that the company that writes the operating system puts security and manageability features into it. For some reason, in the mobile space the standards for these facilities are very low and customers are expected to go to third parties like MobileIron and AirWatch for security solutions. So far, only BlackBerry has delivered on better security through BES 10.

Apple bears much of the blame for our low standards in these markets, but Google has let their customers down even more. At least Apple, Microsoft and BlackBerry provide MDM interfaces. Google doesn't even do that. You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe.

Into the vacuum the Android handset manufacturers stepped to create their own MDM interfaces. Samsung has SAFE. LG has their own, as do Motorola, HTC and the others. All of these interfaces are, for reasons I find unconvincing, not publicized, but the handset companies share them with the MDM companies in order to gain access to the MDM companies' customers. Thee same companies get the MDM interfaces from Apple and Microsoft. BlackBerry customers need a BES anyway.

At one level it seems unimportant that the Android MDM interfaces are unstandardized: That's a problem for the MDM companies to deal with, not you the customer. But the lack of standardization and the lack of public interfaces means that customers don't have a straightforward way to compare the MDM capabilities of different handsets.

The lack of standardization, especially a standard coming from Google on all Android devices, means that security will advance slowly across the Android user base.

It's surprising that Google would be so unconcerned with mobile security when they appear to be so interested in mobile computing. BlackBerry is attempting to leapfrog the competition in BES 10, in part by providing better security and device management. It would not take much for Google to leap even further.

Larry Seltzer is the editorial director for BYTE, Dark Reading, and Network Computing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: - @lseltzer @BYTE - Larry Seltzer BYTE - Larry Seltzer on LinkedIn BYTE - Larry Seltzer on Google+ View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nannasin28
50%
50%
nannasin28,
User Rank: Apprentice
4/16/2013 | 3:02:38 AM
re: Android MDM Fragmentation: Does It Matter?
the security will advance slowly across the Android user base.- 2SA1943
RICB27
50%
50%
RICB27,
User Rank: Apprentice
4/15/2013 | 5:38:55 AM
re: Android MDM Fragmentation: Does It Matter?
Hi Larry,

You -said ... "You get nothing for remote manageability with Android generically, and most companies can rely only on Exchange ActiveSync's capabilities. Android on its own has no ability to receive an application push or remote wipe."

Not true ...

Here's the URL on Google page regarding remotely wiping an Android device:-http://support.google.com/a/bi...

As for application push - you can install, uninstall, and update apps on your device directly from the Google Play store. You can also configure each app to automatically perform OTA updates. Updates to the Android OS are also done OTA. And all of these were already baked into the Android OS (Gingerbread version) well before it's possible in iOS.

Cheers,
Ric
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.