Google has an opportunity to get serious about security with Android 5.0

Android: A danger to the enterprise? Credit: flickr photo by ceonyc

Google’s annual I/O developers' conference begins in three weeks, and the general expectation in the tech world is that the search giant will unveil the latest update to its wildly successful mobile operating system, Android 5.0, or Key Lime Pie.

Key Lime Pie offers an opportunity for Google to fix one of the biggest holes in the open-source OS – security features baked into the Android kernel. But at least one analyst doesn't think it's going to happen.

“I think they will include whatever features will work for both consumer and enterprise,” Ben Bajarin, an analyst with Creative Strategies, tells CITEworld. “But I don't foresee them doing anything particularly exclusive for enterprise-class workers.”

As any number of studies have shown – and here’s merely the latest – Android is a huge target for malware, mostly through the Google Play apps store. Malware-ridden apps often have been found on Google Play (previously Android Market) well after millions of people may have downloaded them.

Google has stepped up efforts to prevent malicious software from Google Play, but malware still finds a home in the online store. Just last Friday mobile security vendor Lookout reported finding a new malware family, BadNews, in 32 applications across four developer accounts. The apps were downloaded between 2 million and 9 million times. (Interestingly, the people behind BadNews created a fake advertising network as a cover for the malware distribution network, according to Lookout.)

Beyond the Android malware issue, Google has telegraphed its indifference to mobile security in other ways. After purchasing Motorola Mobility (MM) in 2011, the search giant disbanded 3LM, a company acquired by MM that, as InfoWorld’s Galen Gruman wrote last November, “had a mobile management API and platform for Android that provided similar functionality to the mobile management APIs that Apple introduced in iOS 4 in summer 2010 -- the APIs that transformed the iPhone from a consumer-only device into what is now the most-purchased business smartphone.”

So security is the main reason why Android trails Apple’s iOS in the enterprise mobile market, even as it dominates in the consumer space, and clearly Google bears the greatest responsibility for Android’s vulnerabilities.

Samsung has aggressively moved to fill this void, selling its own version of Android with enterprise-level security features baked in. Samsung Safe for Enterprise (SAFE), released last year, provides a security and management layer for Samsung devices running on the South Korean company’s flavor of Android. And KNOX, unveiled less than two months ago, allows IT to keep enterprise users’ personal and work data separate.

The focus on Android security has paid off for Samsung, which remains the only Android device manufacturer with a measurable presence in the enterprise. Mobile device management (MDM) vendor Good Technology reported that in Q4, Samsung’s Galaxy SIII smartphone accounted for 6% of its customers’ mobile device activations. No other Android manufacturer was close.

“Anecdotally, the vast majority of companies we talk to that are standardizing on Android are using Samsung," Jamie Barnett, senior director of product marketing for Citrix's Zenprise mobile security division, tells CITEworld.

Further, Samsung appears to be distancing itself from Android, failing to mention Google’s mobile OS at the recent unveiling of the Galaxy S4 smartphone or in ads for SAFE. And Samsung is working on its own mobile OS, Tizen.

This seemingly would leave Android on dangerous ground in the enterprise.

“I do think that the lack of enterprise device management and security tools is beginning to affect device preferences, steering users and businesses to OEMs that offer them like Samsung,” says Chris Silva, a mobile analyst with Altimeter Group.

“I'd like to see Google step up their game in the security space, including some sort of device tracking, but also some features for enterprises,” he says. “Ignoring enterprise management and security needs was one area where Apple got skewered in the early days of iOS.”

Now it’s Google that’s getting skewered, and Silva says the company’s failure to adequately address security concerns could cost it.

“Missing a chance to build some level of feature into Android paints Google as a consumer-only play with Android and forfeits the opportunity to drive sales of higher-end devices, the type sold to users that tend to also be looking to take their devices into the workplace,” he says.

Bajarin says he “can see Google adding support for fingerprint sensors – the kind that embeds in the screen – and even better facial recognition technology to recognize and authenticate a user. This is at least a start but again in this case it would have both consumer and potential enterprise appeal.”

Beyond adding a handful of specific features, Bajarin says he doesn’t “feel Google is going to go way out of their way to cater to corporate buyers.”

“Google seems to like to leave it to the open market to create and crown a winner in any given category,” says Silva. “Perhaps they want to let the market determine who is best-of-breed prior to an acquisition as a means of getting some free R&D.”

Which could be the best explanation for the Google Android security mystery.

Join the discussion
Be the first to comment on this article. Our Commenting Policies