Android Vs. iOS Vs. Windows Phone 7: Enterprise Shootout
As enterprise IT loosens its death grip on the RIM BlackBerry, we test the top mobile rivals. Dig into a real-life comparison of user experience, apps, enterprise readiness, and more.
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
While Apple, Google, and Microsoft compete on user experience, applications, and great consumer features, enterprise security is a more difficult conversation.
All three vendors provide an app store where application developers upload and distribute apps, but not all app stores are created equal. For example, the Android Market simply requires a Google account and $25 to submit an app. Apple analyzes each app (for unpredictable lengths of time) to make sure it behaves properly. Microsoft actually has the tightest restrictions of all: Not only does it check out apps, but also you must be a registered and validated Microsoft ISV to submit at all. Some reports say that Microsoft runs the apps through various tools to detect security problems.
Despite all of these procedures (or lack thereof,) all three companies have had malware distributed through the app stores.
The main differences come into play once an app is loaded on the phone. The way in which each mobile OS provides sandboxing and permissions, and offers encryption, is unique. With Apple, each application runs in its own sandbox. This type of protection defeats many attacks simply because the app can’t access the sensitive data you protect. But what about all of the shared data, like contacts, phone numbers, or files on the device? Apple’s sandboxing doesn’t protect that, and there have been apps that pilfer contacts.
This is where Google decided to add a bit more security to Android. Google not only uses a sandbox but also prevents what shared data an app can access. Google calls these permissions, and whenever an app is installed, the user has to approve the app’s permissions. You will know before you install an app that it will access your photos, contacts, phone call history, etc. If you don’t think the game you want to install should have access to your phone call history, you can choose not to install the app.
Microsoft took a page from Google. Windows Phone 7 implements a similar approach, but also makes anonymous some shared data that Google doesn’t, such as your phone’s serial ID and phone number. This affords a bit more privacy to the user.
What if the app you are running is meant to deal with sensitive data, such as email or files? Each provider leaves it up to the app to implement encryption; each provides the interfaces for developers to use encryption. Sadly, many developers don’t, because encryption can slow down apps.
When it comes to the files you store on the device itself (for example, files copied from your PC or Mac,) you'll need full device encryption. Apple has had this since it introduced the iPhone 3Gs. Android has encryption only for tablet devices running Honeycomb, and for phones running the soon to be released Android 4.0. Microsoft doesn’t have any device encryption.
Also, while Apple seems to have what many enterprises want for encryption, the problem is that iOS stores the keys for encryption on the phone, making them easily recoverable by an attacker. Thus, Apple's encryption is not enterprise ready. Android does implement device encryption properly, but again, just in Honeycomb.
Oh, and that device encryption? No matter what platform, it won't work without a passcode to lock the device. If you don’t lock the device, encryption doesn’t matter: the mobile OS will decrypt the data for the user automatically.
When it comes to managing the security of these devices, MDM software is at the beck and call of the OS vendor. Because of the way the sandboxing model works, the MDM software must use the APIs available from the OS vendor to get things done--which means if the vendor doesn’t have great support for a feature, such as an encryption, the MDM vendor most likely won’t either.
While Apple has been providing more and more enterprise APIs, Google is catching up and the new 4.0 release will have some good security enhancements for the enterprise. Most of the MDM providers don’t even support the Windows Phone 7 platform and can’t manage it; or if they do, they only provide a couple features, such as remote wipe and enforcing a passcode.
The BlackBerry is still the gold standard here.
In the enterprise setting, you really must use MDM software to implement security on your mobile devices. Doing it by hand using the tools provided by these vendors just isn’t possible. The best thing an enterprise can do is compare features such as self-enrollment, device support, and remote control capabilities, and focus on creating a mobility council to provide planning and deployment of the MDM software.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.