3LM Enables Android Device Management for the Enterprise

Droid devices are behind iOS in many areas important to enterprises, including Mobile Device Management. 3LM aims to fill that void.

Chris Spera, Contributor

October 18, 2011

3 Min Read

One of the biggest problems with bringing your Droid to work has been the lack of enterprise-level security for Android devices. Without a way to protect against attack and insure the safety of intellectual property, many organizations are loathe to allow this bit of consumer technology in the workplace. However, a recent development in mobile device security might resolve this problem.

3LM, a subsidiary of Motorola Mobility Holdings, Inc., has introduced an enterprise-grade solution to add security and data protection to mobile devices. The development is significant in that 3LM's solution specifically involves a partnership with device manufacturers such as Samsung and HTC, insuring that the devices made will be enterprise ready. The enhanced functionality can be easily activated by IT admins via an enterprise server console.

Historically, with other Mobile Device Management (MDM) systems, and now with 3LM's solution, enterprise administrators get enhanced device-level security through encryption of both onboard RAM and the storage card. MDM systems support application white and black lists, and enforce strong passwords. They also let admins remotely install, uninstall, and disable applications. Provisioned devices that become lost can be tracked via locations service--or remotely wiped. VPN support for domain-controlled resources is also available.

But Android MDM is a new market; players were almost nonexistent a year ago. It's a promising market, but 3LM has its work cut out for it. For one, most Android MDM systems, including 3LM, support only Android 2.2 or greater--which means there are a number of legacy devices out there that need to be controlled. Also, although 3LM's ROM-only solution has its security advantages, competitors such as Air Watch or Zenprise make device-side components available in the Android Market for free, allowing enterprise admins to support a wider variety of devices.

The questions that remain about 3LM's solution all are root related. Although the practice might be banned in some companies--and unsupported by some of 3LM's competitors--installing custom ROMs in Android devices is common because of all the extra phone features users can get.

It's unknown exactly what 3LM's position on rooting is just yet, but these were the facts at press time:

  • The device-side piece of 3LM is not going to be provided in the Android Market as an installable app. 3LM partnered with specific hardware manufacturers and the device portion of the solution must be baked into the device's standard ROM. So, if your device comes with 3LM installed and you root the device and don't have a backup of the original ROM, you're out of luck. Rooted devices cannot be controlled via 3LM.

  • It's not yet clear whether 3LM could be used to block access to ADB and FASTBOOT in a provisioned device, rendering it unrootable.

  • If you root your device after 3LM is activated, the encrypted data will survive, according to 3LM--and it might be possible to recover it with the encryption key. But it won't be easy.

  • 3LM can disable an application on the device's System partition--for example, carrier-installed bloatware--but cannot remove it.

It was also unclear as to how HTC's commitment to ship all devices with unlocked bootloaders would be affected by their partnership with 3LM, or if the 3LM provisioning process would lock an unlocked bootloader on any given supported device.

Rich MDM support will be necessary before Android is widely accepted by businesses for their users. It’s much easier to build such products for BlackBerry or Apple, who control every aspect of their entire product lines. The OEM wild west nature of the Android device market makes the job much harder--and it’s too soon to tell how good a job they will do.

Chris Spera is BYTE's Managing Editor of Reviews. He has over 15 years of professional writing experience as a freelancer and columnist for AOL/CompuServe, Computer Power User Magazine and The Aurora Beacon, a SunTimes Media newspaper. Chris has over 20 years of senior IT management experience and can be reached at [email protected]. You can also follow him on Twitter at @chrisspera.

About the Author(s)

Chris Spera


Based in Chicago, Chris is a senior IT consultant. He serves BYTE as a Contributing Editor. Follow Chris on Twitter at @chrisspera and email him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights