New custom edition of Google's latest mobile OS, Android 4.0, might pose security threat to bring-your-own-device outfits.

Serdar Yegulalp, Contributor

November 29, 2011

4 Min Read

CyanogenMod, one of the most popular after-market versions of Android available for a wide variety of devices, just introduced the first few builds of its system based on Android 4.0, which is also known as Ice Cream Sandwich (ICS).

It's great news for those who hack their own Android devices, but it could be less-than-welcome news for IT managers. If users can install CyanogenMod on their phones--which means rooting a phone-- all bets are off as to how manageable, and how safe, those phones will be in the enterprise.

Interest in Ice Cream Sandwich has been growing ever since Google released the first source code for the phone OS earlier this November. One big reason for all the curiosity has been how ICS will be incorporated into projects such as CyanogenMod.

CyanogenMod allows a user to run a much more customizable version of Android than the one typically provided by one's cellular carrier. Many Android handsets come pre-loaded with software that can't be removed, and can only be upgraded at the whim of the provider. Running CyanogenMod--or any other unofficial Android build--allows users far more freedom of choice in apps and upgrades. But it also means less security because the phone has to be modified to allow applications to run as root in order to add the unofficial OS in the first place.

Another major reason to use CyanogenMod is to squeeze more functionality out of an older device. My own Motorola Cliq XT, for instance, shipped with a 1.4 version of Android. This version eventually was abandoned, with no upgrades to the phone provided by either Motorola or T-Mobile. Flashing it with CyanogenMod brought it up to Android 2.3.7, allowed it to run faster, and added compatibility for a whole host of apps that didn't previously run on that phone (e.g., the Amazon Kindle app).

The first few Android phones to sport CyanogenMod version 9 (builds using ICS) are the Samsung Nexus S and the Samsung Galaxy S. Koushik Dutta, a programmer who created the ClockworkMod application for managing third-party Android ROMs, commented positively on the stability of the Nexus S build: "Usable as a daily driver." Many more phones are expected to be added to the ICS lineup, but according to a blog post from the CyanogenMod team the process of building ICS is a good deal more complicated than with previous editions.

The new features of ICS itself also have been making news. The user interface has been tidied up to make it more resemble the version of Android that ships on slates. A live-dictation, voice-to-speech function lets you send emails or texts without typing. Users with front-facing cameras on their phones can use facial recognition to unlock the device. Phones running ICS also can use near-field technology to "beam" data back and forth by simply knocking the phones together. And the native Web browser in ICS can sync with the bookmarks and other data in a user's desktop installation of Chrome.

Minimum hardware requirements for ICS are hard to come by, which makes it difficult to predict if all phones that currently run CyanogenMod will be able to use the ICS-based version. Most likely lower-end phones won't be able to use some features; for instance, devices with older GPUs won't be able to render some of ICS's new interface features. The new crop of phones running ICS, however, will have 1GB of RAM.

IT managers who allow bring-your-own-device policies for their organizations can take one of two tacks with custom Android builds: ban them or embrace them. The inherent insecurity of unofficial Android builds means it's all the easier for security on those devices to be circumvented.

On the other hand, in a small, tightly-knit organization--or one where everyone is essentially their own IT person--it might be well-nigh impossible to stop the use of something like CyanogenMod, and there might even be a productivity boost because of it. If these organizations make use of the full-device encryption feature that was introduced in Android 3.x, they can enjoy more device security. But the odds of major organizations with sophisticated data-security needs embracing mods like Cyanogen are still slender, to put it mildly.

About the Author(s)

Serdar Yegulalp


Follow Serdar Yegulalp and BYTE on Twitter and Google+:

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights