WHITE PAPER

android or ios in the enterprise?

Androids agility outmaneuvers apples staunch approach
With the explosion of personal and commercial mobile devices in the last few years, many enterprises and organizations have begun to investigate deploying alternative mobile devices as part of their productivity toolkit, such as tablets and smartphones. Of the many mobile operating systems available, two comprise the majority of the market share Googles Android and Apples iOS. In what may be considered an upset to many, Android has become the operating system of choice for many mobile users, as shown the in Figure 1.1. Apple iOS was released first and initially dominated the market. Following the introduction of Android, however, the gap quickly closed and Android overtook iOS as the market leader. With Android and iOS controlling the market and the onslaught of the Bring Your Own Device (BYOD) phenomenon, enterprise leaders have been forced to examine the two operating systems in hopes that one of the two can be successfully implemented in an enterprise environment. While iOS is highly regarded for its sleek consumer experience, Android holds unique advantages that position it to be a highly effective enterprise platform. This whitepaper delves into the Android features and characteristics that make it well-suited for the enterprise and addresses general considerations for an organization-wide deployment of Android.

Figure 1.1: Worldwide Mobile Device Sales to End Users by Operating Sysytems in 3Q12
Operating System Android iOS Research In Motion Bada 3Q12 Units 122,480.0 23,550.3 8,946.8 5,054.7 3Q12 Market Share 72.4 13.9 5.3 3.0 2.6 2.4 0.4 100.0 3Q11 Units 60,490.4 17,295.3 12,701.1 2,478.5 19,500.1 1,701.9 1,018.1 115,185.4 3Q11 Market Share (%) 52.5 15.0 11.0 2.2 16.9 1.5 0.9 100.0

Symbian 4,404.9 Microsoft 4,058.2 Others 683.7 Total 169,178.6

*Figure 1.1 This chart displays on mobile smartphones and does not encompass other mobile devices such as tablets Source: http://www.gartner.com/newsroom/id/2237315

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE

WHITE PAPER

Policy & Hardware Selection

Policy Selection
The pervasiveness of mobile devices in the consumer and business sectors leads to an important policy question: should an organization provide personnel with standard mobile devices, or should it leverage the already existing base of mobile devices within the ranks of its associates? With the proliferation of smartphones and tablets in the consumer market, it is easy to lean toward a BYOD policy. BYOD as a core mobile strategy is initially tempting due to a few seemingly simple facts: 1. 2. The employee bears the majority of costs associated with the device hardware and the service plan The IT department avoids the time and resource consuming process of testing specific hardware configurations. In addition, having the mobile device selected and distributed by IT also clears up any legal issues that may arise from possessing sensitive business information on personal devices. It also makes it easier to ensure employees are using their devices for business, not personal, use.

hardware selection
For better or worse, Apple eliminates hardware choice. While there are hardware differences between the iPad, iPad2, iPad3, iPad Mini, etc., the configuration is locked. Unlike an Android device, an enterprise cant identify a list of feature / function requirements based on peripheral or application needs and choose the best iOS hardware platform. While the iOS ecosystem has been a clear success among consumers, the highly controlled, highly consumer- oriented model Apple has implemented presents problems for business users. For example, an organization seeking to deploy mobile devices optimized for rugged and harsh environments or seeking to integrate the operating system onto other computing platforms (such as medical equipment, sensors, scanners, etc) must resort to sub-par workarounds with iOS. Android on the other hand is utilized in a wide variety of mobile devicessmart phones and tablets, most commonly. These mobile devices are not limited to consumer electronics either; Android can also be found on specialized, enterprise devices, such as rugged tablets, diagnostic equipment, robotic control units, and much more. Another key advantage to Android over iOS is its independence from any specific hardwareiOS comes bundled with Apple products, and cannot be deployed on any other type of device. Android is free and downloadable under an open source license, so the operating system can be obtained separately from a device, modified if need be, then tested and installed onto whatever hardware is chosen. This allows organizations to have far more control over their workers devices if they manage distribution of hardware. They can preconfigure the devices with key applications, security and management policies, and better prevent unauthorized use of the devices. This capability is more in line with what IT departments are used to with traditional enterprise device management (windows based PCs), giving those responsible peace of mind. XPLOREINFO@XPLORETECH.COM

While this might make sense for a relatively small business, this can be a very difficult path for medium to large enterprises. The initial advantages of BYOD are far outweighed by the real costs of accommodating multiple operating systems and various devices. If implemented, the organization would have to administer a device management policy and toolkit that encompasses an extremely wide array of mobile operating systems Windows Phone, Android, Symbian, BlackBerry, iOS, etc. The attempt to unify these fragmented operating systems, hardware configurations, security policies and application suites alone would be a significant and costly undertaking. Such an effort would not only have to account for the various version and distributions of multiple operating systems, it would also have to deal with the very gray space of personal data - BYOD phones and tablets are ultimately the property of the employee and thus IT cannot take total control of the security and privacy settings of the device. A standardized deployment of mobile devices especially tablets, which are quickly becoming the productivity tool of choice amongst executives, information workers, field workers, etc eliminates many of the complications that arise from BYOD. A single standard device outfitted with a single operating system allows for a less complicated and more secure mobile device and information management strategy.

1-888-44-XPLORE (9-7567)

WWW.XPLORETECH.COM

WHITE PAPER

Applications and integration

application base
As with any device, its potential benefits depend upon the availability of applications that can be utilized on the devices operating system. Both Android and iOS boast numerous applications in their database. While the prevailing assumption is that iOS possess a more established and larger library of applications, this is false. As of February 2013, both the Google Play Store and the Apple App Store boasted 800,000+apps. But this factor alone shouldnt be a major decision point in when choosing an operating system. Most of the applications available in both stores are overwhelmingly consumer focused games, news, social, media, and personal productivity. In either case, there is a strong chance that an enterprises standard business apps will be available assuming the software provider for those applications has implemented a mobile access strategy. A commonly overlooked issue with iOS is the model of app acceptance enforced by iTunes. Due to strict limitations, iTunes vets every application that is submitted. This vetting process can prove to be harmful, as iTunes has rejected apps in the past for unknown reasons. Once rejected, there is little recourse. There are numerous apps Apple wont allow, including apps which compete with iTunes, free Wi-Fi tethering apps, [and] VoIP apps which use technologies like Google Talk. 1 Googles Playstore, on the other hand, has little to no vetting. While companies might worry about harmful applications downloaded by employees, these issues are easily manageable through correct mobile device policy enforcement. In addition, decreased regulation of applications means there is neither delay, nor risk of a companys custom app being rejected, guaranteeing a delivery method in which the company can provide access to the necessary applications that its workers require. In addition, companies can deploy their own applications outside of the App Store, which is impossible with iOS. In fact, most IT leaders would prefer to turn off App Store access in order to maintain device and data security.

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE

WHITE PAPER

Applications and Integration

Developing Custom Applications
Its fairly common for organizations to run customized (and very expensive) enterprise applications. Thus, any adoption of a mobile operating system should take integration with legacy software into consideration. Due to the nature of customized legacy software, there lies a possibility that a compatible version of that legacy software may not exist for mobile operating systems. In this case, an application will have to be developed and written. When looking for an interoperable mobile computing system, there are certain key characteristics that make the operating system ideal for back end system integration and app development. 1. Open Source: An open source OS vs. a closed source OS has several implications concerning the development of applications. An open source OS typically boasts more Application Programming Interfaces (APIs). These APIs act as a hook for software application developers to write their application on. For closed OSs, the opposite holds true. Application Programming Language: A more mature, common language lends itself to a wider selection of developers as well as a broader and deeper knowledge base to draw upon. What language it is written in can also determine where the operating system may be installed. Android is an object oriented architecture written in mature, well-documented, robust Java. The functionality of Java applied to the Android framework allows developers to easily find the necessary APIs for their specific needs. Furthermore, Android can take full advantage of J2EE architecture, which would allow the for a companys application developer to offload backend services, allowing the application development team to focus mainly upon user interface. When all these factors are put into consideration, it means that any existing application on iOS can easily be replicated for Android. Any application that doesnt exist on either operating system can be built with relative ease for Android, compared to the more closed, specific, and C-based iOS. For companies that do not need to be concerned with integrating legacy software but do need to integrate with legacy equipment, Androids Java framework once again puts it ahead of its iOS counterpart. Javas flexibility means that the Android can be run on a range of hardware and is not limited to a single device. Moreover, Android can be integrated with embedded hardware such as monitoring equipment, automated processes, robotics, etc. This is a capability that no iOS device has demonstrated.

2.

The Android operating system possesses both of these characteristics, which makes it an attractive option for legacy integration purposes. Because of its open source license, Android can be downloaded and tweaked to fit the users needs. New functionality can even be layered on top of the existing code. Many handset manufacturers such as Samsung, LG, HTC, etc. - tweak Android slightly to fit their needs. Some have gone even further. Once downloaded, the Android source code can be utilized to create something similar or completely new, resulting in a wholly customized operating system. Companies such as Amazon and Barnes and Nobles have done so, using Android as a bare bones framework to create a mobile operating system suited to their needs. Even the Russian Defense Ministry has taken Android and created a completely new operating system off the framework.2 1-888-44-XPLORE (9-7567)

WWW.XPLORETECH.COM

XPLOREINFO@XPLORETECH.COM

WHITE PAPER

security
As with any business, security is paramount to the deployment of any technology, and mobile computing devices are no different. Data is priceless and the protection of an organizations proprietary information should be a priority concern. While it would be ideal to have a completely secured system, it is simply impossible to achieve even the most stringent security measures can be vulnerable to attack. Instead, the goal of enterprise security is to mitigate the risk of security breaches as much as possible. In considering mobile operating system security, there are two critical elements in play:

1. Hardware/Software 2. The Human Element human error in Security

While embedded protection and third party security features are essential, the human element is even more so. Possessing the most advanced and latest cutting edge security software means nothing if an organizations users are not trained in security nor follow security best practices. Past research shows that more than 63 percent of security breaches identified by the surveys respondents, human error was the major cause. Respondents blamed only 8 percent of security breaches on purely technical failures.3 To prevent these breaches due to human error, it is advised to have a comprehensive training program in place for mobile security for all users, as well as strict oversight by the internal IT department. Simply put, Androids open architecture allows security to be built, much like how the same open architecture allows developers to tweak and layer functionality on top the Android framework. An example of this can be seen in the Department of Defenses Security Enhanced Android, which hardened the Android kernel stack, added data and data-at-rest authentication, and the ability for the software to check data integrity.3 In terms of enterprise level rollout of Android products, it is entirely feasible and even recommended to alter the Android image and lock it down, stripping away media and app download access and limiting applications to company installed productivity apps. As tablets are meant to be used within the strict confines of the work environment, there is no need allow access to media/entertainment functions, as the tablet will be returned to company control at the end of the day. By stripping application download services such as Google Play, an organization greatly reduces the risk of malware and malicious application threats that may stem from uncontrolled downloading of non-approved or non-productivity apps. To this date, iOS has not demonstrated a similar ability to render their iTunes store inoperable within their operating system.

open vs. closed architecture security

As demonstrated beforehand, Apple dominates when it comes to complete control of their device, reflecting their philosophy of utilizing closed systems. It is widely thought that closed systems offer greater security than open systems. However, though somewhat counter intuitive, the open system of Android actually allows for a greater degree of enterprise-level security.

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE

WHITE PAPER

security
Application Security
When testing new code or installing new programs, the ability to either limit or negate the amount of potential damage from these untested or unverified programs relies heavily upon installing and executing from within a sandbox environment. A sandbox is a security mechanism for separating development and testing activities from the production environment. A sandbox is often utilized to execute untested code and programs from unverified third-parties, suppliers, users and websites. The sandbox provides a tightly controlled set of resources for test programs to run in, such as scratch space on disk and memory, network access, the ability to inspect the host system or read from input devices are usually heavily restricted or outright blocked. While both operating systems utilize a sandbox to run applications, Android utilizes a far more robust sandbox model than the iOS. The Android sandbox model operates on two main factors. Each app in Android is assigned a User ID and Group ID (UID/GID), much like the traditional Unix based models. However, unlike the Unix models, the Android model creates a true UID/GID for each and every application. All applications designed for Android must have a manifest and must declare this manifest. An application manifest informs the user of all privileges the application needs at the time of installation. Combined, the unique, individual application sandbox along with the application manifest forms a thorough sandbox environment in which the potential damage is truly limited. Because the applications must declare what privileges it requires, the user can make an informed decision at the time of installation. Everything above the kernel level (including applications, libraries, etc.) runs within their own individual sandboxes. Even within the operating system level, the security of the Linux kernel is provided combined with secure interprocess communication (IPC). This means that even the native code is constrained to the application sandbox. In addition, Androids sandbox prevents damage caused by memory corruption. For many other operating systems, memory corruption leads to compromised device security. For Android, memory corruption leads only to arbitrary code execution to the particular application. Conversely, the iOS model of sandboxing is weaker due to its method of operation. Unlike Android, applications are all operated out of a single sandbox (containing applications, libraries, and runtimes), meaning that should one application misbehave, it can potentially affect the behavior of the other applications as well. In a sense, the iOS sandbox is only as strong as the weakest application allowed. Applications on iOS also do not make clear as to what permissions are being granted to the application. Instead, the iOS method asks the user to trust in Apples screening to be able to realize the intent of the app developer and that the permissions granted to the application will not affect the user in a negative aspect. Thus, due to Apples model of trust us, Apple apps can actually be more of a security risk than its equivalent Android apps. A recent study showed that iOS apps were actually more of a security risk, with iOS apps generally having more access to the users personal data. This data was shared with advertising and analytics without the users explicit knowledge. Of the iOS apps analyzed, 60% had access to locations, 54% had access to the users contact lists. 60% of those apps also shared the data.5 The ability of Android to truly contain a misbehaving application from interacting and accessing data outside of its sandbox is something that enterprise users cannot overlook.

Android Sandbox Model

Applications
IM Calendar Browser
Media Player

Home Contacts

Dialer Voice Dial

SMS/MMS Email

Camera Albums View System Location System

Alarm Clock

Calculator ...

Application Framework
Activity Manager Package Manager Surface Manager Open GL ES SGL Display Driver USB Driver Window Manager
Telephony Manager

Content Providers Resource Manager SQLite LibWebCore Libc

Notification Manager

XMPP Service

Libraries
Media Framework FreeType SSL Camera Driver Keypad Driver

Android Runtime
Core Libraries Dalvik Virtual Machine

Linux Kernel
Bluetooth Driver WiFi Driver
Flash Memory Driver

Binder (PC) Driver

Power Management
*Figure 3.1 Android Sandbox Model Source: https://source.android.com/tech/security/

Audio Drivers

1-888-44-XPLORE (9-7567)

WWW.XPLORETECH.COM

XPLOREINFO@XPLORETECH.COM

WHITE PAPER

security
Enterprise level mobile device management
To securely integrate mobile devices in an enterprise environment, organizations seeking to deploy mobile platforms should strongly consider implementing a Mobile Device Management (MDM) solution. Mobile device management solutions allow IT administrators a more thorough control over the devices within the company. Both iOS and Android do not possess any real integrated enterprise level mobile device management capabilities. While iOS does have a marginally stronger security suite, it is not suited for enterprise-level security and does not allow for the fine-tuning and control that IT administrators require. To further complicate matters, iOSs closed architecture once again inhibits an organization from realizing full control and customization of any device with iOS. For example, an enterprise would not be able to implement antivirus software, personal firewalls, and full disk encryption onto iOS because iOS architecture does not support these features. An organization may choose to employ either an off the shelf third party solution or a custom developed solution to an Android device. Once again, this is possible due to the open source architecture, which ultimately allows for greater security and functionality to be built in. This allows an organization to approach security in many different ways when dealing with an Android deployment. Third party MDM solutions for iOS, on the other hand, must manage all iOS devices in the same way, across the board, due to Apples strict and limiting policies. Whether an organization implements an in-house or third party mobile device management solution, there are generally four components that MDM addresses at a minimum.

Policy Compliance Management:

Enforced Roaming policies Network management

Software Management:
Application downloader push/pull apps Application verification Application update support Application patch support Application store support/control Backup/Restore Managed Mobile Enterprise Application Platforms (MEAPS)

Hardware management
External memory blocking deny use of external memory devices Enable/Disable Hardware functions (camera, GPS, etc.) Configuration change history audit trail on changes implemented Jailbreak/Root Detection

But why should MDM generally address those 4 main topics? It is because the nature of device deployment can greatly affect the robustness of an MDM solution. Its important to note that certain features of MDM solutions become more relevant depending upon the deployment policy instituted by an organization. In the case of BYOD, aspects such as root detection are more desired as the company has no real control over where and how the device within the system is being utilized. The same does not apply with mass deployments controlled by the company, as units are stripped of much of their media capabilities that make tablets attractive as consumer devices. Mobile device management becomes much more of a grey zone once you take into consideration a locked Android OS on a company controlled device that is lent out on the job. Since a locked Android does not allow for much modification, if any, the need for a very robust mobile device management system is less conspicuous.

Security Management: Enforcement

Enhanced ability to download, monitor, and revoke certificates for emails, apps, etc. Enforced password Encryption Device wipe Remote lock Audit trail/logging Rooting detection Authentication Firewall Antivirus VPN

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE

WHITE PAPER

Conclusion
As Android continues to gain traction within the consumer tablet market, business leaders will look more and more towards its viability for enterprise applications. The popularity of intuitive modern computing devices will propel organizations to consider implementing tablets and Android offers a flexible, cost effective operating system for enterprise deployment. It has rapidly matured from its infant stages to become a stable platform and will continue to improve. Priced much lower than traditional PCs with the movement towards mobile computing, tablets are quickly encroaching on the PC market. With latent features that allow Android greater security than its competitors, a large established base of existing users, as well as its open architecture for true customization, Android is a prime candidate for viable enterprise use.

footnotes
1. Mostly-Tech (2013). Androids 4.2s Advantages Over iOS 6.1 (Online) Available at: http://mostly-tech.com/2012/09/30/3219/ 2. AFP (2012). Russia Unveils Secure Almost Android Tablet To Keep Data Away From Google. Available at: http://www. securityweek.com/russia-unveils-secure-android-tablet-keepsdata-away-google 3. Henry Kenyon (2012). DODs move to Android started with DARPA apps program. Available at: http://gcn.com/ articles/2012/01/31/darpa-apps-program-dod-android-smartphones.aspx 4. Grant Gross (2003). Human Error is Greatest Security risk. Available at: http://www.pcworld.com/article/109872/article. html 5. David Nedle (2013). Study Finds Free iOS apps more a security risk than Android apps. Available at: http://tabtimes.

About xplore technologies

Xplore Technologies Corp., maker of the most rugged tablets on Earth, has been in the business of developing, integrating, and marketing industrial grade rugged tablets for our customers in the Energy, Utilities, Manufacturing and Distribution, Public Safety, Field Services, Transportation, and Military sectors for over 15 years. Xplore Tablets use the most powerful and modern processors and components and are tested more vigorously for shock, thermal, vibration, impact, ingress and emissions than any other PC in the industry. Xplores products enable the extension of traditional computing systems to a range of field and on-site personnel, regardless of location or environment. Xplores portfolio of products is sold on a global basis, with channel partners in the United States, Canada, Europe and Asia Pacific. Xplores main offices are located in Austin, Texas with regional sales offices throughout the U.S., Canada and Europe. Xplore is a public company that trades under the symbol XPLR on the NASDAQ Stock Exchange. XPLOREINFO@XPLORETECH.COM

1-888-44-XPLORE (9-7567)

WWW.XPLORETECH.COM