Académique Documents
Professionnel Documents
Culture Documents
Figure 1.1: Worldwide Mobile Device Sales to End Users by Operating Sysytems in 3Q12
Operating System Android iOS Research In Motion Bada 3Q12 Units 122,480.0 23,550.3 8,946.8 5,054.7 3Q12 Market Share 72.4 13.9 5.3 3.0 2.6 2.4 0.4 100.0 3Q11 Units 60,490.4 17,295.3 12,701.1 2,478.5 19,500.1 1,701.9 1,018.1 115,185.4 3Q11 Market Share (%) 52.5 15.0 11.0 2.2 16.9 1.5 0.9 100.0
*Figure 1.1 This chart displays on mobile smartphones and does not encompass other mobile devices such as tablets Source: http://www.gartner.com/newsroom/id/2237315
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE
WHITE PAPER
hardware selection
For better or worse, Apple eliminates hardware choice. While there are hardware differences between the iPad, iPad2, iPad3, iPad Mini, etc., the configuration is locked. Unlike an Android device, an enterprise cant identify a list of feature / function requirements based on peripheral or application needs and choose the best iOS hardware platform. While the iOS ecosystem has been a clear success among consumers, the highly controlled, highly consumer- oriented model Apple has implemented presents problems for business users. For example, an organization seeking to deploy mobile devices optimized for rugged and harsh environments or seeking to integrate the operating system onto other computing platforms (such as medical equipment, sensors, scanners, etc) must resort to sub-par workarounds with iOS. Android on the other hand is utilized in a wide variety of mobile devicessmart phones and tablets, most commonly. These mobile devices are not limited to consumer electronics either; Android can also be found on specialized, enterprise devices, such as rugged tablets, diagnostic equipment, robotic control units, and much more. Another key advantage to Android over iOS is its independence from any specific hardwareiOS comes bundled with Apple products, and cannot be deployed on any other type of device. Android is free and downloadable under an open source license, so the operating system can be obtained separately from a device, modified if need be, then tested and installed onto whatever hardware is chosen. This allows organizations to have far more control over their workers devices if they manage distribution of hardware. They can preconfigure the devices with key applications, security and management policies, and better prevent unauthorized use of the devices. This capability is more in line with what IT departments are used to with traditional enterprise device management (windows based PCs), giving those responsible peace of mind. XPLOREINFO@XPLORETECH.COM
While this might make sense for a relatively small business, this can be a very difficult path for medium to large enterprises. The initial advantages of BYOD are far outweighed by the real costs of accommodating multiple operating systems and various devices. If implemented, the organization would have to administer a device management policy and toolkit that encompasses an extremely wide array of mobile operating systems Windows Phone, Android, Symbian, BlackBerry, iOS, etc. The attempt to unify these fragmented operating systems, hardware configurations, security policies and application suites alone would be a significant and costly undertaking. Such an effort would not only have to account for the various version and distributions of multiple operating systems, it would also have to deal with the very gray space of personal data - BYOD phones and tablets are ultimately the property of the employee and thus IT cannot take total control of the security and privacy settings of the device. A standardized deployment of mobile devices especially tablets, which are quickly becoming the productivity tool of choice amongst executives, information workers, field workers, etc eliminates many of the complications that arise from BYOD. A single standard device outfitted with a single operating system allows for a less complicated and more secure mobile device and information management strategy.
1-888-44-XPLORE (9-7567)
WWW.XPLORETECH.COM
WHITE PAPER
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE
WHITE PAPER
2.
The Android operating system possesses both of these characteristics, which makes it an attractive option for legacy integration purposes. Because of its open source license, Android can be downloaded and tweaked to fit the users needs. New functionality can even be layered on top of the existing code. Many handset manufacturers such as Samsung, LG, HTC, etc. - tweak Android slightly to fit their needs. Some have gone even further. Once downloaded, the Android source code can be utilized to create something similar or completely new, resulting in a wholly customized operating system. Companies such as Amazon and Barnes and Nobles have done so, using Android as a bare bones framework to create a mobile operating system suited to their needs. Even the Russian Defense Ministry has taken Android and created a completely new operating system off the framework.2 1-888-44-XPLORE (9-7567)
WWW.XPLORETECH.COM
XPLOREINFO@XPLORETECH.COM
WHITE PAPER
security
As with any business, security is paramount to the deployment of any technology, and mobile computing devices are no different. Data is priceless and the protection of an organizations proprietary information should be a priority concern. While it would be ideal to have a completely secured system, it is simply impossible to achieve even the most stringent security measures can be vulnerable to attack. Instead, the goal of enterprise security is to mitigate the risk of security breaches as much as possible. In considering mobile operating system security, there are two critical elements in play:
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE
WHITE PAPER
security
Application Security
When testing new code or installing new programs, the ability to either limit or negate the amount of potential damage from these untested or unverified programs relies heavily upon installing and executing from within a sandbox environment. A sandbox is a security mechanism for separating development and testing activities from the production environment. A sandbox is often utilized to execute untested code and programs from unverified third-parties, suppliers, users and websites. The sandbox provides a tightly controlled set of resources for test programs to run in, such as scratch space on disk and memory, network access, the ability to inspect the host system or read from input devices are usually heavily restricted or outright blocked. While both operating systems utilize a sandbox to run applications, Android utilizes a far more robust sandbox model than the iOS. The Android sandbox model operates on two main factors. Each app in Android is assigned a User ID and Group ID (UID/GID), much like the traditional Unix based models. However, unlike the Unix models, the Android model creates a true UID/GID for each and every application. All applications designed for Android must have a manifest and must declare this manifest. An application manifest informs the user of all privileges the application needs at the time of installation. Combined, the unique, individual application sandbox along with the application manifest forms a thorough sandbox environment in which the potential damage is truly limited. Because the applications must declare what privileges it requires, the user can make an informed decision at the time of installation. Everything above the kernel level (including applications, libraries, etc.) runs within their own individual sandboxes. Even within the operating system level, the security of the Linux kernel is provided combined with secure interprocess communication (IPC). This means that even the native code is constrained to the application sandbox. In addition, Androids sandbox prevents damage caused by memory corruption. For many other operating systems, memory corruption leads to compromised device security. For Android, memory corruption leads only to arbitrary code execution to the particular application. Conversely, the iOS model of sandboxing is weaker due to its method of operation. Unlike Android, applications are all operated out of a single sandbox (containing applications, libraries, and runtimes), meaning that should one application misbehave, it can potentially affect the behavior of the other applications as well. In a sense, the iOS sandbox is only as strong as the weakest application allowed. Applications on iOS also do not make clear as to what permissions are being granted to the application. Instead, the iOS method asks the user to trust in Apples screening to be able to realize the intent of the app developer and that the permissions granted to the application will not affect the user in a negative aspect. Thus, due to Apples model of trust us, Apple apps can actually be more of a security risk than its equivalent Android apps. A recent study showed that iOS apps were actually more of a security risk, with iOS apps generally having more access to the users personal data. This data was shared with advertising and analytics without the users explicit knowledge. Of the iOS apps analyzed, 60% had access to locations, 54% had access to the users contact lists. 60% of those apps also shared the data.5 The ability of Android to truly contain a misbehaving application from interacting and accessing data outside of its sandbox is something that enterprise users cannot overlook.
Home Contacts
SMS/MMS Email
Alarm Clock
Calculator ...
Application Framework
Activity Manager Package Manager Surface Manager Open GL ES SGL Display Driver USB Driver Window Manager
Telephony Manager
Notification Manager
XMPP Service
Libraries
Media Framework FreeType SSL Camera Driver Keypad Driver
Android Runtime
Core Libraries Dalvik Virtual Machine
Linux Kernel
Bluetooth Driver WiFi Driver
Flash Memory Driver
Audio Drivers
1-888-44-XPLORE (9-7567)
WWW.XPLORETECH.COM
XPLOREINFO@XPLORETECH.COM
WHITE PAPER
security
Enterprise level mobile device management
To securely integrate mobile devices in an enterprise environment, organizations seeking to deploy mobile platforms should strongly consider implementing a Mobile Device Management (MDM) solution. Mobile device management solutions allow IT administrators a more thorough control over the devices within the company. Both iOS and Android do not possess any real integrated enterprise level mobile device management capabilities. While iOS does have a marginally stronger security suite, it is not suited for enterprise-level security and does not allow for the fine-tuning and control that IT administrators require. To further complicate matters, iOSs closed architecture once again inhibits an organization from realizing full control and customization of any device with iOS. For example, an enterprise would not be able to implement antivirus software, personal firewalls, and full disk encryption onto iOS because iOS architecture does not support these features. An organization may choose to employ either an off the shelf third party solution or a custom developed solution to an Android device. Once again, this is possible due to the open source architecture, which ultimately allows for greater security and functionality to be built in. This allows an organization to approach security in many different ways when dealing with an Android deployment. Third party MDM solutions for iOS, on the other hand, must manage all iOS devices in the same way, across the board, due to Apples strict and limiting policies. Whether an organization implements an in-house or third party mobile device management solution, there are generally four components that MDM addresses at a minimum.
Software Management:
Application downloader push/pull apps Application verification Application update support Application patch support Application store support/control Backup/Restore Managed Mobile Enterprise Application Platforms (MEAPS)
Hardware management
External memory blocking deny use of external memory devices Enable/Disable Hardware functions (camera, GPS, etc.) Configuration change history audit trail on changes implemented Jailbreak/Root Detection
But why should MDM generally address those 4 main topics? It is because the nature of device deployment can greatly affect the robustness of an MDM solution. Its important to note that certain features of MDM solutions become more relevant depending upon the deployment policy instituted by an organization. In the case of BYOD, aspects such as root detection are more desired as the company has no real control over where and how the device within the system is being utilized. The same does not apply with mass deployments controlled by the company, as units are stripped of much of their media capabilities that make tablets attractive as consumer devices. Mobile device management becomes much more of a grey zone once you take into consideration a locked Android OS on a company controlled device that is lent out on the job. Since a locked Android does not allow for much modification, if any, the need for a very robust mobile device management system is less conspicuous.
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CABLE
WHITE PAPER
Conclusion
As Android continues to gain traction within the consumer tablet market, business leaders will look more and more towards its viability for enterprise applications. The popularity of intuitive modern computing devices will propel organizations to consider implementing tablets and Android offers a flexible, cost effective operating system for enterprise deployment. It has rapidly matured from its infant stages to become a stable platform and will continue to improve. Priced much lower than traditional PCs with the movement towards mobile computing, tablets are quickly encroaching on the PC market. With latent features that allow Android greater security than its competitors, a large established base of existing users, as well as its open architecture for true customization, Android is a prime candidate for viable enterprise use.
footnotes
1. Mostly-Tech (2013). Androids 4.2s Advantages Over iOS 6.1 (Online) Available at: http://mostly-tech.com/2012/09/30/3219/ 2. AFP (2012). Russia Unveils Secure Almost Android Tablet To Keep Data Away From Google. Available at: http://www. securityweek.com/russia-unveils-secure-android-tablet-keepsdata-away-google 3. Henry Kenyon (2012). DODs move to Android started with DARPA apps program. Available at: http://gcn.com/ articles/2012/01/31/darpa-apps-program-dod-android-smartphones.aspx 4. Grant Gross (2003). Human Error is Greatest Security risk. Available at: http://www.pcworld.com/article/109872/article. html 5. David Nedle (2013). Study Finds Free iOS apps more a security risk than Android apps. Available at: http://tabtimes.
1-888-44-XPLORE (9-7567)
WWW.XPLORETECH.COM