[ADFXPro777]

I have been doing research on Android's enterprise security and was fortunate to run into this article:

http://www.infoworld.com/t/android/android-looks-take-the-mobile-security-crown-440

The article came out earlier this year and it seems Android's purchase of Motorola may actually help it become the most secure smartphone platform in some years.

Don't get me wrong - I am still a Blackberry fan and user. However, seeing a powerful, open platform like Android aiming for the crown of the most secure platform has certainly opened my attention.

Posted from my CrackBerry at wapforums.crackberry.com

[Danf]

How secure can it be with an open app market that anyone can upload an app to be downloaded? no checks or vetting by Google at all.

You could have the greatest door lock ever made but if you leave the door unlocked And allow just anyone to walk in at will it isn't going to do you much good.

[BoldtotheMax]

I felt much more secure with my bb than my Android. That is just my experience though.

Posted from my CrackBerry at wapforums.crackberry.com

[Tre Lawrence]

I have been doing research on Android's enterprise security and was fortunate to run into this article:

Will Android be the most secure of all? | Android - InfoWorld

The article came out earlier this year and it seems Android's purchase of Motorola may actually help it become the most secure smartphone platform in some years.

Don't get me wrong - I am still a Blackberry fan and user. However, seeing a powerful, open platform like Android aiming for the crown of the most secure platform has certainly opened my attention.

Posted from my CrackBerry at wapforums.crackberry.com

Interesting. Good selling point.

Not that app security has much to do with anything. BB users seem to be more terrified of the Android Market than Android users.

[ADFXPro777]

Android's open market is a double-edged sword - you can find tons of great apps, but at the same time, run into a lot of bad ones - you definitely need to be careful and especially check what the apps will access on your behalf. However, if there is some sort of malware/virus that is found, I did find that the Android community does quickly respond. Plus, Google has begun implementing more supervision on the Android Market.

In regards to phones, the new Androids, while won't challenge BES-powered Blackberries, might be on-par with a Blackberry on BIS, especially with the enterprise security features they now have.

Posted from my CrackBerry at wapforums.crackberry.com

[katiepea]

yes, android market is under pretty decent supervision lately, they remove content regularly. i'd also like to point out that there have been a lot of celebrities phones hacked lately, and from what i can tell, like the pictures stolen from scarlett johansson, nearly everyones leaked pictures have come from blackberry. the FBI says these peoples phones were hacked, and if you look at the data in the johansson pictures, it shows the pictures were taken with a bold 9000. that phone doesn't have the webkit browser, so how are these phones being hacked?

[katiepea]

Any phone that can be rooted CAN NOT be secure. Can Google lock down the Moto phones so they can't be rooted? Maybe but, some Andriod buyers won't by a 'droid phone they can't root.

i think it's just safe to say, that any phone cannot be secure. if you asked me where i was most likely to be concerned about security on my phone, it would be on phone calls, not data or messages, but voice calls. and since GSM can be easily hacked by a 10 year old, i think it's ok to say no phone will ever be secure, ever. pretty pointless to compare really.

[papped]

i think it's just safe to say, that any phone cannot be secure. if you asked me where i was most likely to be concerned about security on my phone, it would be on phone calls, not data or messages, but voice calls. and since GSM can be easily hacked by a 10 year old, i think it's ok to say no phone will ever be secure, ever. pretty pointless to compare really.

Even if gsm could theoretically be hacked easily, you are 1000x more likely to give up important info on something simple like an unsecured network or some type of data transfer (spoofed websites, etc). It's not just due to how "hard" it is to do, it's the possibility of occurrence and what type of info you deal with.

So worrying about phone calls being hacked isn't nearly as much of a problem as you think...

[katiepea]

Even if gsm could theoretically be hacked easily, you are 1000x more likely to give up important info on something simple like an unsecured network or some type of data transfer (spoofed websites, etc). It's not just due to how "hard" it is to do, it's the possibility of occurrence and what type of info you deal with.

So worrying about phone calls being hacked isn't nearly as much of a problem as you think...

hmm, i've read enough articles over the years from DEF CON about the majority of network breakin's being from people giving information over the phone, or something hacking a phone system to know better than that. sure malware accounts for a lot of issues, but to this day i think many peoples first route is the good ol' telephone call into your network.

[papped]

I didn't even really mention malware, which is a separate issue...

Smartphone phone call use is going down and data use is rising. Yet the main security concern is phone call networks, which are changing protocols anyhow?

Thousands of people could connect to a single open wifi network in a single spot on a given day and send something easily visible to anyone monitoring (people use hotspots). You can pretend that it's just as common for people to monitor GSM phone conversations in the same capacity, but I seriously question that...

[CrackedBarry]

How secure can it be with an open app market that anyone can upload an app to be downloaded? no checks or vetting by Google at all.

Yes, security is truly dire on the Android Market, with all the apps that get downloaded by themselves without any user interaction!

What? They don't?!? Oh yeah, that's right! Users actually have to choose to download an app, and before they do that, they get to see what kind of permissions an app is asking for, once its installed.

(That's an added security feature that BB users don't have, if I'm not mistaken? And please don't say "oh don't worry, RIM vets all apps!" Can I as a user see an overview of exactly what permissions an app will ask for, yes or no?)

Seriously though, there seems to be a lot of misconceptions (Like jrohlands comment about rooting. You really should read up on it a bit) and misunderstandings on here about Android and security.
(Like the comment on open WiFi networks, which is a problem on all platforms)

The reality is, that Android (as well as iPhones) can be just as secure as Blackberries if necessary, there's a number of third party solutions for the security minded. If that wasn't the case, you wouldn't see those two platforms depose RIM off the enterprise, as we have seen recently.

And of course its also a basic misconception that security is (it should be) the most important featureor priority. It doesnt matter if your platform of choice has the best security. What matters is, its secure enough for your needs.

If you run a little local ad agency or plumber business, the risk of somebody stealing your data is neglible, and probably not worth spending thousands of dollars on to prevent.

Same goes for your personal data. A working credit card number costs around ten dollars on the black market. You know what that means? That means that you can probably get by with a lot less, than what somebody working for the NSA or FBI needs in terms of security. So relax, no one is going to spend weeks trying to read your confidential e-vites and Best Buy receipts.

[Rootbrian]

Highly doubt it. Blackberry's security wins.

Posted from my CrackBerry at wapforums.crackberry.com

[Danf]

Yes, security is truly dire on the Android Market, with all the apps that get downloaded by themselves without any user interaction!

Yes security is dire when google wont even bother to vet any of the applications it is making available to their consumers. says a lot about the company.

What? They don't?!? Oh yeah, that's right! Users actually have to choose to download an app, and before they do that, they get to see what kind of permissions an app is asking for, once its installed.

(That's an added security feature that BB users don't have, if I'm not mistaken? And please don't say "oh don't worry, RIM vets all apps!" Can I as a user see an overview of exactly what permissions an app will ask for, yes or no?)

Thank you for confirming what most here already suspected. That you have never owned or used a blackberry. If you had you would know that setting permission upon downloading an app is a blackberry feature.

Seriously though, there seems to be a lot of misconceptions (Like jrohlands comment about rooting. You really should read up on it a bit) and misunderstandings on here about Android and security.
(Like the comment on open WiFi networks, which is a problem on all platforms)

I know quite a bit about rooting since I have two android devices on my account. I actually looked into it. The first thing I know is that as soon as you root your phone you just voided your warranty. I don't have to void the warranty on my blackberry in order to customize it.

The reality is, that Android (as well as iPhones) can be just as secure as Blackberries if necessary, there's a number of third party solutions for the security minded. If that wasn't the case, you wouldn't see those two platforms depose RIM off the enterprise, as we have seen recently.


And of course its also a basic misconception that security is (it should be) the most important featureor priority. It doesnt matter if your platform of choice has the best security. What matters is, its secure enough for your needs.

If you run a little local ad agency or plumber business, the risk of somebody stealing your data is neglible, and probably not worth spending thousands of dollars on to prevent.

Same goes for your personal data. A working credit card number costs around ten dollars on the black market. You know what that means? That means that you can probably get by with a lot less, than what somebody working for the NSA or FBI needs in terms of security. So relax, no one is going to spend weeks trying to read your confidential e-vites and Best Buy receipts.

It is pretty obvious you are little more than a troll you cannot even maintain a consistent argument. first you try to claim that android has security features that BB does not have (And you were wrong) then you try to claim that Android can be secure as blackberry if only you use some third party apps. Then you end by trying to make a case that security is really uncessary

[DannyAves]

There is also a new "upgrade attack" whereby the hackers create a legitimate app that functions perfectly but the malware is in the update. If you set you app to update automatically you could be in big trouble.

Spike in mobile malware doubles Android users' chances of infection - Computerworld

[quik4life]

yes, android market is under pretty decent supervision lately, they remove content regularly. i'd also like to point out that there have been a lot of celebrities phones hacked lately, and from what i can tell, like the pictures stolen from scarlett johansson, nearly everyones leaked pictures have come from blackberry. the FBI says these peoples phones were hacked, and if you look at the data in the johansson pictures, it shows the pictures were taken with a bold 9000. that phone doesn't have the webkit browser, so how are these phones being hacked?

I highly doubt they came from a BB. Since the media loves to crap on RIM lately, why didn't any articles mention which phone she had? I'm sure if they knew it was a BB, they'd be sure to mention it.

They also left out a lot of details. Did the phone have a password in it? Were the pics stored on the phone or a media card? If it was a media card, were the files encrypted?

Regardless, I truly believe these celebs leak out this info themselves just to get attention and publicity.

[_StephenBB81]

I highly doubt they came from a BB. Since the media loves to crap on RIM lately, why didn't any articles mention which phone she had? I'm sure if they knew it was a BB, they'd be sure to mention it.

They also left out a lot of details. Did the phone have a password in it? Were the pics stored on the phone or a media card? If it was a media card, were the files encrypted?

Regardless, I truly believe these celebs leak out this info themselves just to get attention and publicity.

You are correct, if Scarlett Johansson was using a BlackBerry it would be all over, but she infact is an iPhone owner you check her twitter feed everything she uploads if from a apple/iphone application for twitter.

[ADFXPro777]

Originally posted from article:

"Motorola's Xoom is an impressive first shot at an iPad-style tablet based on the new Android 3.0 operating system. As InfoWorld's Galen Gruman notes in his first look, one Android 3.0 strong suit is its support for Exchange ActiveSync security policies -- an essential feature set for enterprise-class mobile devices.

But for Android devices, particularly those from Motorola, that may only be the beginning. On Feb. 14, Motorola Mobility announced that it had acquired 3LM (Three Laws Mobility), a secretive company started by ex-Google execs that is developing "mobile enterprise security software and solutions and mobile device management products for the Android operating system."

Motorola Mobility is a spin-off devoted to smartphones, tablets, and other mobile devices. The company intends to start selling 3LM software in the second quarter and no doubt will integrate and package 3LM enterprise solutions with its smart devices. Even more interesting, however, is that 3LM will work with other Android device developers to promote and distribute its solutions. On its website, 3LM lists Sony Ericsson, HTC, Sharp, and Pantech as partners.

Playing off Isaac Asimov's three laws of robotics, 3LM's three laws of mobility are the following:

Protect your user: A mobile device may not harm its user or, through inaction, allow its user to come to harm though malicious code or content.
Protect yourself: A mobile device must protect itself and the integrity of its data and secured communications.
Obey: A mobile device must let the user use the device freely, as long as such usage does not conflict with the First or Second Law.
3LM's website hints that the company is developing enterprise encryption solutions for data at rest and in transit, including internal memory and SD cards. There's also some mention of malware protection and remote management, including enforcing standard security policies; user administration for predefined Active Directory and/or LDAP groups; remote application installation, remote lock, remote wipe, and advanced password rules; and other features enterprises hunger for in an increasingly chaotic mobile world.

Similar features have been incorporated into Android with various upgrades, including whole device encryption in Android 3.0 and remote wiping in Android 2.2. But the combination of Motorola Mobility and 3LM could take mobile enterprise security to a new level. There's even an unconfirmed rumor that 3LM intends to provide the equivalent of a BlackBerry BES server.

A turnkey security system was one of the main reasons the BlackBerry took the enterprise by storm. If future Android devices can match that, they could eventually become the mobile enterprise devices of choice."

_____________________________________

The features mentioned in the article are already available on the new Android phones (e.g. Photon, Bionic). I suspect we will see more improved features and, as mentioned by the article, may even witness them opening secure sets of servers like Blackberry's BES network in some years.

However, we should not forget that RIM is also upgrading their systems as well. The powerful, world-proven QNX technology will be coming next year. I am pretty certain RIM will be upgrading their security protocols to work with the new, more advanced technology.

[sam_b77]

Androis Secure??? That's laughable. I just installed an app to an acquaintance's Android phone which forwards all his incoming SMS to my phone.
The app doesn't show up and can only be brought up by sending a three digit user set code by SMS to the phone.
The person has no idea that I'm getting all his/hers incoming msgs forwarded to my phone.
Google had banned the app from Android Market, but the apk is available for download at Mobihand and all you need is to get 5 min physical access to the Android. Secure indeed.
Thank god for BB. Nothing like this can happen on it.
Android and security used in the same sentence is hilarious.

Posted from my CrackBerry at wapforums.crackberry.com

[Tre Lawrence]

Androis Secure??? That's laughable. I just installed an app to an acquaintance's Android phone which forwards all his incoming SMS to my phone.
The app doesn't show up and can only be brought up by sending a three digit user set code by SMS to the phone.
The person has no idea that I'm getting all his/hers incoming msgs forwarded to my phone.
Google had banned the app from Android Market, but the apk is available for download at Mobihand and all you need is to get 5 min physical access to the Android. Secure indeed.
Thank god for BB. Nothing like this can happen on it.
Android and security used in the same sentence is hilarious.

Posted from my CrackBerry at wapforums.crackberry.com

Come again?

I can steal your phone and illicitly download software to it -- just like you did to your friend's Android. Seems like the issue is that your "acquaintance" needs to watch who he leaves his device with.

Last I checked, BB didn't have a feature that allowed one to pick trustworthy friends. I am interested in knowing how you give them the edge. Please share.

[sam_b77]

Come again?

I can steal your phone and illicitly download software to it -- just like you did to your friend's Android. Seems like the issue is that your "acquaintance" needs to watch who he leaves his device with.

Last I checked, BB didn't have a feature that allowed one to pick trustworthy friends. I am interested in knowing how you give them the edge. Please share.

True. But where's the said software for BB?

Posted from my CrackBerry at wapforums.crackberry.com

[Tre Lawrence]

True. But where's the said software for BB?

Posted from my CrackBerry at wapforums.crackberry.com

So you based that on a supposed lack of applications on BB?

In this case, you are wrong: Stealth Hidden SMS Text Forwarder | iPhone | Nokia | Symbian | Blackberry

There are others, so we can easily invade the privacy of our BB-owning friends as well!

[katiepea]

True. But where's the said software for BB?

Posted from my CrackBerry at wapforums.crackberry.com

it exists, i've used it

[katiepea]

You are correct, if Scarlett Johansson was using a BlackBerry it would be all over, but she infact is an iPhone owner you check her twitter feed everything she uploads if from a apple/iphone application for twitter.

sorry, but you might want to read this:
� Scarlet Johansson Leaked Photos EXIF Data Mobile Privacy & Security it was a blackberry bold 9000

in fact, in recent years nearly all of these celebrity "hacks" have been on blackberry, paris hilton, britney spears, nicole richie, and some, if not all of the newer ones such as scarlett..

and if you want a picture, that's been edited so it doesn't have nudity, here http://i.imgur.com/e9mIa.png
http://gizmodo.com/031181/paris-hilt...ckberry-hacked
http://worldofstaci.blogspot.com/200...ry-hacked.html

[qbnkelt]

I will accept that a secure Android platform can happen *when there exists the control similar to BES in place.*
The instant this secure solution is implemented and a root is made widely available it will prove useless in the secure community.
As far as the software mentioned above - since I have not installed on anyone's device I can't know whether it works or not. I can tell you where it will not work - on a highly secure BES environment because such environments are controlled by the BES Admin and downloading any unapproved software can be thwarted.
And this where BES has gained the respect and the trust of highly secure environments.


So....possible? In a few years, yes.

And the day that an Android device can be controlled via something similar to BES will be the day it will lose its appeal to a certain segment of users. Because when such an Android device exists it will have to be made root proof in orders to maintain its viability in the secure enterprise.

[katiepea]

I will accept that a secure Android platform can happen *when there exists the control similar to BES in place.*
The instant this secure solution is implemented and a root is made widely available it will prove useless in the secure community.
As far as the software mentioned above - since I have not installed on anyone's device I can't know whether it works or not. I can tell you where it will not work - on a highly secure BES environment because such environments are controlled by the BES Admin and downloading any unapproved software can be thwarted.
And this where BES has gained the respect and the trust of highly secure environments.


So....possible? In a few years, yes.

And the day that an Android device can be controlled via something similar to BES will be the day it will lose its appeal to a certain segment of users. Because when such an Android device exists it will have to be made root proof in orders to maintain its viability in the secure enterprise.

why is root such a big issue? most malware and hacks don't require root anyway, and you are aware that even if you're rooted, every single app has to ask permission to gain access as root (superuser) it can't just access a SU command on it's own, even if you're rooted and allowed an app to access email and that app had intentions of harming something, it can't just break encryption, root doesn't enter the phone into GOD mode where everything is possible, encryption still exists server side.