Motorola's big plans to fix Android's security woes

From InfoWorld: It's official: Motorola Mobility execs have confirmed to InfoWorld that the smartphone maker is working to fill the security gap in Android smartphones. Android's popularity comes despite the fact that Android devices can't be managed to meet business-class security needs like a BlackBerry or iPhone can. Android does have very basic security capabilities, but not enough to be trusted. Yes, you can run client apps that come with their own management and security features, but they only secure the email, contacts, and so on that they manage, leaving the rest of the Android device exposed and unmanaged.

To address this, Motorola Mobility is relying on 3LM (Three Laws Mobility), a small startup it acquired that develops enterprise security and management tools for Android. 3LM executives have now confirmed those plans and filled in some of the details of their game plan.

What Motorola intends to do is create the APIs for Android that add the missing security and management capabilities at the OS level, so the entire device can be managed via policies by mobile device management tools, such as those from Good Technology, MobileIron, and Zenprise. Motorola Mobility plans to offer its own mobile management suite by July.

The management infrastructure created would be similar to that available on Research in Motion's BlackBerry platform, on Microsoft's now-defunct Windows Mobile platform, and on Apple's iOS 4 platform. The 3LM-created APIs would enable a whole series of new centralized management and security capabilities on Android that enterprises have hungered for. Such capabilities would include malware protection, enterprise-level encryption for data at rest and in transit, user administration for predefined Active Directory and/or LDAP groups, remote application installation, remote lock, remote wipe, and advanced password rules.

For reference, the Android OS natively supports SSL encryption for data in transit, as well as remote lock, remote wipe, and basic password rules that can be deployed through the Exchange ActiveSync protocol in Microsoft Exchange, enterprise Gmail, and other corporate mail servers. The new Android 3.0 OS for tablets has added on-device encryption.

View: Article @ Source Site