Monday, March 04, 2013, 04:54 pm
Samsung adds security layer to Android to gain enterprise credibilityIn response to lackluster interest in Google's Android platform by corporate enterprise and government users, Samsung has announced plans to shore up its smartphones and tablets with third party security software in an initiative branded as "SAFE," or "Samsung For Enterprise."
Announced at last week's Mobile World Congress, Samsung has partnered with Centrify to add "fundamental security and management enhancements" in order "to address the shortcomings of the current open source Android platform."
Knox is intended "to address the shortcomings of the current open source Android platform"Branded as "Knox" by Samsung, the new software adds support for a series of enterprise features Android has lagged iOS in supporting. The first of these, support for "Advanced Microsoft Exchange ActiveSync features," was first addressed by Apple five years ago in 2008's iOS 2.0.
The second feature, "on-device AES 256-bit encryption," is a prerequisite of Microsoft's Exchange default policy settings. Apple began supporting hardware device encryption with the iPhone 3GS in 2009.
A third feature touted by Samsung is VPN support, a notable problem for Android users that want to connect to various remote networking systems. It's also a feature Apple began addressing along with Exchange support back in 2008's iOS 2.0. Apple has regularly enhanced its VPN support on iOS devices in subsequent releases over the last half decade.
Welcome to the sandbox, at least for the Galaxy-only version of Android
Another primary focus of Samsung's new Knox layer is app "containerization," a security access control feature that Apple refers to as "app sandboxing" on iOS.
Sandboxing prevents one app from being able to read data or modify the code of other apps installed on the system (as portrayed by Apple in its developer documentation, pictured above). This feature helps to contain malware and other security threats, so that even if a vulnerable app is cracked via an exploit (or a malicious app manages to get itself installed on a device), it can't be used to gain further access to other software or data stored on the device.
This feature is critical to enterprise customers who don't want their users to store corporate data on an insecure device loaded with sideloaded home-brew software or malicious software that automatically has full, open access to everything else on the device. In itself, it's a principle reason why Android has such a small showing among enterprise users, despite Android's large presence in low end consumer offerings.
While Google's Android platform offers rudimentary sandboxing security that requires apps to specify what specific permissions they require, it is customary for app developers to request "long lists of permissions that their apps dont really need."
As a result, users are tasked with approving complex, opaque security requests that essentially give many apps virtually unrestricted access to the user's private information, location and other sensitive data, resulting in issues with developers harvesting inappropriate data from their users, as well as malicious efforts to steal data using phony games and other titles that actually serve as spyware.