7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

1/8

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA

WHITE PA

With the explosion o personal and commercial mobile devices

in the last ew years, many enterprises and organizations

have begun to investigate deploying alternative mobile

devices as part o their productivity toolkit, such as tablets

and smartphones. O the many mobile operating systems

available, two comprise the majority o the market share

Googles Android and Apples iOS.

In what may be considered an upset to

many, Android has become the operating

system o choice or many mobile users,

as shown the in Figure 1.1.

Apple iOS was released rst and initially

dominated the market. Following the

introduction o Android, however, the

gap quickly closed and Android overtook

iOS as the market leader. With Android

and iOS controlling the market and the

onslaught o the Bring Your Own Device

(BYOD) phenomenon, enterprise leaders

have been orced to examine the two

operating systems in hopes that one o

the two can be successully implemented

in an enterprise environment.

While iOS is highly regarded or its sleek consumer experience

Android holds unique advantages that position it to be a highly

eective enterprise platorm. This whitepaper delves into the

Android eatures and characteristics that make it well-suited

or the enterprise and addresses general considerations or an

organization-wide deployment o Android.

android or ios in the enterprise?

Operating

System

3Q12

Units

3Q12 Market

Share

3Q11

Units

3Q11 Market

Share (%)

Android 122,480.0 72.4 60,490.4 52.5

iOS 23,550.3 13.9 17,295.3 15.0

ResearchIn Motion

8,946.8 5.3 12,701.1 11.0

Bada 5,054.7 3.0 2,478.5 2.2

Symbian 4,404.9 2.6 19,500.1 16.9

Microsoft 4,058.2 2.4 1,701.9 1.5

Others 683.7 0.4 1,018.1 0.9

Total 169,178.6 100.0 115,185.4 100.0

Figure 1.1: Worldwide Mobile Device Sales to

End Users by Operating Sysytems in 3Q12

*Figure 1.1 This chart displays on mobile smartphones and does not encompass other mobile devices such a

tablets Source: http://www.gartner.com/newsroom/id/223731

Androids agility outmaneuvers apples staunch approach

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

2/8

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

3/8

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

4/8

WHITE PA

1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM XPLOREINFO@XPLORETECH.COM

Developing Custom

Applications

Its airly common or organizations to run customized (and

very expensive) enterprise applications. Thus, any adoption o

a mobile operating system should take integration with legacy

sotware into consideration. Due to the nature o customized

legacy sotware, there lies a possibility that a compatible

version o that legacy sotware may not exist or mobile

operating systems. In this case, an application will have to be

developed and written. When looking or an interoperable

mobile computing system, there are certain key characteristics

that make the operating system ideal or back end system

integration and app development.

1. Open Source: An open source OS vs. a closed source OS

has several implications concerning the development

o applications. An open source OS typically boasts

more Application Programming Interaces (APIs).

These APIs act as a hook or sotware application

developers to write their application on. For closed

OSs, the opposite holds true.

2. Application Programming Language: A more mature,

common language lends itsel to a wider selection

o developers as well as a broader and deeper

knowledge base to draw upon. What language it is

written in can also determine where the operating

system may be installed.

The Android operating system possesses both o these

characteristics, which makes it an attractive option or legacy

integration purposes.

Because o its open source license, Android can be downloaded

and tweaked to t the users needs. New unctionality can

even be layered on top o the existing code. Many handsetmanuacturers such as Samsung, LG, HTC, etc. - tweak

Android slightly to t their needs. Some have gone even urther.

Once downloaded, the Android source code can be utilized

to create something similar or completely new, resulting in

a wholly customized operating system. Companies such as

Amazon and Barnes and Nobles have done so, using Android

as a bare bones ramework to create a mobile operating system

suited to their needs. Even the Russian Deense Ministry has

taken Android and created a completely new operating system

o the ramework.2

Android is an object oriented architecture written in mature

well-documented, robust Java. The unctionality o Java applied

to the Android ramework allows developers to easily nd the

necessary APIs or their specic needs. Furthermore, Android

can take ull advantage o J2EE architecture, which would allow

the or a companys application developer to ooad backend

services, allowing the application development team to ocus

mainly upon user interace.

When all these actors are put into consideration, it means

that any existing application on iOS can easily be replicated o

Android. Any application that doesnt exist on either operating

system can be built with relative ease or Android, compared to

the more closed, specic, and C-based iOS.

For companies that do not need to be concerned with

integrating legacy sotware but do need to integrate with

legacy equipment, Androids Java ramework once again puts

it ahead o its iOS counterpart. Javas fexibility means that

the Android can be run on a range o hardware and is not

limited to a single device. Moreover, Android can be integrated

with embedded hardware such as monitoring equipment

automated processes, robotics, etc. This is a capability that no

iOS device has demonstrated.

Applications and Integration

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

5/8

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA

WHITE PA

human error in Security

While embedded protection and third party security eatures

are essential, the human element is even more so. Possessing

the most advanced and latest cutting edge security sotware

means nothing i an organizations users are not trained in

security nor ollow security best practices. Past research shows

that more than 63 percent o security breaches identied by

the surveys respondents, human error was the major cause.

Respondents blamed only 8 percent o security breaches on

purely technical ailures.3 To prevent these breaches due to

human error, it is advised to have a comprehensive training

program in place or mobile security or all users, as well as

strict oversight by the internal IT department.

open vs. closed architecture

securityAs demonstrated beorehand, Apple dominates when it comes

to complete control o their device, refecting their philosophy

o utilizing closed systems. It is widely thought that closed

systems oer greater security than open systems. However,

though somewhat counter intuitive, the open system o

Android actually allows or a greater degree o enterprise-level

security.

Simply put, Androids open architecture allows security to

be built, much like how the same open architecture allow

developers to tweak and layer unctionality on top the

Android ramework. An example o this can be seen in the

Department o Deenses Security Enhanced Android, which

hardened the Android kernel stack, added data and data-at-res

authentication, and the ability or the sotware to check data

integrity.3

In terms o enterprise level rollout o Android products, it i

entirely easible and even recommended to alter the Android

image and lock it down, stripping away media and app

download access and limiting applications to company installed

productivity apps. As tablets are meant to be used within the

strict connes o the work environment, there is no need allow

access to media/entertainment unctions, as the tablet will be

returned to company control at the end o the day.

By stripping application download services such as Google

Play, an organization greatly reduces the risk o malware and

malicious application threats that may stem rom uncontrolle

downloading o non-approved or non-productivity apps. To

this date, iOS has not demonstrated a similar ability to rende

their iTunes store inoperable within their operating system.

security

As with any business, security is paramount to the deployment o any

technology, and mobile computing devices are no dierent.

Data is priceless and the protection o an organizations

proprietary inormation should be a priority concern.

While it would be ideal to have a completely secured

system, it is simply impossible to achieve even the

most stringent security measures can be vulnerable

to attack. Instead, the goal o enterprise security is

to mitigate the risk o security breaches as much as

possible.

In considering mobile operating system security, there

are two critical elements in play:

1. Hardware/Software

2. The Human Element

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

6/8

WHITE PA

1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM XPLOREINFO@XPLORETECH.COM

Application SecurityWhen testing new code or installing new programs, the ability

to either limit or negate the amount o potential damage rom

these untested or unveried programs relies heavily upon

installing and executing rom within a sandbox environment. A

sandbox is a security mechanism or separating development

and testing activities rom the production environment.

A sandbox is oten utilized to execute untested code and

programs rom unveried third-parties, suppliers, users and

websites. The sandbox provides a tightly controlled set o

resources or test programs to run in, such as scratch space

on disk and memory, network access, the ability to inspect

the host system or read rom input devices are usually heavily

restricted or outright blocked.

While both operating systems utilize a sandbox to run

applications, Android utilizes a ar more robust sandbox model

than the iOS. The Android sandbox model operates on two

main actors.

Each app in Android is assigned a User ID and Group

ID (UID/GID), much like the traditional Unix based

models. However, unlike the Unix models, the

Android model creates a true UID/GID or each and

every application.

All applications designed or Android must have

a maniest and must declare this maniest. An

application maniest inorms the user o all privileges

the application needs at the time o installation.

security

Combined, the unique, individual application sandbox along

with the application maniest orms a thorough sandbox

environment in which the potential damage is truly limited

Because the applications must declare what privileges i

requires, the user can make an inormed decision at the time

o installation. Everything above the kernel level (including

applications, libraries, etc.) runs within their own individua

sandboxes. Even within the operating system level, the securit

o the Linux kernel is provided combined with secure inter

process communication (IPC). This means that even the native

code is constrained to the application sandbox.

In addition, Androids sandbox prevents damage caused

by memory corruption. For many other operating systemsmemory corruption leads to compromised device security

For Android, memory corruption leads only to arbitrary code

execution to the particular application.

Conversely, the iOS model o sandboxing is weaker due to

its method o operation. Unlike Android, applications are al

operated out o a single sandbox (containing applications

libraries, and runtimes), meaning that should one application

misbehave, it can potentially aect the behavior o the othe

applications as well. In a sense, the iOS sandbox is only a

strong as the weakest application allowed. Applications on

iOS also do not make clear as to what permissions are being

granted to the application. Instead, the iOS method asks the

user to trust in Apples screening to be able to realize the inten

o the app developer and that the permissions granted to the

application will not aect the user in a negative aspect.

Thus, due to Apples model o trust us, Apple apps can

actually be more o a security risk than its equivalen

Android apps. A recent study showed that iOS apps wer

actually more o a security risk, with iOS apps generally

having more access to the users personal data. This data

was shared with advertising and analytics without the

users explicit knowledge. O the iOS apps analyzed

60% had access to locations, 54% had access to the user

contact lists. 60% o those apps also shared the data.5

The ability o Android to truly contain a misbehaving

application rom interacting and accessing data outsid

o its sandbox is something that enterprise users canno

overlook.

Android Sandbox Model

Home AlarmCameraBrowserIMSMS/MMSDialer Calculator

Contacts ClockAlbumsMedia PlayerCalendarEmailVoice Dial ...

Activity Manager Notifcation ManagerView SystemContent ProvidersWindow Manager

Package Manager XMPP ServiceLocation SystemResource ManagerTelephony Manager

Surace Manager SQLiteMedia Framework

Open GL ES LibWebCoreFreeType

SGL LibcSSL

Core Libraries

Dalvik Virtual Machine

Binder (PC) DriverFlash Memory DriverBluetooth DriverDisplay Driver Camera Driver

USB Driver Power ManagementWiFi DriverKeypad Driver Audio Drivers

Applications

Application Framework

Linux Kernel

Libraries Android Runtime

*Figure 3.1 Android Sandbox Model

Source: https://source.android.com/tech/security/

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

7/8

FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA

WHITE PA

Enterprise level mobiledevice management

To securely integrate mobile devices in an enterprise

environment, organizations seeking to deploy mobile platorms

should strongly consider implementing a Mobile Device

Management (MDM) solution. Mobile device management

solutions allow IT administrators a more thorough control over

the devices within the company.

Both iOS and Android do not possess any real integrated

enterprise level mobile device management capabilities.

While iOS does have a marginally stronger security suite, it

is not suited or enterprise-level security and does not allowor the ne-tuning and control that IT administrators require.

To urther complicate matters, iOSs closed architecture once

again inhibits an organization rom realizing ull control

and customization o any device with iOS. For example, an

enterprise would not be able to implement antivirus sotware,

personal rewalls, and ull disk encryption onto iOS because

iOS architecture does not support these eatures.

An organization may choose to employ either an o the shel

third party solution or a custom developed solution to an

Android device. Once again, this is possible due to the open

source architecture, which ultimately allows or greater securityand unctionality to be built in. This allows an organization to

approach security in many dierent ways when dealing with

an Android deployment. Third party MDM solutions or iOS, on

the other hand, must manage all iOS devices in the same way,

across the board, due to Apples strict and limiting policies.

Whether an organization implements an in-house or third

party mobile device management solution, there are generally

our components that MDM addresses at a minimum.

Security Management: Enorcement

Enhanced ability to download, monitor, and revoke

certicates or emails, apps, etc. Enorced password

Encryption

Device wipe

Remote lock

Audit trail/logging

Rooting detection

Authentication

Firewall

Antivirus

VPN

security

Policy Compliance Management: Enorced Roaming policies

Network management

Sotware Management:

Application downloader push/pull apps

Application verication

Application update support

Application patch support

Application store support/control

Backup/Restore

Managed Mobile Enterprise Application Platorms

(MEAPS)

Hardware management

External memory blocking deny use o externa

memory devices

Enable/Disable Hardware unctions (camera, GPS, etc.)

Conguration change history audit trail on changes

implemented

Jailbreak/Root Detection

But why should MDM generally address those 4 main topics? It

is because the nature o device deployment can greatly aect

the robustness o an MDM solution. Its important to note

that certain eatures o MDM solutions become more relevan

depending upon the deployment policy instituted by an

organization. In the case o BYOD, aspects such as root detection

are more desired as the company has no real control ove

where and how the device within the system is being utilized

The same does not apply with mass deployments controlled

by the company, as units are stripped o much o their media

capabilities that make tablets attractive as consumer devices.

Mobile device management becomes much more o a grey

zone once you take into consideration a locked Android OS on

a company controlled device that is lent out on the job. Sincea locked Android does not allow or much modication, i any

the need or a very robust mobile device management system

is less conspicuous.

7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803

8/8

WHITE PA

1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM XPLOREINFO@XPLORETECH.COM

Conclusion

As Android continues to gain traction within the consumer tablet market,

business leaders will look more and more towards its viability or

enterprise applications. The popularity o intuitive modern

computing devices will propel organizations to consider

implementing tablets and Android oers a fexible, cost

eective operating system or enterprise deployment. It

has rapidly matured rom its inant stages to become a

stable platorm and will continue to improve.

Priced much lower than traditional PCs with the

movement towards mobile computing, tablets are

quickly encroaching on the PC market. With latent

eatures that allow Android greater security than its

competitors, a large established base o existing users, as

well as its open architecture or true customization, Android is a

prime candidate or viable enterprise use.

footnotes

1. Mostly-Tech (2013). Androids 4.2s Advantages Over iOS 6.1

(Online) Available at: http://mostly-tech.com/2012/09/30/3219/

2. AFP (2012). Russia Unveils Secure Almost Android Tablet

To Keep Data Away From Google. Available at: http://www.

securityweek.com/russia-unveils-secure-android-tablet-keeps-

data-away-google

3. Henry Kenyon (2012). DODs move to Android started

with DARPA apps program. Available at: http://gcn.com/

articles/2012/01/31/darpa-apps-program-dod-android-smart-

phones.aspx

4. Grant Gross (2003). Human Error is Greatest Security risk.

Available at: http://www.pcworld.com/article/109872/article.

html

5. David Nedle (2013). Study Finds Free iOS apps more a security

risk than Android apps. Available at: http://tabtimes.

About xplore technologies

Xplore Technologies Corp., maker o the most rugged

tablets on Earth, has been in the business o

developing, integrating, and marketing

industrial grade rugged tablets

or our customers in the Energy,

Utilities, Manuacturing and

Distribution, Public Saety,

Field Services, Transportation,

and Military sectors or over

15 years. Xplore Tablets use

the most powerul and modern

processors and components and are

tested more vigorously or shock, thermal,

vibration, impact, ingress and emissions than any other

PC in the industry. Xplores products enable the extension

o traditional computing systems to a range o eld and

on-site personnel, regardless o location or environment.

Xplores portolio o products is sold on a global basis, with

channel partners in the United States, Canada, Europe and

Asia Pacic. Xplores main oces are located in Austin, Texas

with regional sales oces throughout the U.S., Canada and

Europe. Xplore is a public company that trades under the

symbol XPLR on the NASDAQ Stock Exchange.