bda2fda1-d704-41c9-8884-889d6526b803
-
Upload
dustin-delgado -
Category
Documents
-
view
219 -
download
0
Transcript of bda2fda1-d704-41c9-8884-889d6526b803
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
1/8
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA
WHITE PA
With the explosion o personal and commercial mobile devices
in the last ew years, many enterprises and organizations
have begun to investigate deploying alternative mobile
devices as part o their productivity toolkit, such as tablets
and smartphones. O the many mobile operating systems
available, two comprise the majority o the market share
Googles Android and Apples iOS.
In what may be considered an upset to
many, Android has become the operating
system o choice or many mobile users,
as shown the in Figure 1.1.
Apple iOS was released rst and initially
dominated the market. Following the
introduction o Android, however, the
gap quickly closed and Android overtook
iOS as the market leader. With Android
and iOS controlling the market and the
onslaught o the Bring Your Own Device
(BYOD) phenomenon, enterprise leaders
have been orced to examine the two
operating systems in hopes that one o
the two can be successully implemented
in an enterprise environment.
While iOS is highly regarded or its sleek consumer experience
Android holds unique advantages that position it to be a highly
eective enterprise platorm. This whitepaper delves into the
Android eatures and characteristics that make it well-suited
or the enterprise and addresses general considerations or an
organization-wide deployment o Android.
android or ios in the enterprise?
Operating
System
3Q12
Units
3Q12 Market
Share
3Q11
Units
3Q11 Market
Share (%)
Android 122,480.0 72.4 60,490.4 52.5
iOS 23,550.3 13.9 17,295.3 15.0
ResearchIn Motion
8,946.8 5.3 12,701.1 11.0
Bada 5,054.7 3.0 2,478.5 2.2
Symbian 4,404.9 2.6 19,500.1 16.9
Microsoft 4,058.2 2.4 1,701.9 1.5
Others 683.7 0.4 1,018.1 0.9
Total 169,178.6 100.0 115,185.4 100.0
Figure 1.1: Worldwide Mobile Device Sales to
End Users by Operating Sysytems in 3Q12
*Figure 1.1 This chart displays on mobile smartphones and does not encompass other mobile devices such a
tablets Source: http://www.gartner.com/newsroom/id/223731
Androids agility outmaneuvers apples staunch approach
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
2/8
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
3/8
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
4/8
WHITE PA
1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM [email protected]
Developing Custom
Applications
Its airly common or organizations to run customized (and
very expensive) enterprise applications. Thus, any adoption o
a mobile operating system should take integration with legacy
sotware into consideration. Due to the nature o customized
legacy sotware, there lies a possibility that a compatible
version o that legacy sotware may not exist or mobile
operating systems. In this case, an application will have to be
developed and written. When looking or an interoperable
mobile computing system, there are certain key characteristics
that make the operating system ideal or back end system
integration and app development.
1. Open Source: An open source OS vs. a closed source OS
has several implications concerning the development
o applications. An open source OS typically boasts
more Application Programming Interaces (APIs).
These APIs act as a hook or sotware application
developers to write their application on. For closed
OSs, the opposite holds true.
2. Application Programming Language: A more mature,
common language lends itsel to a wider selection
o developers as well as a broader and deeper
knowledge base to draw upon. What language it is
written in can also determine where the operating
system may be installed.
The Android operating system possesses both o these
characteristics, which makes it an attractive option or legacy
integration purposes.
Because o its open source license, Android can be downloaded
and tweaked to t the users needs. New unctionality can
even be layered on top o the existing code. Many handsetmanuacturers such as Samsung, LG, HTC, etc. - tweak
Android slightly to t their needs. Some have gone even urther.
Once downloaded, the Android source code can be utilized
to create something similar or completely new, resulting in
a wholly customized operating system. Companies such as
Amazon and Barnes and Nobles have done so, using Android
as a bare bones ramework to create a mobile operating system
suited to their needs. Even the Russian Deense Ministry has
taken Android and created a completely new operating system
o the ramework.2
Android is an object oriented architecture written in mature
well-documented, robust Java. The unctionality o Java applied
to the Android ramework allows developers to easily nd the
necessary APIs or their specic needs. Furthermore, Android
can take ull advantage o J2EE architecture, which would allow
the or a companys application developer to ooad backend
services, allowing the application development team to ocus
mainly upon user interace.
When all these actors are put into consideration, it means
that any existing application on iOS can easily be replicated o
Android. Any application that doesnt exist on either operating
system can be built with relative ease or Android, compared to
the more closed, specic, and C-based iOS.
For companies that do not need to be concerned with
integrating legacy sotware but do need to integrate with
legacy equipment, Androids Java ramework once again puts
it ahead o its iOS counterpart. Javas fexibility means that
the Android can be run on a range o hardware and is not
limited to a single device. Moreover, Android can be integrated
with embedded hardware such as monitoring equipment
automated processes, robotics, etc. This is a capability that no
iOS device has demonstrated.
Applications and Integration
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
5/8
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA
WHITE PA
human error in Security
While embedded protection and third party security eatures
are essential, the human element is even more so. Possessing
the most advanced and latest cutting edge security sotware
means nothing i an organizations users are not trained in
security nor ollow security best practices. Past research shows
that more than 63 percent o security breaches identied by
the surveys respondents, human error was the major cause.
Respondents blamed only 8 percent o security breaches on
purely technical ailures.3 To prevent these breaches due to
human error, it is advised to have a comprehensive training
program in place or mobile security or all users, as well as
strict oversight by the internal IT department.
open vs. closed architecture
securityAs demonstrated beorehand, Apple dominates when it comes
to complete control o their device, refecting their philosophy
o utilizing closed systems. It is widely thought that closed
systems oer greater security than open systems. However,
though somewhat counter intuitive, the open system o
Android actually allows or a greater degree o enterprise-level
security.
Simply put, Androids open architecture allows security to
be built, much like how the same open architecture allow
developers to tweak and layer unctionality on top the
Android ramework. An example o this can be seen in the
Department o Deenses Security Enhanced Android, which
hardened the Android kernel stack, added data and data-at-res
authentication, and the ability or the sotware to check data
integrity.3
In terms o enterprise level rollout o Android products, it i
entirely easible and even recommended to alter the Android
image and lock it down, stripping away media and app
download access and limiting applications to company installed
productivity apps. As tablets are meant to be used within the
strict connes o the work environment, there is no need allow
access to media/entertainment unctions, as the tablet will be
returned to company control at the end o the day.
By stripping application download services such as Google
Play, an organization greatly reduces the risk o malware and
malicious application threats that may stem rom uncontrolle
downloading o non-approved or non-productivity apps. To
this date, iOS has not demonstrated a similar ability to rende
their iTunes store inoperable within their operating system.
security
As with any business, security is paramount to the deployment o any
technology, and mobile computing devices are no dierent.
Data is priceless and the protection o an organizations
proprietary inormation should be a priority concern.
While it would be ideal to have a completely secured
system, it is simply impossible to achieve even the
most stringent security measures can be vulnerable
to attack. Instead, the goal o enterprise security is
to mitigate the risk o security breaches as much as
possible.
In considering mobile operating system security, there
are two critical elements in play:
1. Hardware/Software
2. The Human Element
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
6/8
WHITE PA
1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM [email protected]
Application SecurityWhen testing new code or installing new programs, the ability
to either limit or negate the amount o potential damage rom
these untested or unveried programs relies heavily upon
installing and executing rom within a sandbox environment. A
sandbox is a security mechanism or separating development
and testing activities rom the production environment.
A sandbox is oten utilized to execute untested code and
programs rom unveried third-parties, suppliers, users and
websites. The sandbox provides a tightly controlled set o
resources or test programs to run in, such as scratch space
on disk and memory, network access, the ability to inspect
the host system or read rom input devices are usually heavily
restricted or outright blocked.
While both operating systems utilize a sandbox to run
applications, Android utilizes a ar more robust sandbox model
than the iOS. The Android sandbox model operates on two
main actors.
Each app in Android is assigned a User ID and Group
ID (UID/GID), much like the traditional Unix based
models. However, unlike the Unix models, the
Android model creates a true UID/GID or each and
every application.
All applications designed or Android must have
a maniest and must declare this maniest. An
application maniest inorms the user o all privileges
the application needs at the time o installation.
security
Combined, the unique, individual application sandbox along
with the application maniest orms a thorough sandbox
environment in which the potential damage is truly limited
Because the applications must declare what privileges i
requires, the user can make an inormed decision at the time
o installation. Everything above the kernel level (including
applications, libraries, etc.) runs within their own individua
sandboxes. Even within the operating system level, the securit
o the Linux kernel is provided combined with secure inter
process communication (IPC). This means that even the native
code is constrained to the application sandbox.
In addition, Androids sandbox prevents damage caused
by memory corruption. For many other operating systemsmemory corruption leads to compromised device security
For Android, memory corruption leads only to arbitrary code
execution to the particular application.
Conversely, the iOS model o sandboxing is weaker due to
its method o operation. Unlike Android, applications are al
operated out o a single sandbox (containing applications
libraries, and runtimes), meaning that should one application
misbehave, it can potentially aect the behavior o the othe
applications as well. In a sense, the iOS sandbox is only a
strong as the weakest application allowed. Applications on
iOS also do not make clear as to what permissions are being
granted to the application. Instead, the iOS method asks the
user to trust in Apples screening to be able to realize the inten
o the app developer and that the permissions granted to the
application will not aect the user in a negative aspect.
Thus, due to Apples model o trust us, Apple apps can
actually be more o a security risk than its equivalen
Android apps. A recent study showed that iOS apps wer
actually more o a security risk, with iOS apps generally
having more access to the users personal data. This data
was shared with advertising and analytics without the
users explicit knowledge. O the iOS apps analyzed
60% had access to locations, 54% had access to the user
contact lists. 60% o those apps also shared the data.5
The ability o Android to truly contain a misbehaving
application rom interacting and accessing data outsid
o its sandbox is something that enterprise users canno
overlook.
Android Sandbox Model
Home AlarmCameraBrowserIMSMS/MMSDialer Calculator
Contacts ClockAlbumsMedia PlayerCalendarEmailVoice Dial ...
Activity Manager Notifcation ManagerView SystemContent ProvidersWindow Manager
Package Manager XMPP ServiceLocation SystemResource ManagerTelephony Manager
Surace Manager SQLiteMedia Framework
Open GL ES LibWebCoreFreeType
SGL LibcSSL
Core Libraries
Dalvik Virtual Machine
Binder (PC) DriverFlash Memory DriverBluetooth DriverDisplay Driver Camera Driver
USB Driver Power ManagementWiFi DriverKeypad Driver Audio Drivers
Applications
Application Framework
Linux Kernel
Libraries Android Runtime
*Figure 3.1 Android Sandbox Model
Source: https://source.android.com/tech/security/
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
7/8
FIELD SERVICES / MANUFACTURING / WAREHOUSING / PUBLIC SAFETY / TRANSPORTATION / DISTRIBUTION / UTILITIES / ENERGY / TELCO & CA
WHITE PA
Enterprise level mobiledevice management
To securely integrate mobile devices in an enterprise
environment, organizations seeking to deploy mobile platorms
should strongly consider implementing a Mobile Device
Management (MDM) solution. Mobile device management
solutions allow IT administrators a more thorough control over
the devices within the company.
Both iOS and Android do not possess any real integrated
enterprise level mobile device management capabilities.
While iOS does have a marginally stronger security suite, it
is not suited or enterprise-level security and does not allowor the ne-tuning and control that IT administrators require.
To urther complicate matters, iOSs closed architecture once
again inhibits an organization rom realizing ull control
and customization o any device with iOS. For example, an
enterprise would not be able to implement antivirus sotware,
personal rewalls, and ull disk encryption onto iOS because
iOS architecture does not support these eatures.
An organization may choose to employ either an o the shel
third party solution or a custom developed solution to an
Android device. Once again, this is possible due to the open
source architecture, which ultimately allows or greater securityand unctionality to be built in. This allows an organization to
approach security in many dierent ways when dealing with
an Android deployment. Third party MDM solutions or iOS, on
the other hand, must manage all iOS devices in the same way,
across the board, due to Apples strict and limiting policies.
Whether an organization implements an in-house or third
party mobile device management solution, there are generally
our components that MDM addresses at a minimum.
Security Management: Enorcement
Enhanced ability to download, monitor, and revoke
certicates or emails, apps, etc. Enorced password
Encryption
Device wipe
Remote lock
Audit trail/logging
Rooting detection
Authentication
Firewall
Antivirus
VPN
security
Policy Compliance Management: Enorced Roaming policies
Network management
Sotware Management:
Application downloader push/pull apps
Application verication
Application update support
Application patch support
Application store support/control
Backup/Restore
Managed Mobile Enterprise Application Platorms
(MEAPS)
Hardware management
External memory blocking deny use o externa
memory devices
Enable/Disable Hardware unctions (camera, GPS, etc.)
Conguration change history audit trail on changes
implemented
Jailbreak/Root Detection
But why should MDM generally address those 4 main topics? It
is because the nature o device deployment can greatly aect
the robustness o an MDM solution. Its important to note
that certain eatures o MDM solutions become more relevan
depending upon the deployment policy instituted by an
organization. In the case o BYOD, aspects such as root detection
are more desired as the company has no real control ove
where and how the device within the system is being utilized
The same does not apply with mass deployments controlled
by the company, as units are stripped o much o their media
capabilities that make tablets attractive as consumer devices.
Mobile device management becomes much more o a grey
zone once you take into consideration a locked Android OS on
a company controlled device that is lent out on the job. Sincea locked Android does not allow or much modication, i any
the need or a very robust mobile device management system
is less conspicuous.
-
7/28/2019 bda2fda1-d704-41c9-8884-889d6526b803
8/8
WHITE PA
1-888-44-XPLORE (9-7567) WWW.XPLORETECH.COM [email protected]
Conclusion
As Android continues to gain traction within the consumer tablet market,
business leaders will look more and more towards its viability or
enterprise applications. The popularity o intuitive modern
computing devices will propel organizations to consider
implementing tablets and Android oers a fexible, cost
eective operating system or enterprise deployment. It
has rapidly matured rom its inant stages to become a
stable platorm and will continue to improve.
Priced much lower than traditional PCs with the
movement towards mobile computing, tablets are
quickly encroaching on the PC market. With latent
eatures that allow Android greater security than its
competitors, a large established base o existing users, as
well as its open architecture or true customization, Android is a
prime candidate or viable enterprise use.
footnotes
1. Mostly-Tech (2013). Androids 4.2s Advantages Over iOS 6.1
(Online) Available at: http://mostly-tech.com/2012/09/30/3219/
2. AFP (2012). Russia Unveils Secure Almost Android Tablet
To Keep Data Away From Google. Available at: http://www.
securityweek.com/russia-unveils-secure-android-tablet-keeps-
data-away-google
3. Henry Kenyon (2012). DODs move to Android started
with DARPA apps program. Available at: http://gcn.com/
articles/2012/01/31/darpa-apps-program-dod-android-smart-
phones.aspx
4. Grant Gross (2003). Human Error is Greatest Security risk.
Available at: http://www.pcworld.com/article/109872/article.
html
5. David Nedle (2013). Study Finds Free iOS apps more a security
risk than Android apps. Available at: http://tabtimes.
About xplore technologies
Xplore Technologies Corp., maker o the most rugged
tablets on Earth, has been in the business o
developing, integrating, and marketing
industrial grade rugged tablets
or our customers in the Energy,
Utilities, Manuacturing and
Distribution, Public Saety,
Field Services, Transportation,
and Military sectors or over
15 years. Xplore Tablets use
the most powerul and modern
processors and components and are
tested more vigorously or shock, thermal,
vibration, impact, ingress and emissions than any other
PC in the industry. Xplores products enable the extension
o traditional computing systems to a range o eld and
on-site personnel, regardless o location or environment.
Xplores portolio o products is sold on a global basis, with
channel partners in the United States, Canada, Europe and
Asia Pacic. Xplores main oces are located in Austin, Texas
with regional sales oces throughout the U.S., Canada and
Europe. Xplore is a public company that trades under the
symbol XPLR on the NASDAQ Stock Exchange.