Forgot your password?

Android and iPhone Taking Over the Enterprise… Wait a Minute!

Jailbreak Every time I hear the doom and gloom story about companies looking to replace their enterprise BlackBerrys with iPhone and Android devices I wonder if I have stepped into an alternate dimension. I can understand smaller companies and companies that have lax security but this would be a ridiculous decision for finance, law, or any other professional company. The reason can be summed up into one techy term “Rooting.” (Also known as JailBreaking)

In case you are not familiar with rooting a device here is a brief explanation. Rooting a phone gives you “root” or super user privileges on a device where you were never intended to have it. On the current batch of iPhone and Android devices this can be done as easily as opening the right image file or PDF, using a utility, or following a simple walkthrough. Many savvy iPhone and Android users have rooted their devices to take advantage of the control it gives them to do things the device creators never wanted them to be able to do.

So you may ask yourself why is this a bad thing? For regular consumers this is actually brilliant. It allows them to unlock functionality like multi tasking, wifi hotspots, and loads of other homebrew features that could not be done otherwise due to manufacturer limitations. For businesses “rooting” is bad bad bad bad bad news…

Let met give you a perfect example. The team at AndroidCentral found that ALL stock Android phone OS versions store usernames and passwords for things like your email in CLEAR TEXT. This is utterly idiotic on Google’s part but even Apple was guilty of this a year or two ago. Supposedly Google’s reasoning is that when the device is not rooted no one has access to this clear text database of sensitive information. Once you root a Android phone that is no longer the case…

Now think of this example from an enterprise angle. If somebody gets a hold of your lost device they can now root that device and have access to all your usernames and passwords in clear text. For regular consumers that might just mean their email account is compromised but for enterprise users that username is usually also their enterprise login. The irony is that this is a known issue with an issue ticket given a “Medium” priority by Google… Oh and don’t forget even after Apple fixed the last super easy jailbreak for the iPhone iOS4 they now have another one coming. They also have issues like backups that even when encrypted can be brute forced and are regularly performed by iTunes.

So I have to ask. What exactly is assuring these companies that the iPhone and Android are “Enterprise Ready?” Where are the certifications that back up the security offered by Apple and Google? I can tell you where to find the BlackBerry Security Certifications, RIM has a whole wall of them. I concede that not all companies need government level security but is it really worth lowering a companies security posture for games and apps which have little to no business use?

PS: Bonus points if you can name the movie referenced in the picture above :)

21 total comments on this postSubmit your comment!
  1. Shawshank Redemption, FTW!

  2. Shawshank Redemption, as they look behind fuzzy britches 😛

  3. The picture above is from the movie: The Shawshank Redemption
    One of my favorite movies.

  4. Wow I knew the movie was famous but nice work guys. The first thing I think of when I hear “Jailbreak” is Shawshank Redemption. Is that weird? :)

  5. These are all the same corporations that use Windows so security really isn’t front and center now is it. I’ve been using a Droid with much success at work. My wife works for a Fortune 50 and they just handed her a new iPhone last Thursday. A year ago IT wouldn’t even acknowledge that there was an iPhone.

    Scare mongers talk mobile security all the time but I would bet everything I have that almost all data breeches happen on the laptop or desktop in a windows environment. There are VERY few companies that actually NEED the level of security that Blackberry provides. For everyone else, let the employee pick a phone that they will enjoy using. It will make them more productive in the end.

    • See thats the difference. Did you notice what you company does to make Windows secure at work or on your laptop?
      Antivirus, firewall, IPS, VPN, Encryption, Application whitelisting, the list goes on.
      The beauty of the BlackBerry solution for enterprises is that all of that is built in through the BES.

      Now you ask why companies would need that level of security that all depends on the company and what the employee has access to. For example, if you are a lawyer or a banker discussing confidential client information what would you trust?

    • I can already see the headlines. “Chase Senior Banker loses iPhone in Bar” and then the company would summarily respond to why they allowed iPhones… “But they wanted apps and games!”

  6. Yeah. Shawshank. An Epic movie! Great article. I feel BlackBerry device security is like that of the Mac. Yet to hear of a virus or “real” hacking.

  7. Many of these concerns can be addressed by isolating enterprise capabilities in a secure sandbox like the platform provided by “Good Technologies”.. Do a quick Google search and let us know how you think this approach impacts your thoughts on this discussion. Great topic!

    My company is testing the “Good Mobile Messaging” platform on both iPhones and Android devices at this time. They will not deploy it if it weakens our security posture. Overall the IT Security guys seem to be happy with it. Testing will continue..

    • Hi MrSimmonsSr,

      Good Technologies solution for the iPhone is a step in the right direction and may be “also doing what RIM is doing recently by segregating work and personal data. Just look at the Gartner report they link to from their website:
      http://www.gartner.com/technology/media-products/reprints/goodtechnology/article1/article1.html

      Here are the Key Findings:

      * Research In Motion’s (RIM’s) BlackBerry Enterprise Server (BES), Microsoft Exchange Server and Good Technology’s Good Mobile Messaging have the best product viability and offer the widest overall support for critical capabilities in enterprise wireless e-mail products.
      * BES and Good Mobile Messaging are most viable where strong security and international roaming are required. Exchange Server fits best in scenarios with national deployments or strong requirements for integration with Microsoft collaboration platforms, which lets organizations deploy and benefit from this lower-cost product.
      * A single product is often not enough to address all user requirements in complex environments. A combination of two software products represents a better solution for managing multiple user profiles and device diversity. Parallel deployments of BES and Exchange Server are very common in such situations.
      * RIM’s BES, which basically supports only the RIM operating system (OS) platform, offers a richer set of security and management capabilities than any other products with wider device flexibility, like Exchange Server, Good Mobile Messaging or Sybase iAnywhere Mobile Office.

      Recommendations

      * Organizations:
      o Deploy BES for BlackBerry devices with users travelling abroad, and license-free BES Express when security and management requirements are basic.
      o Consider native capabilities in Microsoft’s and IBM’s e-mail server products when supporting corporate devices without stringent security requirements for users moving on a national basis only.
      o Consider Good or Sybase products for employee-owned devices where stronger security and management is required.
      * Wireless e-mail vendors:
      o Prioritize developments for new platforms including Android, Windows Phone 7, Maemo and MeeGo — as well as new form factors, such as e-readers.

  8. It’s important to highlight this stuff, Ronen. Vital information all business IT departments and execs should read. A great wake-up call for those pushing for more open mobile platforms in corporate environments!

    Most people aren’t aware of the risks they take and the risks they put their organization in when they put company info on their devices. Worse, these devices have access to company data behind firewalls, so they are quite valuable to thieves & hackers. Competitors are probably stealing critical business information without them even knowing about it. Have you been hacked? You wouldn’t know and they won’t tell.

    I’ve seen people post that they hate RIM, BlackBerry, and BES. Why? Are they hackers? From the news we see that Saudi Arabia and the UAE want to turn off BlackBerry services because of their security & encryption. BlackBerry allows the BES administrator to lock down the device to allow communication but disallow all the things that may expose the company to risks, according to the individual business policy.

    Even BIS users can get in on the action to protect their own privacy. You can lock down apps so tightly they can barely breathe… if you do not really trust the source of the app. More and more you will start seeing a huge increase in malware on mobile devices as bad folks find ways to exploit your information. Ronen makes mention of your passwords like your facebook and twitter as well as other on-line passwords you might use, including your on-line banking. Imagine if those were in the hands of someone else?!?

    With a BlackBerry, you can disallow USB or Bluetooth access and you can bind an app in chains with a BlackBerry so that it can’t do anything more than you allow it to do. Why app developers expect their app to access more stuff than they’re supposed to, I’ll never know; however, I can restrict my GPS app from accessing the Internet, for example.

    This alone makes BlackBerry more reliably secure than the competition. It doesn’t mean you will be 100% safe, but BlackBerry is built by RIM with security at the foundation of its architecture. The other guys are more about the fluff. They don’t want to talk about rooting, hacking, and other security risks of using their phone.

    In the end, users must raise their privacy concerns to these manufacturers. If people are buying phones and aren’t concerned about their privacy, then manufacturers won’t spend a penny more to improve the security of these devices. Android and iPhone rooting is common place.

    • I agree Joe. I think companies do not realize that they are opening a pandoras box all to save a bit of money on employee owned devices. I think there is some future for virtualization solutions like Good and the new employee owned policies in the latest version of BES but I just dont get why these companies care if their employees can install apps? Many of these companies already have policies in place on their BlackBerry deployment that forbid the installation of 3rd party apps…

      • Sadly, the IT departments are bending to pressure from the few who want to install games and other entertainment apps. If this is a personal device, then all bets are off on what is allowed (user-dependent), but companies should not allow their sensitive data on personal devices where it is more vulnerable. Likely, it’s the geeky IT guys who want to use their own phones of choice and pushing open the policies. Sorry, I count as one of them too.

        I have a BlackBerry but it’s a personal one. I wouldn’t put sensitive company data on my own personal phone. I need to respect the interests of the company I work for.

        • I have BB and Nexus, and to me android is best mobile to put security control in user hands. With BB, customer/user is locked and unable to control even app install and uninstall, thanks to bla$kberry (wiping phone sometimes is necessary and do not help :( ) …

          • Why would you want to put security in users hands? That just doesn’t make any sense. Just think how well it would go over: “We let them install whatever they want because we trust the users who obviously know that opening a suspicious attachment might give them a virus…”

            Just go and ask half of the people with Jailbroken or rooted phones if they even know what a “root” account can do…

  9. I have a question though.

    Would you do business with a company emphasizing on strict security and client confidentiality or a company that has lax security and little confidentiality?

    Well, its alright to have your bank details posted on twitter on facebook after your device is stolen.. Assuming that all your money is invested in gold bars at home.. :)

  10. I have a htc desire with superuser access. But everytime an app want to have su rights, a little popup shows up and ask me to accept or deny the su request. Like a firewall on a pc. Is my phone affected too with the security issue in this post? Thanks for reply

    • So you rooted your HTC Desire? Did you ever check what an app is doing when you give it superuser rights?

      • From an IT administration perspective, the simple fact that the end user gets to make the decision to install third-party apps and allow them access to their device scares the hell out of me!

    • Every special thing you do will require superuser access, so do you really know what you’re allowing when you click ACCEPT? There needs to be different levels of privileges and the OS has to be able to discern what is needed and communicate that to the user… not the app itself.

      Firewalls on PCs are often poorly implemented when it comes to interpreting the request and communicating accurately with the user. If someone comes knocking on my firewall, how do I know if I should accept or deny this request? Most people just accept, especially when faced with a popup that interrupts their work. A proper firewall needs to determine the level risk which the user will be exposed to as a result of accepting the request.

      A firewall with a number of holes punched through it for communication is really not very secure. Most people think that if you have a firewall you are safe. However, firewalls need to be monitored carefully since folks can readily masquerate other traffic to pass through those holes.

      For you, an Android user, be wary of where you get your apps. This also applies to iPhone and BlackBerry users too; however, Android users are more vulnerable. Get your apps through a trusted source. Perhaps Google monitors apps in the Android Marketplace, but I wouldn’t pick up apps from any old website. They may be tainted or modified to include something extra like a rootkit!

      This is where the BlackBerry BES comes to the rescue for corporate BlackBerry users. The BES administrators can review and choose and approve specific apps for use from trusted sources so that users cannot just install and run any old app that may be infected and therefore compromise sensitive company data. This way, business assets are protected.

      RIM has also provided BIS users (non-BES) the ability to lock down how the app behaves and what the app has access to. On the BlackBerry, for every specific app, there are several dozen access privileges a user can accept, deny or prompt the user for. These same access privileges are used in the BES environment along with hundreds more.

      Unlike the competition, BlackBerry has solid security built in from the core of the OS. This is why it is being used by large corporations and government organizations.

      Hope this helps.

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC