Samsung, Google, LG, Huawei & BlackBerry: How device vendors are tackling the Android security dilemma

Despite the best efforts of security professionals, Android devices retain their reputation for having weaker security than Apple’s iOS.

There are many reasons for this. In particular, iOS’s walled garden means that iPhones can only run apps that are pre-approved by Apple, whereas Android is an open platform.

Apple also has control over rolling out updates to all iOS devices, while Android updates have to go through telcos and mobile operators to get to the end-user.

The Android vendor community is responding to this situation by beefing up the security built into its devices as well as building products around them that enhance the security.

CBR looks at what some of the main vendors are doing to clean up Android’s security reputation.

 

1. Samsung

Samsung is attempting to compete with Apple’s high-end iPhones in most ways, and the enterprise market is no exception. The South Korean vendor has hence built a security platform aimed to plug the deficiencies of Android in this regard.

The basic KNOX programme is available free, built into higher-end Samsung devices including the Galaxy S6 and, soon, the Galaxy S7. KNOX Premium is available for $1 per seat per month or $12 per seat per year.

This provides a cloud-based console and secure workspace on the device. Within the containerised environment employees can use enterprise apps, store data and safely send emails with all of this information firmly separated from their personal data.

This combines the EMM solution with Workspace, a container add-on that can be used in conjunction with EMM or another MDM solution. It provides real-time kernel protection, on-device encryption, SE for Android, and two-factor biometric authentication, including fingerprint scanners.

Licenses for Premium are available through resellers. It is supported by all Galaxy devices as well as many non-Samsung Android devices. Many key features are only available on devices that support Samsung KNOX, however.

 

2. Huawei

Pricing for this solution, which supports both Android and iOS devices, is dependent on organisation. Key components of the solution include enterprise mobility management, which provides mobile device management, mobile app management and mobile content management.

There is a built-in sandbox, separating enterprise from personal data and providing encryption for enterprise data.

Included are secure email, using secure email clients to connect to Notes or Exchange systems, secure web, providing a convenient way to browse intranet web resources through a VPN, and secure SDK, which helps enterprises integrate mobile security functions into software.

 

3. LG

LG smartphones, including the V10, G4, G3 and G2, as well as several of its tablets, have LG’s Guarded Access to Enterprise (GATE) solution built in.

GATE is along the lines of the basic Samsung KNOX platform rather than a fully-fledged enterprise mobility platform like KNOX Premium.

There are four main components to the solution: platform security, application security, network security and mobile device management.

Devices enabled through GATE are supported by Microsoft Exchange ActiveSync, Data Encryption and VPN. It can be integrated with full MDM solutions.

 

4. Google

Google, the proprietor of the Android operating system but also the producer of the Nexus device range, launched the Android for Work platform in 2015.

Since Google has control right down to the operating system level it is able to offer two separate environments, personal and work right at the level of the operating system from Android 5.0 (Lollipop) onwards. The Android for Work profile is integrated within a user’s personal profile.

Apps in Android for Work are marked with a specific icon to signify whether they are personal or work-related. Installation is managed through the Google Play for Work app, which mimics the normal Google Play app store but allows the IT department to determine what can be seen and installed.

This containerised work environment prevents the user from copy and pasting between a work environment and the rest of the phone. Within the environment, there is a Chrome for Work browser which provides a secure connection to a business intranet.

 

5. BlackBerry

The inclusion of BlackBerry on this list might come as a surprise, but since the launch of the Priv smartphone BlackBerry has joined the ranks of Android vendors.

BlackBerry has aimed to tackle some of the key shortcomings of Android security with the release; BlackBerry is keeping Priv devices up to date with monthly Android updates.

There is a hot fix system for urgent bugs, when an exploitable vulnerability is discovered. BlackBerry will push fixes without carrier approval in certain cases.

The platform has a series of security-focused apps, with a built-in tool called DTEK which monitors the app’s permissions and activity.

Third-party app stores are partitioned, so that sensitive applications are kept in a separate part of the phone to email and work programmes.