To put this in context: last month, Android security chief Adrian Ludwig presented a paper at the Virus Bulletin Conference in Berlin that reported that, in a study of 1.5 billion app installs, malware causes harm or evades runtime defenses in less than 0.001% cases. These are pretty good odds for the average consumer. But when an enterprise's mobile devices are high-value targets of nation-state espionage or criminal exploits, 0.001% will be too great a risk. KitKat running on an appropriately designed device could be a solution.
The most likely early adopters of the new Android security features are OEMs that build mobile devices for governments and enterprises. The end customers that face significant security risks will pay the added cost to create the chain of trust between manufacturer and end users.
This technology doesn't make Google a pioneer. Millions of SELinux computers in security-sensitive situations have demonstrated that Google's approach is feasible. Google is a pioneer, however, in implementing this at the larger scale of mobile devices. The challenge for the enterprise at this early stage will be to identify a hardware OEM that can be trusted end-to-end to design, manufacture and deliver mobile devices without negligently or willfully introducing a broken link in the chain of trust. U.S.-based, Google-owned Motorola would be a good candidate if it chose to supply this type of device.
Sign up for CIO Asia eNewsletters.