Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Android: The IT community's latest problem child

paulfroberts | April 1, 2013
Google and Android mobile OS may be the next problem child of the IT world.

Hoog said ViaForensics made many attempts to inform Any.DO about the vulnerability and share the results of its audits, but that the company did not respond to efforts by ViaForensics to reach out. Efforts by ITworld to reach Any.DO were also not returned.

Hoog said that Android's rapid adoption gives it the kind of exposure that makes it comparable to Microsoft Windows. However, most of the security issues that have been identified are the result of insecure and poorly written applications for the Android platform, not the underlying operating system. The proliferation of third party application stores offering Android applications is also an issue, he said.

But Hoog said that he isn't convinced that the Android operating system is any less secure than iOS - but says that Apple's model of centralized management of updates has many advantages over Google's model. "I hear CXOs saying to me 'I know that (Apple) might get it wrong with an update, but I feel confident that a fix will be issued right away and that my users will get it."

The bigger issue, says Hoog, is that mobile operating systems vendors like Google and Apple don't allow security companies to have the low-level access to their operating systems that's needed to implement security features for mobile devices such as malware detection, digital rights management and so on.

"We're in this predicament because, as a security industry, we're locked out of building the kinds of tools we need to manage mobile devices because of the way the mobile industry has developed. Until that changes, we're going to be locked in to doing one-off solutions where you'll have to jailbreak a phone to do low level testing."

Third party security products might not make mobile operating systems hack-proof, he said. But the industry has come up with tools to help manage and mitigate risk. "I may not be able to prevent everything, but at least I have data," he says. Currently, however, security firms and organizations that face mobile threats have a dearth of options. "All I see is the walled garden," Hoog said. "And it's not pretty - it's not all roses."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.