Is The Android Operating System Too Risky For Enterprise Business?


A walk through the Android Software Development Kit and libraries will show you some interesting scenery.

You can, for example, see how a few strokes of code will allow you to write an application that can access an Android device's contact list and phone, in the background.

A walk through the Android SDK might also show you how you can write an app that will launch the device's e-mail service and even send e-mail messages.

The Android SDK hiking tour will also provide a mile marker with instructions on how to put together an app that will launch a device's text-messaging feature to both receive and send data.

If you're an upstanding citizen and software developer, you can use that information to create powerful, secure, productive and "gee whiz" apps of the kind that have made the Android operating system one of the fastest-growing operating systems of all time. If you're a hacker or a criminal, however, you can use Android to launch vicious, destructive attacks on individuals and, potentially, infrastructure.

Last month, more than 50 Android apps were found to contain malware called DroidDream, ranging from gaming apps to a currency converter app to a scientific calculator app, according to security ISV Lookout.

Lookout reported that the Trojan known as DroidDream used two exploits called "exploid" and "rageagainstthecage" to infect Android-based devices.

Lookout said it found that hackers had used exploid to deploy itself looking like a legitimate "calling plan management" app and began hitting the market via what it said were Chinese app markets. ventually, Lookout said, a version of that app turned up in the official (and more mainstream) Android Market. A further review found this app turned out to be, essentially, a dud because it didn't have the code to fully exploit a device. But just the fact that an app like this made it into the Android Market was frightening enough, Lookout said, because that indicates it could happen again in the future. And with real, device-smashing code.

Android, which was founded by Google and is developed by an open-source community, represents both an enormous opportunity to drive the enterprise to the edge of the network, as well as the risk of kicking it over that edge. Unlike the iOS platform for iPhone and iPad, which Apple oversees and manages so closely that the company has been accused of heavy-handedness in which apps it allows into its ecosystem, just about anybody can write an Android app and push it out to the market.

The recent DroidDream incidents, among others, may prove to be a cautionary tale that might slow down an industry that has been racing toward Android as an antidote to Apple's absolute market dominance in a strategic area.

Take, for example, Motorola. The Schaumburg, Ill.-based company's consumer division produces wildly popular Android-based phones such as the Droid X. It has received credit throughout the industry for providing the most stable and bullet-proof form of Android on a mainstream mobile device. But Motorola Solutions, the company's enterprise mobility unit formerly known as Symbol Technologies, is taking a slower approach with Android in providing technology used in business and government solutions.

"Our customers need certain functionality and capabilities in the underlying OS. We understand that a portion of our customer base desires to run commercially available prosumer and consumer applications available on Android, but the OS must be secure, manageable and reach an appropriate level of maturity," said Brian Viscount, Motorola's vice president of marketing for mobility.

"Enterprise customers just can't deal with the current deluge of Android revisions and releases," Viscount said. "So, we will eventually bring Android to market [in the enterprise], but we'll be filling in a number of enterprise voids in the standard OS offering, including security and manageability, and we'll be regulating releases to meet the requirements of our customer base."

Some experts in the channel give kudos to Motorola's own development of Android, even with acknowledgments that the raw, open Android source code needs work.

"The standard Android operating system is very weak from a security perspective, whereas the Motorola [version of the Android] operating system is much more enterprise-ready from a security perspective," said Mark Greer, COO of Milestone Systems, a Minnetonka, Minn.-based solution provider. "You need to have the right processes in place … to make sure you're controlling the exposure that's out there," he cautioned solution providers.

NEXT: The Android Operating System: Under The Hood