If you were looking for a big enterprise-related announcement during Google’s I/O developers’ conference in San Francisco last week, you were disappointed.
Google announced no major upgrades to its Android mobile operating system. But from a security standpoint, that may be a good thing — fragmentation of the open-source mobile platform has led to vulnerabilities that make Android anathema to most enterprises.
According to F-Secure’s mobile threat report for the first quarter, 136 of 149 new families and variants of malware — that’s 91.3% — identified by the security vendor targeted Android. The other 13 targeted the Symbian OS. None targeted iOS, Windows Mobile or BlackBerry. That’s the kind of data that catches an IT professional’s attention.
The reason Android gets targeted by hackers is simple — it’s an easy target. Forty percent of Android devices now being used are at least three years old. In a report last month, mobile analytics vendor Mixpanel said the 10 most-activated Android devices account for only 21% of total activity.
The end result: Millions of older, unsupported Android devices aren’t getting security updates to protect against an endless and growing stream of malicious software. They’re sitting ducks.
That may be behind Google’s decision not to rush out Android 5.0, or Key Lime Pie, which many industry observers expected to be announced during I/O. Indeed, as Ars Technica reports, fragmentation and its negative effects were on the minds of Google developers and audience members at one conference session, prompting Android engineering director Dave Burke to assert, “This is something we think about a lot.”
So do millions of people confused about which Android device they should buy. So do developers trying to figure out which platform they should be writing for. And so do enterprise pros trying to determine exactly what it is they’re letting connect to their network.
Burke told session attendees that his Android team is now layering code in a way that allows silicon vendors to make their hardware more compatible with the software without breaking apart the kernel.
That won’t do much to help with the fragmentation problem in the short-term, nor will it compensate for Android’s fundamental lack of meaningful security features, a flaw vendors such as Samsung and even BlackBerry have tried to compensate for and exploit. Samsung has created security platforms (SAFE and KNOX) for its Android-powered devices, while BlackBerry just last week announced its Enterprise Server would extend security features to Android.
By making itself the only Android manufacturer to create special security features for the enterprise, Samsung has become the only major Android presence in the workplace. But Samsung devices such as the Galaxy III smartphone still trail several models of iPhones and iPads. Now BlackBerry is challenging it for what in essence is a small piece of the enterprise market.