Nexus One vs. Top 10 Phone Security Requirements

hiouridah writes "Consumer Grade or Enterprise Ready? The Nexus One is entering a smart phone market that is taking increasing heat from enterprises for their lack of robust security features. So how does the Nexus One stack up?"

Obvious article is obvious

[nitefallz]

I don't think the N1 is targeted at the corporate world. Google seems to have larger mobile plans than this, so I would expect some corporate type product in the future.

From the article

[Albanach]

-Operating system: The Android operating system is in its infancy and like any new piece of software is likely to be full of security bugs. Android is also open source, so it is highly susceptible to developers with malicious intent finding those bugs quicker than if the OS was closed like the iPhone or blackberry OS. However, the open source nature of the OS should also become a benefit for its security longer term as coders with good intent scrub Android and find the security holes and patch them. Without the source code this job becomes much harder and takes considerably longer. Bottom line is it’s a mixed bag, less secure in the short term but able to become more secure faster than a close OS can.

Is there any evidence that an open source program is less secure in the short term than a closed source one?

After all, when coding an program they know will be open sourced, programmers are much less likely to add a vulnerable piece of code in the hope it won't be spotted or with the intention to fix it at some later date.

4 real issues

[Enderandrew]

We're talking enterprise here, right?

Who cares about touch screens and resolution. I do as a geek, but these are the real issues:

Do you need a separate server to properly sync with Exchange?
How well does it sync with Exchange?
How secure is it, and can it handle encryption? (The iPhone can't be used in many organizations for this very reason)
Is the email app any good? The iPhone mail app for instance is very much lacking in comparison to the Blackberry email app.

Suits care about covering their asses, and checking email. If it can't do that, it won't be used in the enterprise.

Re:Obvious article is obvious

[toastar]

Wait Wait Wait.... Are you saying the Iphone is targeted at the business world?

I'm not sure the article fully understands androids capabilities, I have a remote wipe app on my g1.
The only real security feature the iphone has is the lack of a SD card.

RIM's bread and butter

[ArhcAngel]

I increasingly hear this question from both my IT peers and users alike "Why does our company stick with Blackberry when phone XYZ is so much better?" The long and the short of it is SECURITY. I mean when India insisted RIM provide them with a back door so they could spy on BB users RIM's response was "We don't even have a back door". I would love to see a smartphone come out with all of the security features RIM has had for years so I could offer it to the Executive VP instead of telling him "I'm sorry but since you receive strictly private emails you are not allowed to use anything but a Blackberry" and having him start making calls and ultimately buying it on his expense account connecting it to the network in rogue fashion.

Remote data wipe?

[ducomputergeek]

Phones are easy to loose or get nicked. One of the features enterprises like about the Blackbery is the ability to do a remote datawipe. On my iPhone I can set a password. If it's entered incorrectly 10 times, the device automatically wipes itself. I can also do a remote datawipe as well. I've tried googling about this feature on the N1 and so far have found nothing.

Ability to do a remote data wipe is key for the enterprise market.

Application signing is worthless?

[tibman]

The application signing is worthless because they are self-signed certs? WTF is this guy smoking. Just because someone pays a CA to sign their cert doesn't make it magically more secure. I'll be honest, i think CAs should die off (in their current forms).

Re:Application signing is worthless?

[Anonymous Coward]

You need to do some research on self-signed certs, they are worthless. PKI is built on a trusted source framework with Certificate authorities being that trusted source. Like he points out in the article apple controls the CA for their apps so if an app writter does a trojan horse in their app then apple can pull the cert and destroy the app. Google needs to do the same. Also certs are used in android to verify what applications are related to each other and become part of the same process. So if a hacker can duplicate your self-signed cert then they can have their trojan app merge in the same process as your real app.

Re:From the article

[GooberToo]

Also I'd question what the article means by Android being "in its infancy".

Android right now means Linux + Framework. Sure the framework can be made to run on other OSs, but for now they use Linux.

No bones about it, the Android framework is definitely in its infancy. Google breaks applications left and right with just about every release. In some cases they even deprecate interfaces without providing an alternative interface; leaving developers and users boned.

And because of Android's infancy, Verizon's Droid has known Android incompatibilities between the emulator and the GSM variant (Milestone). In fact, that's what was behind Droid's update from 2.0 to 2.01; even requiring an SDK update and new SDK version (5 to 6) for developer's to support. Despite the 2.01 update, Droid still has some broken interfaces because Verizon was forced to write their own Android-CDMA framework hooks - as Android's native CDMA interface wasn't ready at the time.

While I think Android is excellent and I even own an Android phone, to be absolutely clear, both users and developers are very much feeling both the pains and absolute indifference Google has for them. For example, the Android market application and interfaces available to developers is still third world crap and a far cry from acceptable. Right now developers have to support Android 1.1 (large deprecated now), 1.5, 1.6, 2.0 (obsoleted), 2.01, and soon 2.1. Each has their own quirks, incompatibilities, broken interfaces, new and improved interfaces, screen sizes, etc. Contrary to the recent stream of FUD being spread, with the possible exception of Verizon's breakages, none of this means Android is fracturing and/or forking, but it does make for a huge headache for users and especially developers.

As for the market, Google can't even properly count the number of actively installed applications for developers. The numbers provided are known to be completely useless and inaccurate. They still don't provide tools to developers. You still can't browse the market from your computer. Application descriptions are laughably terse. The user comment system exists solely to abuse developers and harm sells. Developers can't event reply to criticism - only the most recent. About the only positive thing the Android market has going now is that its easy to remove spam and abusive comments - but that makes one wonder how often legitimate comments are now removed as anyone can mark comments as spam.

In short, Google still has a very long way to make Android grown up. Sure its continuously getting better, and more stable with each release, but anyone who believes Android is stable and full grown simply doesn't have their ear to the ground to hear the real state of things.

Re:N1 vs Iphone

[CyberNigma]

The Nexus One will not run apps from external storage (flash card) unless you root it. By default, it will not allow it since they are trying to prevent pirating of paid apps. They are working on a solution such as encrypting paid apps so they can be downloaded to a flash card and run from there. Currently, however you have to root the device, which is easy, but necessary and may violate your operator's terms of service.

By default, Nexus One only has about 256MB (internal memory storage) of space for apps and can't be upgraded.
If you root the Nexus One then you have as much space as you can afford in the form of storage cards.

If you download a lot of apps and choose not to root your phone, you will run out of space very quick and will have to pick which apps you really want.