I need your opinions on Android vs iPhone in the enterprise. In my situation, we have to take Blackberry out, even though they still maintain the tightest control via BES. Don't ask questions, it is what it is.

It seems that iPhone does a better job vetting apps in the appstore, but I don't really have any solid proof. I know there was news in the last few months of a bunch of Android apps having security issues, but what is the real impact here?

I would love to hear what everyone thinks, put on all your hats here: security, admin, user.

Thanks,
C

sil++

My only complaint with iPhones is that AppStore isn't perfect, either, based heavily on those who write their apps.  For instance, on my wife's iPhone, the latest Facebook app she pulled from updates clearly says, after installing, that it's an 'employee only' build.  It crashes her whole phone frequently, when she uses it, and uninstall / reinstall brings back the same 'busted' / 'employee only' build...  Facebook has yet to respond to me with a fix.

We're going through this too, which I'm sure is not at all uncommon.  Biggest problem we seem to have right now is having to link iTunes to a credit card since very few employees have company issued credit cards.

There was an announcement from RIM recently about a product that works with BES to administer/control iPhone and Android devices in the same way BES does with BlackBerry devices.  No release date yet though.

Not having an i-phone myself (am an android man) I'd ask what security/av software is available for the i-phone?
I know a few of the mainstream AV houses have produced stuff for android and the stuff on my phone has picked up one rogue app so far. 

Android while a great device os is open sourced, the major issue here is that there is absolutely 0 quality control by google over the Android Marketplace.  This makes it extremely easy to introduce malicous software onto the device and potentially back into you environment.  That reason alone was enough for me to make the Android a no go in my environment because why give your users an advanced device then deny them the ability to utilize it to its full potential by blocking the Marketplace (which is the only way I would allow Android in the enterprise).

In Nov. I was just awarded approval by our ISRB (information security review board) to introduce a fully functioning iPhone into the enterprise,  by leveraging 3rd party software I am able to create an encrypted isolated segment on the device that does nothing but interact with the enterprise and it prevents external access from other applications on the device.  By utilizing this method I'm able to give my users iPhones that are not restricted with policy only applying to the enterprise "container".  I can help you out with some of the logistics and some good points of discussion that essentially help me convince the board that providing employees these powerful mobile devices while ensuring the integrity and security of our corporate data was viable let me know.

I know its one apple key selling points  that no Av is needed so they say!

@R3B005t

How are you handling the iTunes issue? With the iOS exploit that is now in Metasploit, we can now pull all that juicy info right from the device, as long as itunes is installed on the box.

Simple we dont allow iTunes to be installed in the environment.  As part of our user acceptance policy for the iPhones we state that:

1) All iOS updates must be applied within 7 days of release or we will disable access to enterprise mail.  For those users unable to update their iPhone's in a timely manner we disable it, update it for them and then re-enable email access.

2) The end user is responsible for backing up any content on their device, we recommend they install iTunes on a computer at home for this purpose since we A) don't allow iTunes on any of our machines and B) My users don't have rights to install sofware, they don't have any elevated privilages beyond the standard user account.

The product we are using for enterprise mail requres that A) Any backup be encrypted by defualt and B)Does not back up data contained in the app only the application itself.