Corporate Security: Android vs iPhone

This topic contains 16 replies, has 7 voices, and was last updated by  cd1zz 8 years ago.

  • Author
    Posts
  • #6375
     cd1zz 
    Participant

    I need your opinions on Android vs iPhone in the enterprise. In my situation, we have to take Blackberry out, even though they still maintain the tightest control via BES. Don’t ask questions, it is what it is.

    It seems that iPhone does a better job vetting apps in the appstore, but I don’t really have any solid proof. I know there was news in the last few months of a bunch of Android apps having security issues, but what is the real impact here?

    I would love to hear what everyone thinks, put on all your hats here: security, admin, user.

    Thanks,
    C

  • #39652
     sil 
    Participant

    Researchers have already stated that the iPhone is more secure. I say, create a mobile policy from work and refrain from introducing N amount more possible entry points where N is the amount of phone users.

    http://articles.timesofindia.indiatimes.com/2011-01-12/computing/28352068_1_android-security-software-mobile-devices
    http://news.cnet.com/8301-27080_3-20009362-245.html

  • #39653
     hayabusa 
    Participant

    sil++

    My only complaint with iPhones is that AppStore isn’t perfect, either, based heavily on those who write their apps.  For instance, on my wife’s iPhone, the latest Facebook app she pulled from updates clearly says, after installing, that it’s an ’employee only’ build.  It crashes her whole phone frequently, when she uses it, and uninstall / reinstall brings back the same ‘busted’ / ’employee only’ build…  Facebook has yet to respond to me with a fix.

  • #39654
     cd1zz 
    Participant

    I understand limiting exposure by only allowing folks with a business reason to have phones. That I totally agree with.

    My problem with iPhone is that now there is another 3rd party app that you have to introduce to the environment (Itunes) and now you have to worry about patching another 3rd party product.

    With Android you get some notification of what an app will do after you install it, however I know that no regular user is every thwarted by that information.

    So here we are again, back to the point where its almost even in my mind. And at the point where you might earn some points with users giving them an option….. please tell me I’m crazy and please shoot me down. I want more of your opinions….

  • #39655
     yatz 
    Participant

    We’re going through this too, which I’m sure is not at all uncommon.  Biggest problem we seem to have right now is having to link iTunes to a credit card since very few employees have company issued credit cards.

    There was an announcement from RIM recently about a product that works with BES to administer/control iPhone and Android devices in the same way BES does with BlackBerry devices.  No release date yet though.

  • #39656
     Anonymous 
    Participant

    When I was InfoSec Europe a week or so ago they had live demo of setting up a Access point. They changed the name to BTopenZone what is a free wireless network in the UK. and sat back and watched how many people used this network. They also said I don’t know how true this is but most Iphone will try connect to a BTOpenZone by default.

    I have a Iphone and I am happy with it but they do have there security problems like any device.

    As long as there was a good protocol for employes to follow then I think they would be fine.

    Like don’t connect to free wireless or even better disable wifi and use 3gs.

    Just my 2 pence

  • #39657
     AndyB67 
    Participant

    Not having an i-phone myself (am an android man) I’d ask what security/av software is available for the i-phone?
    I know a few of the mainstream AV houses have produced stuff for android and the stuff on my phone has picked up one rogue app so far. 

  • #39658
     Anonymous 
    Participant

    I have never seen any AV for the Iphone but according to Apple no Apple products would ever get a virus.

  • #39659
     R3B005t 
    Participant

    Android while a great device os is open sourced, the major issue here is that there is absolutely 0 quality control by google over the Android Marketplace.  This makes it extremely easy to introduce malicous software onto the device and potentially back into you environment.  That reason alone was enough for me to make the Android a no go in my environment because why give your users an advanced device then deny them the ability to utilize it to its full potential by blocking the Marketplace (which is the only way I would allow Android in the enterprise).

    In Nov. I was just awarded approval by our ISRB (information security review board) to introduce a fully functioning iPhone into the enterprise,  by leveraging 3rd party software I am able to create an encrypted isolated segment on the device that does nothing but interact with the enterprise and it prevents external access from other applications on the device.  By utilizing this method I’m able to give my users iPhones that are not restricted with policy only applying to the enterprise “container”.  I can help you out with some of the logistics and some good points of discussion that essentially help me convince the board that providing employees these powerful mobile devices while ensuring the integrity and security of our corporate data was viable let me know.

  • #39660
     AndyB67 
    Participant

    @Jamie.R wrote:

    I have never seen any AV for the Iphone but according to Apple no Apple products would ever get a virus.

    Thats not the sort of thing they should be saying really as it throws down the gauntlet – Skype issue on the Mac

  • #39661
     Anonymous 
    Participant

    I know its one apple key selling points  that no Av is needed so they say!

  • #39662
     R3B005t 
    Participant

    Thats not true at all, in fact if you search apple’s support site they strongly recommend antivirus software on their machines.  Apple has never said AV was unnecessary.

  • #39663
     cd1zz 
    Participant

    @r3b005t

    How are you handling the iTunes issue? With the iOS exploit that is now in Metasploit, we can now pull all that juicy info right from the device, as long as itunes is installed on the box.

  • #39664
     Anonymous 
    Participant

    Insert Quote
    @r3b005t

    I have heard many Reps state that one the key benefits of buying a mac is you don’t need to buy antivirus software as they don’t get viruses.

    I have just looked on Apple website and it says they do not get PC Viruses.”And you never have to worry about PC viruses” of course you don’t as PC viruses are for PCs but no where could I find them recommending me to buy anti virus. Even when I go to buy the item they offer me every other accessory with it Office,printer,iwork,final cut etc but no sign of any anti virus.

    I also found this
    http://news.bbc.co.uk/1/hi/7760344.stm

    Please don’t get me wrong I have an Apple machine and I love it. Apple products are amazing they just don’t seem to illustrate the fact that you can get a virus on a mac. I would say there is a small chance of that happening at the moment but its still possible.

    My only point was that no matter what device you decide on they all have there own security problems. Its a case of finding the right device for the company and finding a acceptable level of risk for the company.

    cd1zz What exploit is that I just fired up my metasploit and I can only see a really old iTunes buffer overflow for 4.3. Is this on the free version of meta ?

  • #39665
     R3B005t 
    Participant

    @cd1zz wrote:

    @r3b005t

    How are you handling the iTunes issue? With the iOS exploit that is now in Metasploit, we can now pull all that juicy info right from the device, as long as itunes is installed on the box.

    Simple we dont allow iTunes to be installed in the environment.  As part of our user acceptance policy for the iPhones we state that:

    1) All iOS updates must be applied within 7 days of release or we will disable access to enterprise mail.  For those users unable to update their iPhone’s in a timely manner we disable it, update it for them and then re-enable email access.

    2) The end user is responsible for backing up any content on their device, we recommend they install iTunes on a computer at home for this purpose since we A) don’t allow iTunes on any of our machines and B) My users don’t have rights to install sofware, they don’t have any elevated privilages beyond the standard user account.

    The product we are using for enterprise mail requres that A) Any backup be encrypted by defualt and B)Does not back up data contained in the app only the application itself. 

  • #39666
     cd1zz 
    Participant
  • #39667
     cd1zz 
    Participant

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?