May 5, 2011 at 9:05 pm #6375
I need your opinions on Android vs iPhone in the enterprise. In my situation, we have to take Blackberry out, even though they still maintain the tightest control via BES. Don’t ask questions, it is what it is.
It seems that iPhone does a better job vetting apps in the appstore, but I don’t really have any solid proof. I know there was news in the last few months of a bunch of Android apps having security issues, but what is the real impact here?
I would love to hear what everyone thinks, put on all your hats here: security, admin, user.
May 5, 2011 at 9:12 pm #39652silParticipant
Researchers have already stated that the iPhone is more secure. I say, create a mobile policy from work and refrain from introducing N amount more possible entry points where N is the amount of phone users.
May 5, 2011 at 9:54 pm #39653hayabusaParticipant
My only complaint with iPhones is that AppStore isn’t perfect, either, based heavily on those who write their apps. For instance, on my wife’s iPhone, the latest Facebook app she pulled from updates clearly says, after installing, that it’s an ’employee only’ build. It crashes her whole phone frequently, when she uses it, and uninstall / reinstall brings back the same ‘busted’ / ’employee only’ build… Facebook has yet to respond to me with a fix.
May 5, 2011 at 10:06 pm #39654
I understand limiting exposure by only allowing folks with a business reason to have phones. That I totally agree with.
My problem with iPhone is that now there is another 3rd party app that you have to introduce to the environment (Itunes) and now you have to worry about patching another 3rd party product.
With Android you get some notification of what an app will do after you install it, however I know that no regular user is every thwarted by that information.
So here we are again, back to the point where its almost even in my mind. And at the point where you might earn some points with users giving them an option….. please tell me I’m crazy and please shoot me down. I want more of your opinions….
May 6, 2011 at 1:38 pm #39655yatzParticipant
We’re going through this too, which I’m sure is not at all uncommon. Biggest problem we seem to have right now is having to link iTunes to a credit card since very few employees have company issued credit cards.
There was an announcement from RIM recently about a product that works with BES to administer/control iPhone and Android devices in the same way BES does with BlackBerry devices. No release date yet though.
May 6, 2011 at 2:53 pm #39656
When I was InfoSec Europe a week or so ago they had live demo of setting up a Access point. They changed the name to BTopenZone what is a free wireless network in the UK. and sat back and watched how many people used this network. They also said I don’t know how true this is but most Iphone will try connect to a BTOpenZone by default.
I have a Iphone and I am happy with it but they do have there security problems like any device.
As long as there was a good protocol for employes to follow then I think they would be fine.
Like don’t connect to free wireless or even better disable wifi and use 3gs.
Just my 2 pence
May 6, 2011 at 7:42 pm #39657AndyB67Participant
Not having an i-phone myself (am an android man) I’d ask what security/av software is available for the i-phone?
I know a few of the mainstream AV houses have produced stuff for android and the stuff on my phone has picked up one rogue app so far.
May 6, 2011 at 8:34 pm #39658
I have never seen any AV for the Iphone but according to Apple no Apple products would ever get a virus.
May 7, 2011 at 7:09 pm #39659
Android while a great device os is open sourced, the major issue here is that there is absolutely 0 quality control by google over the Android Marketplace. This makes it extremely easy to introduce malicous software onto the device and potentially back into you environment. That reason alone was enough for me to make the Android a no go in my environment because why give your users an advanced device then deny them the ability to utilize it to its full potential by blocking the Marketplace (which is the only way I would allow Android in the enterprise).
In Nov. I was just awarded approval by our ISRB (information security review board) to introduce a fully functioning iPhone into the enterprise, by leveraging 3rd party software I am able to create an encrypted isolated segment on the device that does nothing but interact with the enterprise and it prevents external access from other applications on the device. By utilizing this method I’m able to give my users iPhones that are not restricted with policy only applying to the enterprise “container”. I can help you out with some of the logistics and some good points of discussion that essentially help me convince the board that providing employees these powerful mobile devices while ensuring the integrity and security of our corporate data was viable let me know.
May 7, 2011 at 7:34 pm #39660
May 7, 2011 at 8:02 pm #39661
I know its one apple key selling points that no Av is needed so they say!
May 8, 2011 at 1:44 am #39662
Thats not true at all, in fact if you search apple’s support site they strongly recommend antivirus software on their machines. Apple has never said AV was unnecessary.
May 8, 2011 at 2:00 am #39663
May 8, 2011 at 3:51 pm #39664
I have heard many Reps state that one the key benefits of buying a mac is you don’t need to buy antivirus software as they don’t get viruses.
I have just looked on Apple website and it says they do not get PC Viruses.”And you never have to worry about PC viruses” of course you don’t as PC viruses are for PCs but no where could I find them recommending me to buy anti virus. Even when I go to buy the item they offer me every other accessory with it Office,printer,iwork,final cut etc but no sign of any anti virus.
I also found this
Please don’t get me wrong I have an Apple machine and I love it. Apple products are amazing they just don’t seem to illustrate the fact that you can get a virus on a mac. I would say there is a small chance of that happening at the moment but its still possible.
My only point was that no matter what device you decide on they all have there own security problems. Its a case of finding the right device for the company and finding a acceptable level of risk for the company.
cd1zz What exploit is that I just fired up my metasploit and I can only see a really old iTunes buffer overflow for 4.3. Is this on the free version of meta ?
May 9, 2011 at 1:02 pm #39665
How are you handling the iTunes issue? With the iOS exploit that is now in Metasploit, we can now pull all that juicy info right from the device, as long as itunes is installed on the box.
Simple we dont allow iTunes to be installed in the environment. As part of our user acceptance policy for the iPhones we state that:
1) All iOS updates must be applied within 7 days of release or we will disable access to enterprise mail. For those users unable to update their iPhone’s in a timely manner we disable it, update it for them and then re-enable email access.
2) The end user is responsible for backing up any content on their device, we recommend they install iTunes on a computer at home for this purpose since we A) don’t allow iTunes on any of our machines and B) My users don’t have rights to install sofware, they don’t have any elevated privilages beyond the standard user account.
The product we are using for enterprise mail requres that A) Any backup be encrypted by defualt and B)Does not back up data contained in the app only the application itself.
June 29, 2011 at 2:54 am #39666
Topical and interesting:
July 15, 2011 at 9:10 pm #39667
And another solid addition to this topic:
- You must be logged in to reply to this topic.