Android has overtaken the BlackBerry in the mobile-phone sweepstakes, but Google must fix security and device management before taking up residence in government.
The latest numbers in the smart-phone wars are in, and they have telling consequences for how government employees are going to interact with each other — along with agency managers and even the public — in the near future.
In a report released March 8, the research firm comScore said total market share of Android smart phones, powered by Google’s mobile operating system, had surpassed market share for Research in Motion’s BlackBerry by a clear margin.
Between October 2010 and February 2011, comScore reported, BlackBerry lost 5 percentage points in the overall smart-phone market, from 35.8 percent to 30.4 percent. Meanwhile, Android gained almost eight percentage points — from 23.5 percent to 31.2 percent.
If you are a federal employee and wonder why you should care about a few decimal points of market share, it’s because the shift marks the emergence of a technology that's likely to be a standard-setter for social and professional communication in government for years.
It’s a pattern that has played out many times before.
Consumers go wild over a product, and it penetrates the commercial enterprise, up through the CEO’s office. When government employees begin to use it for quasiprofessional purposes, agency management sanctions limited uses, acceptable use policies are eventually written, and the technology becomes firmly implanted in the workforce.
It happened with the BlackBerry, it happened with Facebook, it happened with Twitter — all of which became commonly used public sector technologies.
Even so, although Android is rising, it has a long way to go before it consolidates that position. So far, no federal agency has officially supported the popular phone. But that is changing, say program managers and market analysts. It might not happen immediately, but Android will eventually permeate the government community, they say.
The current obstacles for Android are the traditional ones for emerging technologies: the lack of strong security and enterprise device management. Although RIM manages both well, Android does not. It was no coincidence therefore that one of the first major smart-phone malware exploits hit the Android ecosystem first.
Early in March, a batch of 58 applications were found to contain malware, named DroidDream, designed to take over a smart phone and create a mobile botnet. When downloaded, the DroidDream exploit — known as “rageagainstthecage” — would gain access to the Android kernel and take control of phone permissions. It would then download a task manager application that would make both programs impossible to remove.
DroidDream was caught in its larval stages. At first, it only had the ability to read device-specific information — the PhoneID and UserID, for example But it had the potential to download new code from its command server and add functions capable of identity and financial theft.
Google erased the offending apps from the Android Market and was able to remove the software from individual devices remotely. But vulnerability to such attacks is a big concern to government managers, who face serious consequences for leaks and data breaches. Although it's been a problem in the PC world for a decade, it is just rearing its head in the mobile-phone universe as smart phones become richer targets.
“We can't take what we do with a PC and just slap it on a phone. It just doesn't work,” said Joe Pasqua, vice president of research at Symantec Research Labs. “The Android world is like the Wild West. It is kind of the way PCs were. Anybody can write an Android app, and anybody can publish it.”
Even so, the computer security industry sees mobile as its next big opportunity. “There are a lot of companies out there that are basically trying to build a [BlackBerry Enterprise Server] for Android,” said Jack Gold, founder of J.Gold Associates, a Massachusetts consulting firm, referring to RIM’s widely used messaging management system.
“MobileIron, Zenprise, Sybase Afaria, BoxTone, there are probably a dozen of them out there,” he said. “Most of these companies until a couple of years ago were, and I am exaggerating, two guys in a garage and people weren't taking them seriously.”
When the iPhone came out in 2007, the market suddenly turned, Gold noted. Four years later, mobile security has become a land rush. “Clearly device management, provisioning, deployment, support is a big deal, and it is hard to do with a large organization,” Gold said. “Apple doesn't make it easy for you without the third-party tools and neither does Android. So everyone is looking at this and saying, 'aha! Lets go out and make some money here.' ”
Three major partnerships now seek to dominate the arena: Motorola and 3LM, a start-up focused on enterprise solutions acquired by Motorola in February; IBM and Juniper; and a partnership of Cisco, Sybase and Samsung. These are companies with enough clout to turn heads and offer managed services to government IT departments wanting to ease Android integration.
“Enterprises are very, very deeply looking at how do I connect securely into the bring-your-own smart-phone [market] and have e-mail and potentially back-end systems compromising data and security for the enterprise,” said Pete DeNagy, an independent industry analyst and former head of enterprise mobility strategy at Samsung.
Android at NASA
Managed services and network security are what put such partnerships above the rest, as federal agencies seek companies that can provide them. Yet the Android security market is still in its infancy, and there are so many players with so few concrete solutions that agencies are taking a wait-and-see approach, agency IT managers say.
“We are looking at a number of products right now for mobile device management, but nothing is screaming at us as a clear choice right now,” said Tony Facca, program manager of emerging technology and desktop standards at NASA.
NASA does not officially support Android. There are some employees who use their personal Androids to access e-mail and NASA services, and the agency has not moved to stop that practice. Yet BlackBerry’s hold on NASA is slipping as iPhones layered with security from Good Technology have become equal to — and might have surpassed — BlackBerrys as the most-used mobile phone in the agency.
“The iPhones which we do permit in the environment are very quickly eroding the lead that BlackBerry had,” Facca said. “If we are not even in number of BlackBerrys and number of iPhones, we are getting really close to that.”
The space agency has also been working with Motorola on Android solutions, having tested the Droid Pro and Droid Global smart phones. It is an ongoing process as Android security options mature.
Device management is where RIM, the current federal market incumbent, stands out. Although it has fallen behind Android and Apple in total market share, it remains the dominant federal mobile-phone player because Apple and Google currently lack the enterprise messaging and security management the government requires.
Moreover, BlackBerrys have native encryption, a feature that Android’s manufacturers, such as Motorola, Samsung and HTC, would need to implement at the kernel level. That is a much easier maneuver for Apple and BlackBerry, as each company is vertically integrated and more difficult for Android manufacturers that license the operating system from Google.
With such advantages, RIM will be difficult to dislodge in the government market. “BlackBerry is still the de facto standard for security and manageability against anybody. I think BlackBerry does not get kicked out of government that quickly,” Gold said.
Meanwhile, Android is not likely to take the lead firmly in the private or public sectors until its manufacturers and software developers close holes in the platform. “I think that is what we really need to see,” NASA’s Facca said.
“We need to see some of the third parties really stepping up and being able to provide the tools that aren't there natively.”
NEXT STORY: Who's working on Android security defenses?