Android Phones Get Dual Accounts

holy_calamity writes "AT&T is adopting technology that gives a person with an Android device two user profiles, enabling company email and other data to reside in an encrypted partition separate from a user's apps, games and unfettered web browsing. AT&T is calling the feature Toggle, and plans to release it later this year. Toggle is a regular app that, once installed, creates its own encrypted desktop under the control of company IT bosses. Toggle is a rebranding of an app developed by startup Enterproid, which continues to develop its own version. AT&T think this move will encourage smartphone adoption in the enterprise. Interestingly, Apple's current version of iOS and app guidelines exclude multiple profiles on one device."

Why is stuff like this considered "innovative"?

Smart phones today are, in terms of performance and architecture, not that much different from a notebook computer of a few years ago. Why are people surprised when smart phones today can do stuff that normal PCs could do decades ago, even when these PCs were a small fraction of the power and capability of today's smart phones? Why do so many people mistakenly consider stuff like this to be "innovation", when rather it's just a case of not intentionally limiting the device's capabilities?

Tagging

[SimonTheSoundMan]

Why is this tagged as "Apple", "iPhone" and 'iOS"?

Re:Tagging

[realityimpaired]

Because TFS mentions them in the last paragraph, and some folks only read the first and last sentence of a paragraph and make up the middle, not realizing that this story has nothing to do with the iPhone beyond mentionning that such a service would be against Apple's TOS.

A long time ago...

[AYeomans]

... in a decade far, far away we used to use multi-user operating systems. Which used to keep one user's data private from another - unless they explicitly wished to share. They also let the sysadmin install software packages for everyone to use, or each user could run their own local programs - which could not access other user's data.

Sounds familiar? So why propose a "solution" that only gives application-layer (rather than OS-layer) protection between users? That only protects properly one (corporate) user - isn't my personal data of at least equal value? That can't easily be extended to several users (think "e-banking user" which shares no data at all with "games user")? And there's no inherent reason why the different user programs can't share the same display screen either, with different passwords and screen lock timeouts - so you don't need a password to run Angry Birds, but do to unlock your contacts.

Re:A long time ago...

[trampel]

Android already uses different Unix user IDs ("accounts" if you will) to isolate different applications from each other. This gives you better protection than a desktop operation system, because applications running on the same screen are more isolated from each other.

I'm pretty certain every app under this Toggle scheme will also run in its own context.

Re:I see new company policies coming.

[jhoegl]

Well, this app is a good move in the right direction. I tested my Android against the Exchange 2k7 ability to remotely wipe emails from a phone and it wiped my whole phone.

Hopefully this fixes that.

Re:I see new company policies coming.

[gfxguy]

That's the policy at my company... if you want the VPN software required to access email through a regular email client, you have to sign a waiver agreeing to give them the ability to wipe your entire phone. I said "no thanks, I'll just keep using OWA when I want to check, even though it sucks."

RIM is in Danger

[chill]

This idea was discussed in a meeting with the various CxOs yesterday, where I work. While the recent Blackberry outage brought this to everyone's attention, the big kicker is people don't like carrying two phones.

In government, really only RIM has gone thru FIPS compliance testing and that is one of the big reasons they are so popular. Our CIO brought up that Apple has been taking the iPhone thru FIPS compliance testing and he was looking forward to being able to get an iPhone instead of the Blackberry.

That is until I pointed out the only way it'll pass compliance is if the iTunes Store is disabled and you can't load any apps on the phone. Did he want an iPhone with only the default Apple apps? "Uh, no." was the answer. And neither will anyone else.

Being able to have one phone is the key. This could be an interesting step in that direction.

Re:RIM is in Danger

[hawkbat05]

Apparently everyone missed that RIM is already doing this: http://us.blackberry.com/apps-software/business/server/full/balance.jsp They're taking a bit of a beating right now but I have to say, if I want to actually type quickly and accurately I won't be using my Android, I'd rather do it on a BB. I can type about twice as fast when there's a real, well designed, keyboard.

Re:RIM is in Danger

[hawkbat05]

There are actually plenty more hurdles. For example S/MIME support, which BB has supported for years has just been included in iOS 5, as far as I know there's no good solution for it on Android. How about support SmartCards like DoD CAC? Currently an adapter seems to be required for the iPhone (besides the reader itself). Don't forget about FIPS 140-2 (which is only in progress on iOS4), CAPS, CC and the various international governments and NATO certifications. These are all time consuming to achieve and maintain. Android and iPhone still have a long way to go before they can actually challenge BB security. I'd also like to add that I've never heard of anyone rooting/jailbreaking a BlackBerry. I know it gets less attention for that kind of thing since users aren't locked into AppWorld but I'm sure it's been attempted.

I don't get this

[Leebert]

Maybe I'm misunderstanding, but if you compromise the phone, don't you also compromise the app? This is like some of the "solutions" I've seen from people that want to use their home computers to connect to sensitive enterprise resources (e.g., VPN). "Oh, why don't we distribute organization-approved VM images to the people to run on their home desktops?"

I mean, if you can't trust the host, you sure as heck can't trust the guest. And the encryption is just a feel good red herring that doesn't really solve that problem.

How about Dual SIM?

[anti-pop-frustration]

How about a phone that can use two SIM cards at the same time? So we can actually make carriers compete against each other. This is a feature that Android is sorely lacking.

What, carriers don't want any features that might actually empowers their consumers or helps them get away from the "subsidized" (aka bought on credit) phone handset scam? Not to mention, having multiple plans or prepaid SIM cards is also a great way to dramatically cut international roaming costs.

Remember the technologically advanced 90s? Phones used to have that feature back then.

Re:How about Dual SIM?

[bmoore]

Android DOES support dual-SIM phones, so don't place the blame there. Just Google it, you'll find Android-based dual-SIM phones. Just not sold by AT&T, or TMobile.

I'm not sure why AT&T doesn't carry any, and maybe they soon will, now that they're using Enterproid. There's no reason to say that your two SIM cards won't both be locked to AT&T. You pay for two plans, but only carry one phone. Seems like a win for them.

Now Dual Networks

[Doc+Ruby]

What we really need is the 3G/4G/++ telco cartel broken so that my phone can have accounts on two networks simultaneously, so I'm not locked into a single failurepoint - that frequently fails. Just like LANs to the Internet, which can have dual WANs without prohibitive subscription rates.

In fact a second WWAN connection that's rarely used could cost more per bandwidth than the primary WWAN, so the telcos would each make a fatter profit off the "insurance" second WWAN.

So it's obvious that the telcos care more about their cartel and its power to do whatever it wants without consequences (universal warrantless wiretapping, anyone?) rather than actual increased profit and improved service for their customers.