Ask Slashdot: Equipping a Company With Secure Android Phones?

An anonymous reader writes "I'm in charge of getting some phones for my company to give to our mobile reps. Security is a major consideration for us, so I'm looking for the most secure off-the-shelf solution for this. I'd like to encrypt all data on the phone and use encryption for texting and phone calls. There are a number of apps in the android market that claim to do this, but how can I trust them? For example, I tested one, but it requires a lot of permissions such as internet access; how do I know it is not actually some kind of backdoor? I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us. I was thinking of maybe installing Cyanogenmod onto something, using a permissions management app to try and lock down some backdoors and searching out a trustworthy text and phone encryption app. Any good ideas out there?"

Re:Cell phone calls are already encrypted

And blackberry messenger is too.

To clarify on the blackberry messenger encryption: It's encrypted by default with a global key (hardly useful) but pin to pin communications can be encrypted using an organizational key, if you subscribe to a S/MIME package.

Dear slashdot

I'd like to know how to configure a kludge of shit (using all FOSS, of course) for my enterprise environment. I want everything under the sun plus the kitchen sink.

Also, I'm going to be paranoid and reject anything you propose. After all, I can't be sure that anything I buy doesn't have a backdoor that the government or extra terrestrials could use to snoop on the uber secrets at my company.

Apple

[wood_dude]

Yes, use an iPhone ! Let the flames begin...

Re:Apple

As much as I absolutely HATE to say this, you're absolutely right.

Blackberries suck, Android's security is left to the manufacturer (so it usually doesn't get done right), Windows Phone 7(.5) is still not ready for the Enterprise, Symbian is dead, so are Meego and Maemo...

iPhones are locked down, have enterprise support tools, come encrypted by default. Unless you're willing to inflict Blackberries on your users, AND pay for the BES, AND pay the per-handset CAL, iPhones are your best bet.

Re:Apple

The cluelessness of your post is why I'm hoping you're not in a position to set hardware standards in the enterprise.

I'll take the curated iOS "controlled" app store over the wild-west install-from-anywhere wild-west Android alternative any day.

The reason(s) that the enterprise prefers iOS (or *gasp* RIM) over Android is precisely the reason the tech-saavy iHaters lambast them for.

Until Android is able to completely lock down a phone and give the administrators full rights to manage what gets put on it, Android will always be the LAST choice - if any choice.

Re:Apple

Yes, I do.

Do you have any clue about what I'm talking about? Apparently not.

And yes, Encryption EXISTS, and is SUPPORTED, but is not always actually on. For that, it requires manufacturer support (I think this may have changed in ICS). And, a lot of phones you can buy right now come with... GINGERBREAD! Which can be encrypted, but it's solely left to the manufacturer.

Blackberry?

[twnth]

Why android? is there an app you need or something? or is it a latest bling thing?

Because Blackberry does the encrypted thing, and if you buy BES you can also set device policies and centrally administer the devices (remote wipe for example).

Re:Blackberry?

[BagOBones]

Because starting from scratch on RIMs BB right now could be suicide...

- New OS devices coming in the fall with a new untested management platform
- Over stock of current gen devices they can't sell ( way under powered compared to WP, Android, iOS)
- Bleeding management
- Laying off huge amounts of staff.

Re:Blackberry?

[jeffmeden]

As can Exchange through Active Sync (on Android or iOS). Don't invest in a company that is posting a billion in hardware losses this year.

A billion in hardware losses for them is a billion in hardware GAINS for the consumer! Besides, you totally missed the point. With the BB platform, you can both encrypt all communication (instant messaging and email) as well as lock out any unencrypted communication (SMS and third party email) so your phones are as secure as anything else in your enterprise (as long as the users keep their passwords safe).

Re:Blackberry?

[b0bby]

But if you're running BES (or the free Professional if you're small), everything is encrypted end to end with your own key. That's why they are so secure; 3rd parties don't have access to your data. In India & Saudi Arabia the government has put taps on the telco provided BES, but they still can't tap your private BES communications if your server is outside.

Re:Blackberry?

[gstoddart]

A billion in hardware losses for them is a billion in hardware GAINS for the consumer!

What are you talking about?

That billion dollars is in unsold hardware. Nobody wants. Nobody is buying it. It is sitting around gathering dust and occupying space.

There were no 'gains' for the consumer. There's just boxes and boxes of phones nobody purchased.

Besides, you totally missed the point. With the BB platform, you can both encrypt all communication

I think the point you're missing is that if everybody is looking at RIM like it is about to tank or get sold, nobody wants to be the guy in the meeting saying "Hey, we should go with Blackberry".

You describe the historical reasons why people went with Blackberry/BES solutions. But in the current context, people don't necessarily believe they are a long-term viable option.

When you're hiring investment bankers to help you figure out how to split, sell, fold, spindle, or mutilate it tends to undermine customer confidence. I'm betting a lot of organizations wouldn't look at setting up a new BES right now.

Re:Blackberry?

[narcc]

Even cooler, with BlackBerry Balance, you can seamlessly separate work and personal use on the device. No worries about copying corporate data to personal accounts.

Add to that the above-par remote management features and it's not even a choice -- there is only one enterprise-ready mobile platform.

Re:Blackberry?

[NemosomeN]

A billion dollar write down means BB anticipates selling the devices for a billion dollars less. This is where future consumers gain. (unless the billion represents devices that will be discarded)

Re:Blackberry?

[acoustix]

And it all passes through the single point of failure that is RIM's server farm before reaching the client, and what could be more secure than an email that is never delivered, right?

The BES "single point of failure" is often over hyped. Most people that I personally know that complain about this single point of failure are also running a single mail server, single core switch, single Internet router, single ISP, etc. There are many single points of failure.

Don't get me wrong, you should always try to limit the number of single points of failure.

And to point out RIM's excellent uptime I will point out that RIM has had fewer hours of downtime in the last 10 years than Apple's iCloud service in the last 18 months.

Good for Enterprise

[jmarka]

Timothy, You should take a look at Good for Enterprise www.good.com Best, jmarka

Re:Good for Enterprise

[Bogtha]

One of my clients attempted to use Good for secure email on iOS last year. They were entirely unresponsive to even the slightest technical queries and their stuff was incompatible with other apps. Also, parent comment sounds like spam.

Re:Good for Enterprise

[narcc]

Good can't do half of what RIM's management software can do. Their new Fusion software can also manage other platforms in addition to BlackBerries -- including iOS and Android. Good is okay, but it doesn't compare to RIM's best-in-class tools.

Re:Good for Enterprise

[SomePgmr]

I spent years managing Good on our mobiles and mail servers. It really was a miserable experience.

I'd probably do it again before switching to blackberries, though. I think they've changed ownership once or twice since I was using it.

RIM/Blackberry

[alphax45]

You basically described the RIM/Blackberry use case; why not use them? The Bold 9900 is actually a nice phone.

Re:RIM/Blackberry

[X0563511]

Stock price or price-per-share does not indicate nor does it necessarily correlate with the health of a company.

Investing 101, man. Come on.

Sounds like a job for...

[a90Tj2P7]

... Blackberry. Aside from encrypting phone calls themselves, everything you're asking to do is something even a basic Curve will do out of the box - encrypting the phone storage and SD card, requiring a password to install apps. And that's without using any enterprise tools to manage the devices and security policies across the board, remotely.

Rock, meet hard place.

Pretty much sounds like you need a blackberry. Only they offer what you describe.
Trouble is, blackberry phones are crap, BES is crap, the blackberry network is crap, and the blackberry company (RIM) is circling the drain.

Turns out the infrastructure you need for your idea of a "secure" phone is more trouble than it's worth. Most companies have come to the realization that security is in fact a social and policy issue and much less a technological one. Just get good quality bog standard smart phones and create a policy that minimizes risk.

That said, iphones are officially supported activesync devices and will respect activesync security policies set by an exchange server. You can remote wipe them. (Funny thing - Winphone7's activesync support is provisional and not recommended for an enterprise environment - Microsoft's words!)

Unless you're a phone manufacturer...

[idontgno]

there's nothing you can do to a phone that a savvy user can't also do (or undo).

And if you are a phone manufacturer, (A) it's easy to more-or-less do what you're saying, and (B) there will still be people to can find work-arounds to break out of the lockdown.

The only reason I mention this is that Android has an energetic modding community, in spite of platform security built into some of these. (Locked bootloaders, S-ON partitions, etc.)

Just using your "for example" as an example... if you can put flash Cyanogenmod onto the phone, your users can flash a completely different ROM and defeat a lot of the things you want to do. The tools you would use are available to anyone, and if you try to deny your users root (for instance), there are plenty of root exploits available to break that jail.

In general, I think smartphones are too much general-purpose computers to really secure in the static way you're thinking about.

As to the (perhaps more weighty) matters like all-storage encryption, I have never seen a good answer. Anything you could install as an app would probably be too shallow (i.e., not effective before booting). In fact, I don't know if the standard Android Linux kernels are amenable to that; you'd need a custom bootloader or 2nd stage, and I haven't seen those specifically tailored for storage decryption.

I dunno. Sounds like you have a challenge ahead of you.

Too expensive?

[hawguy]

I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us

If a secure, off the shelf phone is too expensive for you, you probably don't have the resources to build a secure phone yourself. Even the experts have trouble getting security right, an amateur will unknowingly leave big gaping holes.

That said, Android ICS will do full filesystem encryption, make sure you use a secure passphrase and not a 4 digit PIN. Use SSL to talk to your email server to keep that traffic from being snooped. Don't use SMS's.

Do you really need to encrypt your phone calls? Stick with a CDMA provider (supposedly it's trivial to hack GSM, but I believe CDMA is still relatively safe) and your calls are safe from all but the most determined (and well funded) eavesdropper. Unless you're worried about the US Government doing the eavesdropping, they'll just tap the call on the Telco side, so you need end-to-end encryption to protect against that.

Skype reportedly encrypts skype-to-skype calls.

But really, unless you're doing top-secret government work, your phone is the least of your worries. If the information is valuable, it's much easier to pay an employee to leak it than to steal your phone and hope to find the data stored on the phone. And if you are doing top-secret government work, a home-brew solution isn't going to meet the federal standards you'll be required to meet.

Re:Too expensive?

[oldbamboo]

Just to add, majority of phones can be tricked into dropping down to GSM from 3G. All phones (bar the BB) should be treated as untrusted devices. Tunnel everything, encrypt everything, store nothing and you're part way there :-)

Why Android?

[scream+at+the+sky]

Just a question, but why Android?

If you indeed NEED the security (I do for work, which is why I have a BlackBerry) why not just go the tried and true route of BlackBerry? Security is built in, everything except SMS (to my knowledge) can be encrypted, and you don't have to worry about updates from a 3rd party firmware (CM) breaking your apps or security model.

Other things I LOVE about my BlackBerry...

• Every key is a speed dial, I have about 20 of them mapped to the people I call the most. Very intuitive.
• The keyboard is wonderful of hammering out mid to long emails. Swype helps, but I still find the keyboard faster.
• Kick Ass Speaker Phone.
• Full day battery life. Don't underestimate this.
• It's easier to decipher who an email comes from, as it uses the same display info as my phone book does. On anything that uses active sync, my email is addressed in the same format as the Exchange server, which means every shows in my list as come from "Lastname, Firstname (EMPLOYEE#)" On my Berry, is shows as "Dad" or "Jeff (Regional)" instead. This is invaluable, as I can name people in my phone book in regards to my relationship with them, and I don't have to go digging through the exchange directory to find out what a persons job title is if I only correspond with them twice a year, and have forgotten who they are."
• You can encrypt the device, as well as any memory cards.

This is a sincere question. I carry two devices (BB 9900 for work, and a CM9 rom'd SGS2 for my personal phone) and I personally cannot stand the exchange email client on Android, it just seems slow and clunky, and CM9 helped a little bit, but not much. Use the right tool for the job, instead of trying to shoehorn a tool into the job you want it to do.

Weak spec: Secure from what while doing what?

[Fubari]

You spec could honestly be stronger.
What threats do you want to secure against? What scenarios do you want to avoid? Do you want to ensure against virus protection? Lost devices? (e.g. oh noes! our client list is on wikileaks!) Locking down data?
For bonus points, what are the top three things your "reps" need to do?
Just make calls? Or do texting? Or access web mail? Or...?
And how many "reps" are there today? How many will there be next year?
And what is your logistics model? Everybody at the same physical workplace? Distributed "virtual" office? Different countries? Different languages?
Does your phone need to integrate with any of your workflow software?

Try writing up five or six hundred words on the above to enhance your question - I'm sure you'll get some useful advice if you do that.

MobileIron

[gregthebunny]

I'm surprised I'm the only one suggesting this: Android Management

Phone calls are already encrypted. Text messages stored on the phone will be encrypted if the phone's system storage is also encrypted. Data traffic can be encrypted by forcing the use of VPN back to the company's local network (and as such, web filtering, etc. also applied).

BB

[Corson]

There is a... um, little known company, don't know if you ever heard of it, called Research in Motion, that has been making security on their smartphones their main priority SINCE 1999.

Re:BB

[PeanutButterBreath]

They have ... umm... a little problem... um... no one likes their shitty products and they are bleeding money. . .

And yet there are no better products that offer equivalent features. Perhaps their troubles are related to the fact while people want security, its not so easy to deliver it along with the other features that end-users demand.

Re:we have one

[X0563511]

Seems legit.

Re:good luck

[X0563511]

Blame the security "roles" not the app developers.

Want your app to detect if you're on a call, so it doesn't blow your eardrum out with an alert tone?

Well, then you need "Access to Phone State / Identity" ... just for an example.

Re:Android isn't the platform for this

[narcc]

I'm not worried about RIM going under. They've been supposedly dying for years, but they just now posted their first quarterly loss. (Even with non-competitive handsets, they were still profitable. The 9900 is amazing, but you get my meaning.) Their customer base is growing and they've got plenty of cash on hand. They've got a fantastic suite of new development tools, best-in-class new remote management software, business friendly features like Balance, and a new operating system that is, by any metric, a cut above the rest Their app library is also growing like crazy and they're doing a fantastic job of recruiting new developers with a fantastic and varied suite of development tools. The handsets out this fall running their new OS look to be exceptionally high-end, with a brilliant UI.

RIM is hardly dying. They're a popular whipping-boy, but there are other companies doing far worse than RIM that don't get the same media bashing. When is the last time you heard that Sony is dying? They're worse off than RIM, and don't appear to have a strategy moving forward.

RIM is in no danger of "going under any day". That's been the line everyone's been chanting for the past year or so, sure, but that whole time their customer base was growing at an alarming rate and they were posting profits every quarter.

Blackberry is the right choice

[juniorkindergarten]

The combination of Blackberry and BES is the correct choice if you want a secure enterprise solution. With a BES server you have complete control over the phones. Policies allow logging of everything that the phone does, including if you want all incoming and outgoing text messages, push and pull apps and calling restrictions.
The difference between consumer and enterprise blackberry is that the BES server has a secure key that you create and is unknown to blackberry, bis is controlled by blackberry and is snoopable by governments.
I've found that the battery life is better on a blackberry, but the browser isnt the greatest, but has improved in the newest models. Another thing to keep in mind is the battery is field swappable, so if the battery wears out, YOU can switch it out, or carry a spare.
Blackberry made the mistake of getting into consumer phones, but for enterprise situations, blackberry is the best way to go.

Re:we have one

[CuriousGeorge113]

I'm sure it's legit. And secure. Legitimately & securely transmits your info to China....

Re:Cell phone calls are already encrypted

To clarify on the blackberry messenger encryption: It's encrypted by default with a global key (hardly useful) but pin to pin communications can be encrypted using an organizational key, if you subscribe to a S/MIME package.

Not quite. Blackberry messenger by default does use a global key (and the key is known by many in the security community), but blackberry messenger is also encrypted with 3DES, which is a bit weak. With a million dollars of computers, 3DES can be brute-forced reasonably quickly.

By comparison, blackberry email is encrypted with AES.

If your company has a blackberry enterprise server, you can set your own key for blackberry messenger, you don't need the S/MIME package (fyi, S/MIME is free).

You are correct that pin to pin communications can be encrypted using S/MIME.

You can also get a PGP module for blackberry, but you have to pay for that.

Android + BlackBerry Universal Device Service?

Your use case and focus on security really suggests that BlackBerry would be the best bet, but if you are focused on finding a way to securely deploy Android devices, but still maintain some security, take a look at the BlackBerry Universal Device Service product as an MDM solution:

Feature Checklist: http://ca.blackberry.com/content/dam/blackBerry/pdf/brochure/northAmerica/english/BlackBerryMobileFusion,UniversalDeviceServiceFeatureChecklist-1.pdf

Details: http://us.blackberry.com/business/software/mobilefusion/

Docs: http://docs.blackberry.com/en/admin/subcategories/?userType=2&category=Universal+Device+Service

BlackBerry Mobile Fusion Client for Android: https://play.google.com/store/apps/details?id=com.rim.mobilefusion.client&hl=en

You can deploy policies to enforce media card encryption, not sure about the call/SMS logs or encrypting the rest of the file system. That's probably something that would have to be baked into the OS - if you have to do it via a mod or rooting the device, you potentially open yourself up to more vulnerabilities.

The UDS product can detect if a device is jailbroken or rooted, and you can set rules to lock out access to internal resources. You can also do remote device lock/wipe, so that gets you halfway there.

Don't Root it

[CapitalOrange]

Virtually all the malware (and there is some drive by stuff happening) attacks people with rooted phones, so installing even a secure "ROM" is probably the worst thing you can do for security. By looking for software that has gone through the common criteria (assuming that still exists or another similar certification process) you will have some reassurances that it was designed in a secure manner. I would also look for something using other government standards, like FIPS 140-2.

Re:Cell phone calls are already encrypted

[DJRumpy]

You should check out GOOD for mobile devices. It will create an encrypted sandbox for any corporate data/applications and works on a variety of phones. It also comes with some decent enterprise tools. The drawback is it requires changes to some 'user' plans and that creates headaches if you allow personal devices on corporate networks.

Impossible

[koan]

Without full disclosure on the OS, the source, and hardware you can't guarantee its secure.

I am guessing here, but it seems to me cell phones are designed from the ground up to be insecure.