Google Android Phones in the Workplace
Ben Worthen raises good points in his post at the Wall Street Journal on why the Google phone is "A Business-Tech Nightmare Waiting to Happen." The basic gist is:
Here’s the first thing that will happen when a phone with Google’s operating system hits the market: Information-technology departments will ban employees from connecting phones that run Google’s operating system to their computers or the corporate network. The reason is that Google’s operating system is open, meaning anyone can write software for it. That includes bad guys, who will doubtlessly develop viruses and other malicious code for these phones, which unsuspecting Google phones owners will download. Employees could spread the malicious code to the rest of the company when they synch their phones to their computers or use it to check email.
I'm sure the Android platform will be a tempting target for malware writers but I'm less pessimistic about the general IT response. After all, Android should be a tempting market for anti-malware vendors, too.
For starters, the desktop anti-virus market is relatively mature. Traditional AV vendors are moving into data loss prevention, risk management, encryption, and asset management to stay viable. When Google releases the Android software next week, you can bet the AV developers will be downloading the code just as fast as the hackers.
What is less clear is how the AV vendors will make money on this. Will they go for some form of the traditional shrink-wrapped software that users will have to install? I doubt it. This is an ideal scenario for a software as a service model. If the companies can make they switch, they may find that taking a cut of the advertising revenue makes more sense.
And as for the conventional wisdom that Linux doesn't have malware, we only need to remember the first Internet worm (aka the Morris Worm) was written for Unix. There will be vulnerabilities in the platform and attackers will take advantage of them. There will also be vulnerabilities in applications. Just look at how fast OpenSocial apps were hacked. Here are some comments found in the code of the hacked application:
// TODO: no error checking - we’re bold…
// TODO: figure out why this is necessary???
Obviously, not every programmer will be as careful as Google developers when it comes to security. There will be a place for security apps on Android-based phones.
UPDATE: F-Secure weighs in with thoughts on the potential for Android malware, including:
The key issue here is whether Android will go for totally open systems or whether they will adopt a system for signing approved applications (such as Symbian).If unsigned and unknown applications written by anyone have full access to phone features, we smell trouble.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
