Source: The Globe and Mail
quote: RIM needs to get back to that core corporate customer...which has been ditching them for Android or other devices. Frankly RIM needs to not worry about the general public which has never been it's audience anyway. They need to develop new benefits for the enterprise, and reestablish themselves in their traditional stronghold.
quote: The latest version of Android 4.x does include full device encryption for data protection and Address Space Layout Randomization (ASLR) for buffer overflow protection; however the fragmentation of the handset market means that Android 2.x is still the most widely deployed and provided on the majority of new handsets. Another side effect of this market fragmentation is that there is no central means of providing operating system updates. Security patches are provided to customers by individual carriers or handset manufacturers. There is an unacceptable delay in this process, meaning that many consumers remain unprotected from critical vulnerabilities for a prolonged period.Android is currently the preferred platform by cybercriminals. With clever social engineering, they convince a victim to install a “useful” application. The user willingly gives permission, and bingo— the device is compromised. Premium SMS fraud Trojans are a costly reminder of unfriendly apps, but what is worse is the data exfiltration function of some of the digital nightmares malware can copy SMS, intercept calls, remotely activate the microphone, or conduct other sinister tasks.Attackers are using Android app stores as distribution mechanisms; they promote their apps through online marketing activities, which include sending out spam messages. This is facilitated through the lack of up-front validation of apps after they are submitted to app stores and before they are made available for download. It is compounded by the third-party app store functionality inherent in the Android app model. This open ecosystem is abused by the bad guys, and this will not stop until app store providers themselves establish strict reputation checking. Advising the user to only download from a trusted source does help to mitigate some of the risk, but this also has a downside. Users tend to see the official Android Market, now called Google Play, as a trusted source, yet multiple examples of malicious code are regularly found being distributed through this official channel.
quote: IT managers should definitely consider adding Android to their set of flexible policies but should probably limit its use to the least sensitive mobile roles.
quote: LOL, two well sourced and unbiased posts get downvoted, the fanboy circlejerk here is hilarious
quote: However, the government chose to work on Android first because Google already allows people to tinker freely with its code, said those working on the project. Federal officials have met with Apple, but they were told they could not have access to the core of the company's mobile operating system, said Angelos Stavrou, an information-security director at George Mason University who is working on the government project as a contractor, in a phone interview.
quote: To build SE Android, you’ll need to download and compile the latest code from the Android Open Source Project, then applying the custom SE Android code on top of it. So what do the extra bells and whistles do? Basically every single file and folder that Android has access to can be locked down tight, with considerable encryption and put in place to protect them. Network security is enhanced on both WiFi and mobile networks, and the already considerable app permission system is enhanced with multi-level security.
quote: Currently SE Android is only intended for emulators and the Nexus S, and son’t expect much support if you intend to expand its horizons.