Competition in the smartphone arena is incredibly fierce. Apple's mobile devices seem to enjoy the kind of profitablity that others can only dream of, while Android continues to grow at a phenomenal rate, capturing a massive share of the market, from flagship handsets to the most basic entry-level smartphones. Further down the food chain, Windows Phone slowly increases its sales and grows its platform - gradually nudging it towards becoming the 'third ecosystem' - while Research In Motion goes on making questionable decisions and reporting disastrous results.
But there’s one area in which RIM continues to excel: security. A report entitled ‘Enterprise Readiness Of Consumer Mobile Platforms’ has crowned the BlackBerry 7 OS as being by far the most secure mobile operating system in broad usage. Based on the findings of extensive research carried out by software security specialists Trend Micro (PDF link), in conjunction with Bloor Research and Altimeter Group, RIM’s mobile OS was tested alongside Windows Phone 7.5 (Mango), Android 2.3 (Gingerbread) and Apple iOS 5. Each platform was subjected to testing, and rated based on numerous factors including authentication, virtualisation, wiping the device, app security and integrated OS-level security features.
With a rating of 2.89, BlackBerry 7 scored far higher than the runner-up, iOS 5, which achieved a score of 1.7. Windows Phone 7.5 followed closely behind with 1.61, but Android 2.3 languished in last place with a rating of just 1.37.
The researchers complimented the BlackBerry 7 operating system, noting that its “corporate-grade security and manageability make this platform the option of choice for the most stringent mobile roles”. Despite coming in a relatively distant second, there was also some praise for iOS 5, with the report highlighting app ‘sandboxing’ and lack of removable storage as providing decent protection for users.
The report also praised Microsoft for having “created a reasonably robust and secure smartphone operating system in Windows Phone”, also noting the app sandboxing as contributing to this. Windows Phone 7.5 wasn’t called out for any particularly egregious failures in its security, but the fact that it came third out of four platforms indicates that there is clearly room for improvement.
Android 2.3, on the other hand, did not emerge well from the report. While the researchers acknowledged that sandboxing also forms part of the OS security structure, and that users are able to grant permissions to each app individually, they also found that in practice, end-users view such permission requests as a nuisance and tend to simply authorise those requests without inspecting them properly. On the face of it, that’s the fault of the user, but the report implies that the design of the OS doesn’t adequately factor in the behaviour of the user, which ultimately exposes the device to potential security risks. It was also noted that even when users do attempt to take proper note of permissions before approving them, “it is often unclear… what the application is actually capable of.”
You may be wondering why the researchers chose to scrutinise Android 2.3 Gingerbread rather than its successor, 4.0 Ice Cream Sandwich. The report acknowledges that while ICS is available, its deployment is extremely limited, with Gingerbread remaining by far “the most widely deployed on existing and new handsets”. The report actually condemns this state of affairs, highlighting this fragmentation as “a security risk in itself; there is no central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period.”
While the report was assembled with business and enterprise security in mind, many of its findings remain equally relevant to the consumer space. But the blurring of lines between the consumer and enterprise markets has created its own security concerns, particularly as many organisations are increasingly expected to support mobile devices that were not developed first and foremost for business environments.
Trend Micro’s Chief Technology Officer, Raimund Genes, was unequivocal in noting that “every mobile device is a risk to business”, adding that “whilst some mobile platforms have evolved very noticeably along enterprise lines, there is still a strong ‘consumer marketing’ legacy in some quarters and this is negating some of the progress made on the enterprise front. Indeed, some of the attributes we have examined in the report are still firmly ‘enterprise-unready’.”
Perhaps as notable as the negativity towards Android is the clear advantage that RIM has here. Given just how far ahead its BlackBerry devices are when it comes to being ‘enterprise-ready’, and how much work its rivals evidently have to do to match its performance in secure business environments, it again calls into question why RIM chose not to focus its efforts solely on the business and enterprise space, rather than extending its struggle in the savagely competitive consumer market.