Android security criticised, as BlackBerry 7 rated most secure mobile OS

Competition in the smartphone arena is incredibly fierce. Apple's mobile devices seem to enjoy the kind of profitablity that others can only dream of, while Android continues to grow at a phenomenal rate, capturing a massive share of the market, from flagship handsets to the most basic entry-level smartphones. Further down the food chain, Windows Phone slowly increases its sales and grows its platform - gradually nudging it towards becoming the 'third ecosystem' - while Research In Motion goes on making questionable decisions and reporting disastrous results.

But there’s one area in which RIM continues to excel: security. A report entitled ‘Enterprise Readiness Of Consumer Mobile Platforms’ has crowned the BlackBerry 7 OS as being by far the most secure mobile operating system in broad usage. Based on the findings of extensive research carried out by software security specialists Trend Micro (PDF link), in conjunction with Bloor Research and Altimeter Group, RIM’s mobile OS was tested alongside Windows Phone 7.5 (Mango), Android 2.3 (Gingerbread) and Apple iOS 5. Each platform was subjected to testing, and rated based on numerous factors including authentication, virtualisation, wiping the device, app security and integrated OS-level security features.

With a rating of 2.89, BlackBerry 7 scored far higher than the runner-up, iOS 5, which achieved a score of 1.7. Windows Phone 7.5 followed closely behind with 1.61, but Android 2.3 languished in last place with a rating of just 1.37.

The researchers complimented the BlackBerry 7 operating system, noting that its “corporate-grade security and manageability make this platform the option of choice for the most stringent mobile roles”. Despite coming in a relatively distant second, there was also some praise for iOS 5, with the report highlighting app ‘sandboxing’ and lack of removable storage as providing decent protection for users.

The report also praised Microsoft for having “created a reasonably robust and secure smartphone operating system in Windows Phone”, also noting the app sandboxing as contributing to this. Windows Phone 7.5 wasn’t called out for any particularly egregious failures in its security, but the fact that it came third out of four platforms indicates that there is clearly room for improvement.

Android 2.3, on the other hand, did not emerge well from the report. While the researchers acknowledged that sandboxing also forms part of the OS security structure, and that users are able to grant permissions to each app individually, they also found that in practice, end-users view such permission requests as a nuisance and tend to simply authorise those requests without inspecting them properly. On the face of it, that’s the fault of the user, but the report implies that the design of the OS doesn’t adequately factor in the behaviour of the user, which ultimately exposes the device to potential security risks. It was also noted that even when users do attempt to take proper note of permissions before approving them, “it is often unclear… what the application is actually capable of.”

You may be wondering why the researchers chose to scrutinise Android 2.3 Gingerbread rather than its successor, 4.0 Ice Cream Sandwich. The report acknowledges that while ICS is available, its deployment is extremely limited, with Gingerbread remaining by far “the most widely deployed on existing and new handsets”. The report actually condemns this state of affairs, highlighting this fragmentation as “a security risk in itself; there is no central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period.”

While the report was assembled with business and enterprise security in mind, many of its findings remain equally relevant to the consumer space. But the blurring of lines between the consumer and enterprise markets has created its own security concerns, particularly as many organisations are increasingly expected to support mobile devices that were not developed first and foremost for business environments.

Trend Micro’s Chief Technology Officer, Raimund Genes, was unequivocal in noting that “every mobile device is a risk to business”, adding that “whilst some mobile platforms have evolved very noticeably along enterprise lines, there is still a strong ‘consumer marketing’ legacy in some quarters and this is negating some of the progress made on the enterprise front. Indeed, some of the attributes we have examined in the report are still firmly ‘enterprise-unready’.”

Perhaps as notable as the negativity towards Android is the clear advantage that RIM has here. Given just how far ahead its BlackBerry devices are when it comes to being ‘enterprise-ready’, and how much work its rivals evidently have to do to match its performance in secure business environments, it again calls into question why RIM chose not to focus its efforts solely on the business and enterprise space, rather than extending its struggle in the savagely competitive consumer market.

Report a problem with article
Previous Story

GamrBytes :) Skyrim gets ‘real' in viral video

Next Story

Microsoft roadmap shows IE10, Windows Phone and more

27 Comments

Commenting is disabled on this article.

You all sound jealous, you wish your platform was the most secure one but they all fail over BlackBerry, as they always did.

Or, the more us use something the more it gets exploited.. quite simple tbh.. was same with IE vs FireFox and now Windows vs iOS or whatever it is. why would anyone want to waste time on exploiting something that noone uses anyways

Why all the hate for blackberry? They have been known to be very secure for years now. Why is this a surprise for most of you?

smooth3006 said,
BB is the most secure because no one uses it.

Wrong. Lots of large businesses use it--mine being one of them. It's so easy to manage and the BES works seamlessly with our AD, etc. And you know, I actually like my Bold quite well; many in the company have the Storm or Torch (touchscreens) but I prefer the full keyboard. BB were the best for a while, RIM just rested on their laurels too long while the rest of the world flew by them. They're starting to catch up again.

Is this not because its a really locked down, limited OS? The less you can actually do on a phone, th emore secure it is!

DrScouse said,
Is this not because its a really locked down, limited OS? The less you can actually do on a phone, th emore secure it is!

BB is in no way locked down, there just aren't that many serious developers.

That may change soon though....

Voice of Buddy Christ said,
Security is truly a function of how often hackers and other online miscreants target your OS. How secure an OS is, is inversely proportional to its popularity.
While this is generally true - Blackberries are secure and not because of the popularity factor. Remember about 10 years ago when they were very popular (think: Pearl/Curve era) still not much was accomplished with hacking. Also, BB's have been and still are the most widely used device among government and corporate employees. That's the kind of stuff hackers want - not some idiot 16 year olds naked duck face pictures she sent to 15 different guys. No hacking is need for that.

" Android 2.3 (Gingerbread) and Apple iOS 5" - Why did they not test iOS5 vrs Android ICS

Think this might not reflect the true state of things

Was about to ask the same thing ... why not ICS and iOS5 ... also, what is wrong with idiot users, surely you cannot balme a "secure" OS being bad because the users ignore informed options.

No one argues BB are secure, however, it comes at the cost of implementation and usability.

GoldfishBoy said,
" Android 2.3 (Gingerbread) and Apple iOS 5" - Why did they not test iOS5 vrs Android ICS

Think this might not reflect the true state of things

Because read the article

GoldfishBoy said,
" Android 2.3 (Gingerbread) and Apple iOS 5" - Why did they not test iOS5 vrs Android ICS

Think this might not reflect the true state of things

No it wouldnt. Android 2.3 is still by a very very far margin the most used OS version. Hell there are still a TON of phones coming out with 2.3 NOW and months from now. ICS is on a very small percentage of devices and companies keep pushing out upgrading other devices to it for some reason (cuz they NEED to put their own custom UI and crap on it....). Like Sraf says, read the article fandroid.

With as many remote arbitrary code execution vulnerabilities that have been found in iOS, I don't think it deserves to be in the #2 spot as far as security is concerned...

Edit: probably because the report is about enterprise-readiness, not security. Also notice that the report credits Windows Phone with a significant advantage in security for defense against buffer overflows and stack overflows. Interesting. It does not credit Windows Phone with remote wipe over SMS, but I'm pretty sure that's exactly what the Find My Phone website does...

Edited by rfirth, Apr 12 2012, 11:07am :

rfirth said,
With as many remote arbitrary code execution vulnerabilities that have been found in iOS, I don't think it deserves to be in the #2 spot as far as security is concerned...

Not to mention the numerous failings they had in implementing a proper screen lock.

rfirth said,

Edit: probably because the report is about enterprise-readiness, not security. Also notice that the report credits Windows Phone with a significant advantage in security for defense against buffer overflows and stack overflows. Interesting. It does not credit Windows Phone with remote wipe over SMS, but I'm pretty sure that's exactly what the Find My Phone website does...

You can also wipe your phone using an exchange server. It is good to have one email account on your phone connected to an exchange server. With my Samsung Galaxy Nexus, iPhone 4S, Motorola Xoom (4G LTE) and my iPad (3rd Gen.), I can remotely wipe those devices by logging into my Exchange.

Oh wait, blackberry beats SELinux android which is used by the US military OVER blackberry! Oh, of course, why would something with specialist military security ever beat a failing company's handset... /s

n_K said,
Oh wait, blackberry beats SELinux android which is used by the US military OVER blackberry! Oh, of course, why would something with specialist military security ever beat a failing company's handset... /s

They probably tested OOB units, whereas the DoD would have customized the ROMs to meet their security needs

/Depending on distro, Windows OOB can be more secure or have better security settings (not running unneeded services and such) than Linux, again OOB