or Connect
AppleInsider › Forums › Mobile › iPhone › Samsung adds security layer to Android to gain enterprise credibility
New Posts  All Forums:Forum Nav:

Samsung adds security layer to Android to gain enterprise credibility

post #1 of 49
Thread Starter 
In response to lackluster interest in Google's Android platform by corporate enterprise and government users, Samsung has announced plans to shore up its smartphones and tablets with third party security software in an initiative branded as "SAFE," or "Samsung For Enterprise."

Announced at last week's Mobile World Congress, Samsung has partnered with Centrify to add "fundamental security and management enhancements" in order "to address the shortcomings of the current open source Android platform."

Samsung Knox SAFE for work

Knox is intended "to address the shortcomings of the current open source Android platform"Branded as "Knox" by Samsung, the new software adds support for a series of enterprise features Android has lagged iOS in supporting. The first of these, support for "Advanced Microsoft Exchange ActiveSync features," was first addressed by Apple five years ago in 2008's iOS 2.0.

The second feature, "on-device AES 256-bit encryption," is a prerequisite of Microsoft's Exchange default policy settings. Apple began supporting hardware device encryption with the iPhone 3GS in 2009.

A third feature touted by Samsung is VPN support, a notable problem for Android users that want to connect to various remote networking systems. It's also a feature Apple began addressing along with Exchange support back in 2008's iOS 2.0. Apple has regularly enhanced its VPN support on iOS devices in subsequent releases over the last half decade.

Welcome to the sandbox, at least for the Galaxy-only version of Android



Another primary focus of Samsung's new Knox layer is app "containerization," a security access control feature that Apple refers to as "app sandboxing" on iOS.

iOS App Sandboxing


Sandboxing prevents one app from being able to read data or modify the code of other apps installed on the system (as portrayed by Apple in its developer documentation, pictured above). This feature helps to contain malware and other security threats, so that even if a vulnerable app is cracked via an exploit (or a malicious app manages to get itself installed on a device), it can't be used to gain further access to other software or data stored on the device.

This feature is critical to enterprise customers who don't want their users to store corporate data on an insecure device loaded with sideloaded home-brew software or malicious software that automatically has full, open access to everything else on the device. In itself, it's a principle reason why Android has such a small showing among enterprise users, despite Android's large presence in low end consumer offerings.

While Google's Android platform offers rudimentary sandboxing security that requires apps to specify what specific permissions they require, it is customary for app developers to request "long lists of permissions that their apps don?t really need."

As a result, users are tasked with approving complex, opaque security requests that essentially give many apps virtually unrestricted access to the user's private information, location and other sensitive data, resulting in issues with developers harvesting inappropriate data from their users, as well as malicious efforts to steal data using phony games and other titles that actually serve as spyware.


Samsung sees little enterprise opportunity; Knox would?



Knox also addresses Android's lack of coherent "single sign on" enterprise mobile authentication and fleet device management features, both of which enable enterprise users to secure their employees' devices with centralized policies (such as disabling Bluetooth or camera features, or preventing app installations) and remotely manage the devices from a central location.

Apple similarly had little previous exposure in the enterprise when it introduced the iPhone in 2007. However, the company immediately made implementing support for enterprise features a central priority, in conjunction with the opening of the App Store back in 2008. Since then, Apple has rapidly introduced new support for related features of interest to business users.

Apple's Macintosh platform had fought for years to be taken seriously in the enterprise; its mobile iOS platform also faced initial barriers of adoption from companies that were heavily invested in enterprise mobile solutions from Blackberry and Microsoft.

However, the usability and desirability of Apple's iPhone, along with an early and focused initiative by Apple to add serious security and management features to iOS, kicked off a global "Bring Your Own Device" trend, rapidly eroding the position of its entrenched competitors and vaulting Apple to the top of corporations' and government agencies' mobile deployment plans. BlackBerry and Microsoft now support more new iOS devices on their own proprietary enterprise servers than their own platforms' devices.

Somewhat ironically, Apple's historical minority share of the enterprise market on the Mac has been reversed with iOS; Apple now accounts for the majority of mobile devices being used in the enterprise, while Microsoft, BlackBerry, Samsung and everyone else share the scraps.

This reversal has also enabled Apple's Macintosh line to gain new access in government and corporate circles, aided by the commonality in software development of the two platforms and the BYOD breakdown of barriers that once protected Windows and BlackBerry from significant new competition.

Good for Samsung, bad for Android



As Android's primary successful and profitable licensee, Samsung is now running into severe barriers of enterprise adoption due to the haphazard and security policies of Google's Android platform, which not only lacks comprehensive, native support for app sandboxing and remote management, but also receives only secondary, limited support from many of the third parties focusing on securing mobile devices.

Apart from the antivirus and malware containment software tools that exist (by necessity) almost exclusively for Android, third party mobile security efforts aren't focused on Android. Instead, they target the iOS devices their enterprise clients are actually using, according to the mobile device management vendors AppleInsider has consulted.



In the regular reports issued by mobile management vendor Good Technology over the past several years, enterprise users have demonstrated "a clear preference" for Apple's iOS. The firm's most recent report noted that Apple held eight of the the top ten spots in mobile phones and tablets (depicted above), a particularly notable metric because Apple has only sold eight different iOS devices since 2010.

Samsung's efforts to make its devices more attractive to the enterprise aren't being shared back with the greater Android community. Instead, Samsung is branding its own "Knox enhanced" version of Android as "safe for business," a phrase that implicitly admits that the stock Android is not safe for business.

The more successful Samsung is in gaining support for its Knox initiative, the harder it will be for Google to have its own Motorola and Nexus branded devices to be taken seriously by enterprise users, not to mention the "white box" market and other smaller brands of Android, Android forks such as Amazon Kindle Fire, and other variants of Android that are collectively pooled to describe an "Android platform," despite various incompatibilities among the fractured third party features and OS API levels of different generations of Android now being sold worldwide.

Two Samsung models are "SAFE," the rest are not



The company has partnered with AT&T to promote Samsung's latest Galaxy SIII and Note II as "safe for business" in new billboards installed in San Francisco (shown below) albeit using advertising that depicts the devices running phony mockups of business presentation and project management software that doesn't really exist.

Samsung SAFESamsung SAFE


Samsung hasn't yet taken on the task of developing its own productivity software to rival Apple's touch-centric Pages, Numbers and Keynote. Instead, its "Galaxy at Work" promotional pages depict additional placeholder apps and the stylus doodle pad apps Samsung bundles on its Note II, performing tasks such as drawing a circle over a photo and scribbling "plans approved," or productively typing a "secure email" while watching a video of children playing in the corner of the screen.

Samsung SAFESamsung SAFE


Samsung's Knox layer is also being extended to Android developers in a way that will result in apps that only work securely on Samsung phones that include the Knox software layer. This excludes not just the vast majority of devices sold worldwide that make use of some version of Android, but also excludes the rest of Samsung's own phones (apart from the SIII and Note II) many of which ship with outdated versions of Google's platform, and which are unlikely to ever be upgraded to support Knox.

Combined with the fact that Samsung has historically refused to issue timely Android updates for its own users, this means that even among companies with liberal "BYOD" policies, very few Android devices can even qualify as having the minimal security required by enterprise users.

SAFE to replace all your hardware?



Some aspects of Knox, including hardware encryption and the Microsoft Exchange support it enables, can't simply be delivered in a software update. Existing Samsung users will simply have to replace their phones.

To address this expense in hardware upgrades, Samsung is offering to purchase company's existing devices in a "safe to switch" program that suggests business can defer as much as $30,000 in upgrade expenses on 100 phones valued at $300 each (about half the cost of buying all new "SAFE" hardware from Samsung).

Samsung SAFE


However, this only applies to the repurchase of brand new devices like a $750 16GB iPhone 5 in perfect condition. For other devices (such as an iPhone 3GS in top condition), Samsung is only offering $30. The company values its own 7 inch AT&T Galaxy Tab at a $65 trade in.
post #2 of 49
So much Samsung love from the AppleInsider Staff.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #3 of 49
Is it true that Android doesn't support WPA-Enterprise?
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
post #4 of 49
Whatever it gives. If it is Google/Android... I am not going to buy! They are tracking everything. I feel like... some ghost is with me.
post #5 of 49

It will be interesting to see how well Samsung supports this initiative. Will each device/version be thrown out there and then never updated or will they actually support it like Enterprises will very likely expect?

 

If Knox implements app sandboxing, will you still be able to use a file manager to gain access to the file system? Will you still be able to use that SD slot? Etc

post #6 of 49

What a clusterfuck Android is. This is something Google needs to be providing, not Samsung. 

post #7 of 49
Quote:
Originally Posted by Slurpy View Post

What a clusterfuck Android is. This is something Google needs to be providing, not Samsung. 

 

But the clusterfuck is WINNING and Apple is DOOMED¡

post #8 of 49

<-------------- Google Android

 

Samsung Android ------------>

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #9 of 49
I wonder how much this slows down the UI - which is already very laggy.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #10 of 49
Kudos to Samsung for providing what Google can't.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #11 of 49
Quote:
Originally Posted by Suddenly Newton View Post

So much Samsung love from the AppleInsider Staff.

 

They're getting ready to make the switch when doomed Apple is shut down, the assets sold off, and the money returned to the shareholders. Oh wait! That's exactly what Einhorn and the analysts want¡

post #12 of 49
Quote:
Originally Posted by lkrupp View Post

 

But the clusterfuck is WINNING and Apple is DOOMED¡

Sounds like you listen to the delusional media.  Sounds about right. So, what version OS is Samsung shipping?  4.1.1 and older.  God, they can't even ship their Android crap with the latest OS.  

post #13 of 49

The really funny thing is that a Samsung device that's "SAFE" is no longer as "open" as the Android lovers like to claim. You can't have your cake (being open and free to mods) and eat it too (being secure).

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #14 of 49
Quote:
Originally Posted by PhilBoogie View Post

Is it true that Android doesn't support WPA-Enterprise?

There's a thread on just that, found here:

http://forums.androidcentral.com/google-nexus-7-tablet/203136-google-still-hasnt-fixed-wpa-enterprise.html

 

If I read it right it did, then it didn't, then it does again.1bugeye.gif

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #15 of 49
So... Android has to get "fixed" before it's even safe?!?!

why bother?

Just get iOS and have better hardware, better software, and its been safe for a while.

The bottom line with Android is that no one needs it, its slower, its not as safe, and it even looks like junk.

It's been a fun experiment for tinkerers, but the iOS devices are actual, polished, proper products.

And it has been that way from the start.
post #16 of 49
Even for DED, this article has low standards. It's so full of distortions and cherry picked half-truths that it's disturbing to think anyone will take it seriously.
 
A few points:
 
* Android has had full-disk encryption for two years, since 3.0. It uses AES-128 in CBC mode with SHA256. You can read the full implementation details online. Conveniently, DED neglected to mention this. iOS's AES-256 is just an incremental improvement over AES-128.
 
* Android has had app sandboxing since day one. Each application runs in a separate process space with randomized user and group ids. Apps can't access one another's internal files (filesystem permissions prevent this). Applications can choose to expose some of their functionality to other apps via services or content providers, but these can be protected by permissions. Further, critical system partitions are mounted read-only.
 
The NSA has ported the SE Linux MAC framework to Android, and much of this code has been merged into AOSP (see here and here for specific commits). This code isn't yet enabled by default, pending further review. (Update: The Knox implementation uses SE Android.)
 
But when DED says, "Sandboxing prevents one app from being able to read data or modify the code of other apps installed on the system" he neglects to say that this is already the case on Android and has been since version 1.0. 

* DED neglects to mention that Android has supported VPNs since 1.6 (released in 2009).
This was made more flexible in 4.0 (running on about 43% of devices), and again in 4.2. Cisco supports their proprietary VPN solution on Android.
 
* Does DED have a source for his claims that Android apps request extra permissions that "give many apps virtually unrestricted access to the user's private information, location and other sensitive data, resulting in issues with developers harvesting inappropriate data from their users..." ? Further, is he aware of the study by Appthority that claims that iOS apps leak more personal information than Android apps?
 
* DED claims that Android lacks centralized device policy support. This is false. It was added in 2.2, which was released in 2010. See this article for specifics. Google has an app which implements these policies.
 
* DED also hypes up the "malware" FUD. Hasn't this horse been beaten enough? If you stick to legitimate, reputable app stores, you're fine. Rather than repeat myself, I'll just link to a comment I made six months ago with more detail.
 
 
I know this is an Apple fan site, but could you at least try to get some of the details right?

Edited by derekmorr - 3/4/13 at 5:43pm
post #17 of 49
Originally Posted by lkrupp View Post
But the clusterfuck is WINNING…

 

I'd love to quote this, but…


Originally Posted by drblank View Post
Sounds like you listen to the delusional media.

 

¡ is sarcasm.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #18 of 49
Quote:
Originally Posted by derekmorr View Post

Even for DED, this article has low standards. It's so full of distortions and cherry picked half-truths that it's disturbing to think anyone will take it seriously.

 

Besides the fact that the article (and Samsung) made it sound like Android didn't already have this stuff, the author got the "app containerization" totally wrong.

 

What Samsung has done, is used the Open Source NSA SE (Security Enhanced) version of Android to implement what they call KNOX (as in Fort Knox).

 

What KNOX does, is divide the device into a personal container and an enterprise container.  This is very powerful, especially for BYOD.

 

The user can do and install whatever they want on the personal side, even malware, and it cannot access nor harm the secure enterprise side.   Likewise, it means that enterprise management tools cannot look at or wipe out your personal life, even if they need to scan or wipe the enterprise side.

 

The enterprise side of KNOX provides a secure environment where existing Android applications such as email, browsers, file sharing, and other apps can work without any rewriting.  


Edited by KDarling - 3/4/13 at 5:00pm
post #19 of 49
Quote:
Originally Posted by derekmorr View Post

I know this is an Apple fan site, but could you at least try to get some of the details right?

 

Yes. Let's get all the details right including the ones you also conveniently forgot to mention. Pot meet Kettle.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #20 of 49
Quote:
Originally Posted by derekmorr View Post

Even for DED, this article has low standards. It's so full of distortions and cherry picked half-truths that it's disturbing to think anyone will take it seriously.

Yes, and all of your half-truths explain exactly why virtually no serious enterprise or government users are actually using Android at all.

Look how many firms and agencies have studied both and went with iOS.

No amount of quibbling and defensive "fact" relating makes this any different.

Also, tell us how many Android phones use anything newer than 3.0? Less than half of the phones actively using Google Play!

This doesn't include the forks and white box stuff that makes up the majority of all those "sales" in the "platform."

You can grouse all you want about how great Android is, but if it were minimally functional if would be in wide use in the enterprise, just as it is among poor users in developing nations and poor people in the US on prepaid plans.
post #21 of 49
Unreal
Cheers !
Reply
Cheers !
Reply
post #22 of 49
Quote:
Originally Posted by Corrections View Post


Yes, and all of your half-truths explain exactly why virtually no serious enterprise or government users are actually using Android at all.

Look how many firms and agencies have studied both and went with iOS.

No amount of quibbling and defensive "fact" relating makes this any different.

Also, tell us how many Android phones use anything newer than 3.0? Less than half of the phones actively using Google Play!

This doesn't include the forks and white box stuff that makes up the majority of all those "sales" in the "platform."

You can grouse all you want about how great Android is, but if it were minimally functional if would be in wide use in the enterprise, just as it is among poor users in developing nations and poor people in the US on prepaid plans.

I expected you might address each of his points or at least refute a couple of them. That you didn't implies he has some valid comments. I completely agree tho that enterprise seems a lot more friendly towards iOS than towards Android, and likely for good reasons.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #23 of 49
Quote:
Originally Posted by Corrections View Post

Yes, and all of your half-truths explain exactly why virtually no serious enterprise or government users are actually using Android at all.

Hi, Daniel (btw, why don't you use your real name when you post comments here? Keeping track of your aliases is almost a full-time job.)

I see you didn't bother responding to any of my claims, but just spread more FUD and name-calling. That's unfortunate.

Is the Pentagon a serious enough government user of Android for you?
Quote:
Originally Posted by Corrections View Post

Also, tell us how many Android phones use anything newer than 3.0? Less than half of the phones actively using Google Play!

It's about 45% using February's numbers. We should have updated numbers later this week. If you track the version stats and run the projections forward, I suspect that this year 1.6, 2.1, and 2.2 will be gone, and 2.3 will drop to under 30%. Of course, I doubt this will be good enough for you; you'll just invent another excuse to write clickbait hit pieces.
Quote:
Originally Posted by Corrections View Post

You can grouse all you want about how great Android is, but if it were minimally functional if would be in wide use in the enterprise, just as it is among poor users in developing nations and poor people in the US on prepaid plans.

This is just more ad hominem attacks - the tired "Android is only for poor people" cliche. It's sad that you have to resort to it.

Enjoy your evening. I have better things to do than argue with zealots.
post #24 of 49

Quote:
Originally Posted by Corrections View Post

Yes, and all of your half-truths explain exactly why virtually no serious enterprise or government users are actually using Android at all.

 

I don't think he was addressing any of those topics.  He was only pointing out all the technical mistakes.

 

As for serious government users, the NSA and the Army chose Android.

 
Quote:
You can grouse all you want about how great Android is, but if it were minimally functional if would be in wide use in the enterprise, just as it is among poor users in developing nations and poor people in the US on prepaid plans.

 

Again, he didn't seem to be promoting Android at all, but only correcting article mistakes.

post #25 of 49
Quote:
Originally Posted by GadgetCanada View Post

Quote:
Originally Posted by drblank View Post

Sounds like you listen to the delusional media.  Sounds about right. So, what version OS is Samsung shipping?  4.1.1 and older.  God, they can't even ship their Android crap with the latest OS.  

 

FYI, an upside down exclamation mark ¡ = /s = sarcasm

 

Not in Spanish!

"Swift generally gets you to the right way much quicker."
-auxio-
Reply
"Swift generally gets you to the right way much quicker."
-auxio-
Reply
post #26 of 49
So Derek and KD are again making statements and leaving out details.

Tell me, KD, what version of Android are the Army and NSA using and what modifications have they done to their devices? More importantly, why did you neglect to mention these items?

derek, even if 2.3 hits 30% (unlikely considering how many new handsets are being shipped with it), that still leaves JB as the minority and ICS as the number one version. And ICS is not secure as it uses a half-baked version of ALSR, something only finally fixed in JB. So most Android users will still be on a less secure version, even at years end.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #27 of 49
Quote:
Originally Posted by EricTheHalfBee View Post

Tell me, KD, what version of Android are the Army and NSA using and what modifications have they done to their devices? More importantly, why did you neglect to mention these items?

 

That's a fair point.  The Army is using modified Motorola phones, and the NSA is using Motorola phones with their SE version of Android.

 

Interesting.  Wonder if Samsung's use of Android SE in KNOX will mean that their commercial devices can become the phone of choice for sensitive government work?

 

Of course, it's a pity to leave out modified devices, since then we would also have to leave out all the thousands of iPads that third parties have modified for government use.


Edited by KDarling - 3/4/13 at 6:28pm
post #28 of 49
Quote:
Originally Posted by EricTheHalfBee View Post

So Derek and KD are again making statements and leaving out details.

derek, even if 2.3 hits 30% (unlikely considering how many new handsets are being shipped with it), that still leaves JB as the minority and ICS as the number one version. And ICS is not secure as it uses a half-baked version of ALSR, something only finally fixed in JB. So most Android users will still be on a less secure version, even at years end.

What details did I neglect to include?

What new devices are still shipping with Gingerbread? I'm sure there must be some, but how popular will they be? Gingerbread's marketshare peaked at 66% back in June 2012. It's fallen 20% since then. I highly doubt it will go back up (no version of Android ever has. Once it peaks, it steadily drops).

I'd hardly call the ASLR implementation in ICS "half-baked." There were problems in 4.0 - 4.0.2, but they were mostly fixed in 4.0.3. And that early version of ICS (API level 14) disappeared from Google's stats in October 2012, so users have upgraded to the newer ICS and JB builds. The only ASLR improvements in 4.1 were the relocatable linker and PIE executables.

But, frankly, I'm not convinced this matters so much. Much of the so-called "malware" on Android are apps that exfiltrate PII (using the existing permission model) or send premium rate SMS (again, using the existing permission model). That's not the sort of thing that ASLR, NX, RELRO, FDE, SE Android, etc will mitigate. Don't get me wrong -- these are important security technologies, but they won't address the core "problem" -- if a user turns off app validation, visits a shady app store, installs malware, and confirms the permission check, there's nothing these technologies can do to prevent that.

Also, I'm not ready to make a prediction about ICS vs Jellybean marketshares by year's end. So far, Jellybean adoption is growing faster than ICS did, likely because it's a lot easier to upgrade ICS devices to JB than Gingerbread devices to ICS. Also, ICS marketshare actually dropped a tenth of a percent last month. I'm curious to see the March Android numbers, which should be out this week.
Edited by derekmorr - 3/4/13 at 6:36pm
post #29 of 49
This is just sad. Android is 5 years behind in security, taking home a fraction of the smartphone profit... lkrupp... Really winning, Android market share means nothing when the satisfaction rate is as low as it is for Android devices while apples is so high... what that means is that Apple will continue to grow even as the over all market declines. Android can't get a foothold in enterprise, not just because of their lack of security but because the OS is flawed from the start. The UI will always be laggy because nearly everything needs to be recompiled at runtime because it's running a virtual OS... Unlike Apple who wasn't playing catch-up, they designed it right from the start. Before people get a smartphone they may be fooled because they don't understand this... but as they use it and realize that there is a difference between the iPhone and half-baked Android they become dissatisfied and it show in the loyalty tracking that is crazy high for iOS and crazy low for Android. Apple gets switchers, Samsung does not... The only people that blindly defend Android are people that dislike Apple because og the Mac vs. PC commercials that made them look like fools... your still a fool.
post #30 of 49
Quote:
Originally Posted by EricTheHalfBee View Post

So Derek and KD are again making statements and leaving out details.

Tell me, KD, what version of Android are the Army and NSA using and what modifications have they done to their devices? More importantly, why did you neglect to mention these items?

 

 

Let's carry this a little further, since we're talking about the Army and NSA.  What versions of iOS and Android devices are the Army and NSA using UNMODIFIED for direct access or storage of classified data?  

 

Are any of the COTS devices even allowed on SIPRNET, yet?  I tend to doubt it.

post #31 of 49
"Mostly fixed". ASLR is an all or nothing affair. You can't have "most" things fixed and call it implemented.

You're not ready to make a prediction on ICS, yet you're willing to make up a number (30%) for GB?

And why did Samsung create Knox, since you seem to want to imply "Samsung has already had....".

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #32 of 49
Quote:
Originally Posted by runbuh View Post

Let's carry this a little further, since we're talking about the Army and NSA.  What versions of iOS and Android devices are the Army and NSA using UNMODIFIED for direct access or storage of classified data?  

 

I don't think the Army or NSA is using any unmodified phones for classified data.

 

The Army phones are reportedly stock Motorola Atrix, with a custom (NSA?) Android ROM loaded.  By using COTS hardware, they save money.

 

They wanted to make an iOS version, but Apple won't let them have access to the OS code to modify it.

 

Quote:
Originally Posted by EricTheHalfBee View Post

And why did Samsung create Knox, since you seem to want to imply "Samsung has already had....".

 

Android has VPN, encryption and Exchange support.

 

Knox is far deeper than that, and is not available on other mass consumer devices.  

 

As pointed out above, Knox uses the NSA's SELinux work on implementing a secure OS architecture, to give a secure separation between personal and business uses.  

 

Quite valuable for enterprise or government purchase or BYOD situations.

post #33 of 49

Quote:
Originally Posted by EricTheHalfBee View Post

"Mostly fixed". ASLR is an all or nothing affair. You can't have "most" things fixed and call it implemented.

 

ASLR is usually added gradually. OS X got limited ASLR in 10.5, with support improving in future versions. Same in iOS -- Apple added limited ASLR in 4.3 and expanded it later.

 

 

Quote:
Originally Posted by EricTheHalfBee View Post

You're not ready to make a prediction on ICS, yet you're willing to make up a number (30%) for GB?
 
I made the prediction for Gingerbread because it peaked almost 10 months ago and has been steadily declining (2% - 3% each month). Jellybean is still growing, and until last month ICS was as well. It's not yet clear if ICS 0.1% decline was a one-time fluke or a sign of a greater trend.
post #34 of 49

actually the real significance of Knox - which neither the article nor the comments address - is whether Samsung has crossed the line and effectively "forked" Android. does Knox require specific Knox-enabled apps? would a Knox supporting server's security setup work fully with other Android products too, or just Knox flavored ones?

 

because of Samsung's Android market share dominance, the big question for the future of Android is whether Samsung will split off its own proprietary version by continuing to add custom layers/services like this that effectively create a partly "walled garden" other OEM's (including GoogleRola) cannot share. like Amazon already did.

post #35 of 49
Quote:
Originally Posted by SolipsismX View Post

Kudos to Samsung for providing what Google can't.


Indeed. Kudos, in general, for developing a strategy for the enterprise market. Wonder if this will eventually make the likes of Good Technology redundant, or make their job easier.

post #36 of 49
Quote:
Originally Posted by 9secondko View Post

It's been a fun experiment for tinkerers, but the iOS devices are actual, polished, proper products.

And it has been that way from the start.


For enterprise? Not true. What is the iOS equivalent of Knox?

post #37 of 49
Originally Posted by KDarling View Post
I don't think the Army or NSA is using any unmodified phones for classified data.

 

The Army phones are reportedly stock Motorola Atrix, with a custom (NSA?) Android ROM loaded.  By using COTS hardware, they save money.

 

They wanted to make an iOS version, but Apple won't let them have access to the OS code to modify it.

 

Android has VPN, encryption and Exchange support.

 

Knox is far deeper than that, and is not available on other mass consumer devices.  

 

As pointed out above, Knox uses the NSA's SELinux work on implementing a secure OS architecture, to give a secure separation between personal and business uses.  

 

Quite valuable for enterprise or government purchase or BYOD situations.

 

Says the guy who can't even secure an iPad from his daughter making 262.52 USD worth of unauthorised purchases.

 

Yet here you are discussing high level Linux security like an expert.

 

Your credibility is shot. Why should we believe this crap?

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #38 of 49
Originally Posted by hill60 View Post
Says the guy who can't even secure an iPad from his daughter making 262.52 USD worth of unauthorised purchases.

 

Yet here you are discussing high level Linux security like an expert.

 

Your credibility is shot. Why should we believe this crap?

His integrity is intact as far as I can see. You questioned his honesty about iTunes purchases and he gave you proof for what he wrote. Having a tantrum in response seems a bit over the top.

 

Why not instead jump in with your own OS security comments to disprove his?

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #39 of 49
Quote:
Originally Posted by Gatorguy View Post

His integrity is intact as far as I can see. You questioned his honesty about iTunes purchases and he gave you proof for what he wrote. Having a tantrum in response seems a bit over the top.

 

Why not instead jump in with your own OS security comments to disprove his?

 

So what does this have to do with you?

 

Your team falling apart as their cover is blown?

 

Mr Leap to Defend.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #40 of 49
Quote:
Originally Posted by hill60 View Post

 

So what does this have to do with you?

 

Your team falling apart as their cover is blown?

 

Mr Leap to Defend.

I'd do the same if someone got their feelings hurt and attacked you unfairly and personally. It's just not proper decorum for most forums. AI shouldn't be an outlier and allow it either as it seriously discourages intelligent discussion. No wonder there's so few new members willing to rationally comment on a regular basis. We run them off with profane accusations, name-calling, troll tags and shill claims. Some of us act like we don't know how to have a respectful exchange.

 

It's silly to be threatened by something we didn't know, or to act personally insulted if something we thought we knew might not be true. But that's just how some members react. Screw the facts, who cares if anyone comes away with a better understanding. Just don't mess with what they want to believe.

 

If someone disagrees with something posted, they could at least make believe they're intelligent enough to explain why. The petty personal attacks are junior-high stuff.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Samsung adds security layer to Android to gain enterprise credibility