

The Most Secure Android Phone, Ever - Sato
http://www.fastcompany.com/1786472/most-secure-android-phone-ever-blackberry-headache?partner=gnews

======
morisy
VMware has been demoing what sounds like almost identical technology for a
while now:

[http://itknowledgeexchange.techtarget.com/IT-watch-
blog/like...](http://itknowledgeexchange.techtarget.com/IT-watch-blog/like-
supermanclark-kent-for-your-phone-vmwares-mobile-virtualization-platform-mvp/)

It creates a virtual machine that's hardware encrypted on the device, and
actually runs them as two separate phones. Similar full-on or pseudo-
virtualized environments have been used on the iPhone, iPad, and other devices
to various degrees of success over the years, but I think it is a slight
hyperbole to say "this could change the way people use smartphones, entirely".

~~~
zobzu
as far as i can read, that's incorrect. VMWare virtualize the phone's
hardware. That's actually adding some security between the 2 environments
(personal and business, mind you).

The linked article seems to be about 2 separate disk partitions, but the same
user space. And that doesn't sound good then.

~~~
morisy
You're right. I definitely shouldn't have used the term "identical". The user
interface paradigm seems very similar in concept, regardless of the underlying
technology, and I guess I was trying to push back on that hype as an original
take.

There was a consumer grade phone a few years ago that pulled very similar
partitioning tricks but my Google-Fu has failed me in retrieving it. Thanks
for clarifying.

------
zyb09
I don't see anybody ditching RIM yet. Security needs to be proven with a track
record. No matter what systems they deploy, there will always be exploits and
hacks.

~~~
Mvandenbergh
A number of companies already allow use of non-RIM smart-phones for company
email though. I know of at least one big-four consulting firm that issues
iPhones instead of BBs, and an oil major that allows reading of company email
on iPads. I'm sure they're not the only ones.

~~~
mbesto
^This - many IT organizations are allowing (and actually distributing)
iPhones.

There are quite a few companies using iPads as well (SAP for example bought
3,000+ for their sales workforce)

------
ashbrahma
Enterproid does something similar :
[http://www.techspot.com/news/45771-enterproids-divide-
separa...](http://www.techspot.com/news/45771-enterproids-divide-separates-
work-from-play-on-android.html)

They call it the Divide platform. The professional side of the device has
includes enhanced security, access control, remote wipe capabilities..

------
easyfrag
"All software installed on Bizztrust-enabled Androids is automatically scanned
before the user logs on to their company's network via VPN; if any
irregularities are detected, the user will not be able to use compromised
apps"

What exactly does that mean? Do they keep a blacklist of apps? Perhaps they
only mean the "work apps"?

~~~
gizzlon
And if the phone is compromised, how can you trust the "scan"?

A compromised phone scanning itself does not make a lot of sense. If the
server scans the phone, it still can't be trusted since you're asking an
insecure device: "are you compromised?".

Guess the point is just to know if there are any unwanted apps, that did not
gain "root", on the phone. Is this useful?

------
hollerith
Anyone know if this is open source?

~~~
raphman
Given that it comes out of a Fraunhofer Institute, I highly doubt that it is
open source. I would also assume that this product is actually only a tech
demo, not a fully implemented solution.

------
forgotusername
I wonder if they've solved the problem of shipping year old kernels and
letting untrusted apps run native code without any explicit permission. Until
then, the words "Android" and "secure" should never appear in the same
sentence.

~~~
Mvandenbergh
Dalvik is not intended to be part of the Android security model. Security
comes from the separation of processes based on user permissions at the Linux
level.

~~~
forgotusername
I don't see how this statement addresses what I said.

I am referring to the fact that applications can be installed from Market (or
otherwise), receive no explicit user-granted (or visible) permission, and yet
have unfettered access to the largest chunk of native code in the system,
which more often than not is a year behind the latest security updates.

No amount of userspace virtualisation can work around that.

~~~
zobzu
If you didn't know that, anything that sounds like a negative comment of a G.
product on HN is down voted. It's like a meme. No need to worry.

The kernel vulns are still there in most phones and exploitable from user
space.

Have a look at the very new Android security review, by "experts" and
official:

<http://source.android.com/tech/security/index.html>

While its a good start (user separation among others), it doesnt address any
core security issue, like timely kernel updates (and many phones don't even
support OTA properly/don't get updates pushed, so no timely Android core
updates either), sdcard security, drivers fully communicating in user space
(this one won't be fixed as its a work-around to avoid GPL).

------
bprater
If I had to guess, I'd say that these folks are going to make a lot of money.

