Google last week announced Android security features that continue to heighten the company’s enterprise mobility game.
Enterprise security features from the big mobile operating systems, Google Android and Apple iOS, have been a hot topic for years. Now, with BlackBerry down for the count and cyberattacks becoming more advanced, new security capabilities from these OSes are more significant than ever.
Due to fragmentation and issues with malware, experts often saw Google’s OS as sub-par compared to Apple’s when it came to enterprise security. Not so much anymore. Android 7.0 Nougat added support for seamless updates, allowing the OS and apps to be patched in the background — making users less likely to avoid installing important security updates. The company in December even dropped the Android for Work brand name, given that most Android devices now ship with the enterprise security features built in.
All work and all Play
Google took further security steps at its I/O developer conference last week, with Play Protect and new features in the upcoming Android O.
Google Play Protect will be built into devices that have the Google Play store. The service continuously scans all apps on the device for vulnerabilities or other issues, and through machine learning, gathers information over time that allows it to intelligently find threats. Play Protect can also let users know if an app is dangerous and prevent them from downloading it or remove it from their device. The Verify Apps service did this previously, but the new service steps up the machine learning element and makes the scans more visible in the Play Protect app.
“For employees, Google Play Protect […] allows them to work confidently and productively without worrying about harmful apps,” said Travis McCoy, senior product manager at Google, in a blog post. “And using our Android enterprise management features, IT managers can enforce this protection by policy.”
Also in Android O, the code name for the next OS version, is improved IT control over file-based encryption, greater controls over Wi-Fi and Bluetooth restrictions, additional management capabilities around work profiles, and more. In a stand against ransomware, the OS will now close off permissions that previously would allow an attacker to take control of an infected device. Plus, developers can now build the ability for pop-up notifications to time out, or disappear after a certain amount of time on screen, providing more security for sensitive information that may appear.
Android O is now in public beta, so users, developers and IT admins will have plenty of chance to check out those and other new enterprise security features to see how Google is keeping up.
Mobile app analytics and monitoring are the new “it” technologies in end-user computing.
Two months after Cisco acquired AppDynamics, VMware has snapped up Apteligent. The deal will bring mobile app user experience (UX) and performance monitoring capabilities to VMware’s existing digital workspace products, senior vice president Sumit Dhawan said in a blog post.
Lack of user buy-in is one of the main reasons that enterprise mobility projects fail. And nothing drives users away from an app faster than a poor UX. Apteligent and other mobile app performance monitoring tools allow IT to view real-time data on crashes, response times and other factors that can affect UX. More importantly, their mobile app analytics capabilities allow developers to quickly pinpoint the causes of problems and address them.
But mobile app UX and performance monitoring isn’t a magic pill. Many organizations have lengthy, deliberate development and release cycles, and they aren’t accustomed to constantly tweaking and tuning their apps.
“It’s the continuous improving of the app that’s the hard part,” said Burley Kawasaki, senior vice president at mobile app development platform vendor Kony, in a 2015 article on in-app analytics.
Inside the VMware-Apteligent acquisition
VMware will integrate Apteligent’s technology into its product line and continue to support existing Apteligent customers with service contracts, a spokesman said. The current Apteligent product will not be available to new customers once the acquisition closes.
San Francisco-based Apteligent was founded as Crittercism in 2011. VMware invested in the company during its $30 million Series C funding round in 2014. The vendors did not disclose the terms of yesterday’s acquisition.
Crittercism originally focused on monitoring and analytics for consumer apps but shifted its focus to enterprise mobility when it changed its name last year, founders Andrew Levy and Robert Kwok wrote in a letter to customers. Apteligent maintains a strong presence in the consumer market, however; its customers include Niantic, developer of Pokémon Go, one of the most popular mobile apps of all time.
Other companies that offer mobile app analytics and monitoring include Appsee, Google’s Crashlytics, New Relic and Riverbed Technology, which acquired Aternity last year.
The Apteligent deal complements VMware’s April acquisition of Wavefront, a startup that monitors application containers and microservices, Dhawan said.
Apple and SAP have followed through on their promise to deliver a new iOS SDK that allows developers to build business apps based on SAP back-end technology.
With the new developer toolkit, out this week, developers can create apps using Apple’s Swift programming language and connect them to SAP systems for business workflows and data analytics. SAP already has its own mobile apps, but the knock against them is that they look like desktop applications formatted for a mobile device — not specifically designed for the smaller form factor.
“Apple is in every enterprise right now, except people aren’t using high-end business apps on those phones,” said Eric Klein, director of mobile software at VDC Research Group in Natick, Mass. “But it’s beginning to happen, and SAP will really spur that along.”
The iOS SDK allows SAP shops to customize apps for their use cases. Businesses can build iOS apps for retail workers to more easily collect customer information, for example, or for workers at construction sites and warehouses who want to access product data without stopping to open up a laptop.
As for the vendors, SAP benefits from getting more complex business apps on iOS. Apple, meanwhile, moves the needle on its initiative to move into the enterprise with iPhones, iPads and Swift-made apps.
“Swift is very, very popular with the developer community, and they’re going to want to use it to make these apps,” Klein said.
Apple has focused on increasing its presence in business via other partnerships with IBM and Cisco over the past three years. IBM and Apple have been working on iOS apps that incorporate IBM’s Watson technology, and Cisco has delivered a fast lane on its networks for iOS devices to get better connectivity when accessing business content.
In 2012, Microsoft bet big on mobile. The company released Windows 8 with apps and a tile-based interface designed for touch devices — all in an attempt to ride the mobility wave that many experts predicted would take over the enterprise.
That complete takeover didn’t happen. Enterprise mobility technologies and strategies are still emerging, growing and changing. Microsoft readjusted two years ago with the release of Windows 10, which gave users an option between the tiles and the more traditional Start menu. It also offered the option to switch between touchscreen and keyboard-and-mouse interfaces and improved upon its enterprise security features and update plans.
Here at Access, we also recognize that business transformation is about more than just mobility. The desktop still plays a key role in most companies; the number of IT pros planning to upgrade to Windows 10 skyrocketed from 13.9% in 2015 to 40.6% in 2016, according to TechTarget’s 2016 IT Priorities Survey. And in their efforts to digitize more processes, organizations have adopted new workspace management tools, productivity applications and more.
With these technologies and more on the horizon, businesses are embracing end-user computing in myriad ways — and this new magazine will be right there with them. You may recognize familiar types of articles from the former Modern Mobility e-zine, such as deep dives into complex technologies, reviews of the latest endpoint devices and long-form features that tackle the industry’s biggest trends. You will also find new sections that rely even further on the voices of IT pros to share their end-user computing opinions, challenges and triumphs.
Like the path many businesses take when tackling EUC issues, it’s been an ever-evolving journey to formulate and execute our vision. As we open a new door to Access, we look forward to bringing you analysis and insights to help your organization better serve its end users.
This post originally appeared in the March 2017 issue of Access Magazine.
If you’re trying to build a mobile app, you want mobile backend as a service on your team.
Mobile backend as a service (MBaaS), which connects an app’s front end to the back-end systems it needs to function, can make it quick and efficient to build mobile apps. One option on the MBaaS market is Built.io, a San Francisco-based company that provides mobile app development and back-end integration capabilities.
When the NBA’s Sacramento Kings looked to build their state-of-the-art arena, the organization turned to Built.io to build a mobile app centered around the fans, allowing them to literally connect with the arena. The app lets fans start by finding a parking spot at the arena or getting an Uber there. It also offers ticketless entry, and inside the arena fans can use the app to order food and drinks, navigate to their friends’ seats and see different camera angles of plays.
“A blending of the physical and technological world seems to be really popular right now,” said Matthew Baier, COO of Built.io.
To support those features, the Sacramento Kings + Golden 1 Center app integrates with more than 20 microservices, and the organization continues to add more. MBaaS allows the team to plug new service integrations into upcoming app updates on demand and give fans a chance to test them out. Based on user reception, the Kings can decide whether to keep or replace the new services. So far, they have updated it close to once a month.
Built.io MBaaS can connect apps to anything from niche cloud-based services to SAP or other databases. Most of the modern services that organizations want to connect to their mobile apps have cloud-based APIs that are easy to integrate with an open architecture; the Internet of Things will bring a whole slew of new experiences to mobile apps as well, Baier said.
Built.io is currently working with the Miami Heat and other organizations to create similar apps for their fans. There will be common base features, but the company will customize each app to the team, the fan experience, location and specific vendors of the area, Baier said.
Apple strives to make its devices more secure for the enterprise, but its latest effort leaves things completely up to users.
Users of the Apple iOS 10.3 beta are receiving push notifications asking them to turn on two-factor authentication to protect their iCloud and Apple ID accounts.
It’s a little more persistent than typical notifications. When it appears on the lock screen, it doesn’t go away when the user unlocks the device, and they have to manually exit out of the notification to make it disappear. There is also a warning at the top of the Settings app that asks users to turn on iCloud two-factor authentication if they haven’t already done so.
“Two-factor authentication is a growing trend and is something that most users — especially business users — should be enabling these days,” said Jack Gold, principal analyst and founder of J. Gold Associates, a mobile analyst firm in Northborough, Mass. “It’s too easy to lose your identity and passwords.”
Two-factor authentication aims to protect a user’s account even if someone learns their password. After a user punches in their password, they must also enter additional information, such as a code that they receive via text or email.
Businesses might like Apple’s aggressive attempt to get users to enable iCloud two-factor authentication, because it adds another layer of security to devices that may store or access corporate content. A common problem for businesses that don’t use enterprise mobility management is that they can’t prevent the automatic syncing of corporate data to iCloud and other consumer file-sharing services. Two-factor authentication won’t stop this syncing, but it does provide additional protection of any content stored in iCloud.
Users typically don’t like two-factor authentication, however, because it requires them to take more steps to access their apps and data.
“If it’s burdensome, people will try to work around it,” Gold said.
The iCloud two-factor authentication reminders are expected to be part of the general iOS 10.3 release, rumored to be this month. The website 9to5Mac first reported about the push notifications.
BlackBerry hasn’t given up on its mobile device business, but nearly everyone else has.
The company’s smartphone market share dropped to zero — 0.0482% to be exact — in the fourth quarter of 2016, according to Gartner. The enterprise mobility pioneer sold 207,900 units in the quarter; that’s down from 906,900 a year prior, when its market share was a whopping 0.2%.
Google’s Android, meanwhile, continued to dominate the smartphone market share battle. More than 352 million phones sold in Q4 ran Android, accounting for 81.7% of the market. To put it another way, Android sold 18 times more phones on any given day than BlackBerry sold in the entire quarter.
After years of declining sales, BlackBerry announced in September that it would exit the phone hardware business. But in November, CEO John Chen said the company would release at least one more device. That news didn’t make much sense at the time, and it makes even less sense now given the almost complete lack of interest in BlackBerry phones.
Barring a miracle in the smartphone market, BlackBerry’s future looks brighter as an enterprise mobility management (EMM) and security company. Its 2015 acquisition of Good Technology made BlackBerry one of the EMM market share leaders, and joining the AppConfig Community last year demonstrated its commitment to the technology.
Here are Gartner’s full Q4 2016 smartphone market share numbers by operating system:
- Google Android: 81.7%
- Apple iOS: 17.9%
- Microsoft Windows: 0.3%
- Other: 0.1%
- BlackBerry: 0.0%
In addition, Apple edged out Samsung, the leading Android device manufacturer, in smartphone hardware market share, 17.9% to 17.8%. That marks the first time in two years that Apple has led in that area.
Even mobile security software sometimes falls prey to vulnerabilities.
VMware this week issued a security advisory regarding vulnerabilities with its AirWatch Agent and Inbox apps for Google Android.
Agent, the app for enrolling devices in AirWatch, detects rooted devices so IT can prevent them from having unrestricted access to corporate networks and data. A flaw in this feature allows rooted devices to bypass detection, however.
AirWatch’s containerized email app, Inbox, also has a potentially major security flaw. Rooted Android devices can decrypt any local data the app accesses, which could let unauthorized users access confidential data.
“VMware has a pretty solid reputation, so for these flaws to get out is a little surprising,” said Jack Narcotta, analyst at Technology Business Research Inc., in Hampton, N.H.
VMware responds to Android security flaws
VMware did not say how widespread the AirWatch security vulnerabilities are or for how long they have existed. The company notified customers and worked to resolve the issues in the AirWatch Android apps as soon as it became aware, a spokesperson said.
The Agent app vulnerability could leave an organization open to a denial-of-service attack, malware or a Trojan horse, Narcotta said.
“This could be very dangerous,” he said.
To resolve this issue, VMware urged IT departments to upgrade their Android users’ Agent apps to version 7.0.
To remedy the Inbox app problem, IT should push the version 2.12 update to users and update to AirWatch Console 9.0 Feature Pack 1. The updated management console lets IT enable pin-based encryption.
President Donald Trump is causing quite the stir at the White House as he continues to use his personal smartphone for some purposes.
Trump still uses his “old, unsecured Android phone, to the protests of some of his aides,” The New York Times revealed this week. It’s not clear exactly how old his personal phone is, but Android Central speculates it’s a Samsung Galaxy S3, which came out in 2012 and Google hasn’t updated since 2015. Mobile security experts agree that Trump’s Android phone poses a major security risk.
“If it were anyone else other than [the president], he’d be walked out the door,” said Jack Gold, principal analyst and founder of J. Gold Associates, a mobile analyst firm in Northborough, Mass. “If you’re an employee and you don’t use a secure device your company gives you and you use your own, you are toast. You just can’t do that.”
Trump’s Android presents huge risk
Trump received a secure and encrypted phone approved by the Secret Service, according to The New York Times, but he still uses Twitter on his personal Android phone.
An out-of-date device can leave users open to unpatched security vulnerabilities that hackers can exploit to steal data, intercept communications and track its location. Google has taken steps to improve Android security in recent versions, but older versions of a given operating system are less secure. The latest version to run on the Galaxy S3 is Android 4.4.4 KitKat, which came out in June 2014.
“Anyone in government who uses government-protected data has to make sure their devices are clean of all malware in regular intervals,” said Robby Hill, founder and CEO of HillSouth, an IT consultancy and service provider in Florence, S.C. “The law enforcement rule books are clear that you can’t connect to a government network otherwise.”
Using an off-the-shelf device is a personal safety risk, too, said Hill, whose company works with clients in highly regulated industries and state and local governments.
“The Secret Service’s attitude is, we don’t want people to know exactly where he is or how to get a hold of the president of the United States,” he said. “Giving away his GPS location is a hugely underplayed risk.”
Security options abound
Typically a government owned device must be heavily locked down with enterprise mobility management software, at the minimum, if it will access sensitive information. If Trump’s personal phone lacks that protection, it’d be surprising if it has access to confidential data, Hill said.
“I can’t imagine the commander in chief will have access to government data without the most secure device,” Hill said.
Trump’s predecessor, President Barack Obama, used a secure BlackBerry smartphone for the majority of his time in office, and it was stripped of many of its functionalities for security purposes. It’s likely that Trump’s Android phone is too, said Steven Kantorowitz, president of CelPro Associates, a mobile systems integrator in New York, which serves regulated industries and government clients.
In that case, the user can only call a short list of contacts and would be restricted from texts, emails, downloading apps and other functionality. Additionally, Trump’s Android phone likely has some form of security software installed to prevent hacking, Kantorowitz said.
Having a dated OS on the device, however, limits its ability to take advantage of the protections provided by any security software, Gold said.
“The fact he’s using an unsecured device should be very troubling,” Gold said. “Why somebody in the White House isn’t all over him, I don’t know.”
Mobile application management vendor Apperian will operate as a subsidiary of Arxan Technologies following its acquisition.
The companies today announced the deal, which SearchMobileComputing reported last week. Arxan, a security and management provider for mobile and internet of things apps, did not disclose terms of the Apperian acquisition.
“Apperian will operate as an autonomous group as part of Arxan and your day-to-day interactions with us and our team should not change,” president and general manager Mark Lorion wrote in a letter to customers.
Apperian also sold off a segment dedicated to security products for government clients last summer, Lorion told Xconomy. He did not name the buyer.
“One of the things we’ve realized over time is in the enterprise mobility space, more and more of the buying decision has been focused on security,” he told the website.
Lorion, who served as Apperian’s chief marketing officer since 2012, will lead the Boston-based company going forward. He assumed the role following the December departure of former CEO Brian Day. Day handled the acquisition process with Arxan and then left because he didn’t “really want to be a president of a division of another company,” he told BostInno.
Mobile application management (MAM) allows IT to secure and control users’ mobile apps and the data they access. In the years since Apperian introduced MAM to the industry, larger vendors developed or acquired their own MAM capabilities and added them to their enterprise mobility management suites. The investment in MAM from larger vendors validates Apperian’s approach to enterprise mobility, said Eric Klein, director of mobile software at VDC Research Group in Natick, Mass.
Additionally, Arxan and Apperian don’t have a large overlap in target markets, which gives them the opportunity to sell to each other’s customer bases, Klein said.