Samsung, in contrast, created Safe. The company started with Android, the only platform actively being blocked by IT organizations due to security concerns. I was at an event last year where McAfee showcased that an Android phone can be remotely attacked, put into a loop, overheat and catastrophically fail.
Meanwhile, Kaspersky recently discovered spy software that turns on the microphone of the Android devices, recording what's being said in the room. Finally, SophosLabs documented five classes of hostile Android apps. Some, once installed, automatically install additional apps, send identity information to the attacker, or hijack social network accounts.
So Samsung started with a platform that, by any reasonable measure, provides inadequate security for personal use, let alone business use. Ideally, to fix the problem, the company should have done what Amazon did with the Kindle and forked the code, creating a unique and more secure version of Android that wouldn't be as vulnerable.
Instead, Samsung went with mobile device management (MDM)-which, in the case of a vulnerable platform, only makes IT more responsible for adverse results but doesn't address the core security problems. The company implemented encryption, which can protect the files unless a user's identity is stolen, which unfortunately is the purpose of much Android malware. Samsung also installed a VPN, which actually makes a compromised device more dangerous, because VPNs tunnel through the perimeter security of a business, potentially granting even greater access to the attacker. Finally, the company made email connectivity improvements, which also giving an attacker greater access via a compromised phone.
All in all, this showcases that Samsung, a broad-based manufacturing company, doesn't understand IT needs nor the actual vulnerabilities that IT needs to address. For a period last year, Samsung phones were less secure than other Android phones.
One of These Things Is Not Like the Other
Generally, when a company is new to IT, it takes an existing product and patches it to look IT-like. Then, upon learning that that approach sucks, it goes back and creates a product from scratch that's designed specifically to meet its compliance and security needs.
Android, as it is, is too insecure to patch this way. Samsung may eventually realize that Blackberry and even Apple are closer to the mark; both companies control their own platform in order to provide an acceptable business solution. In the end, when you compare BlackBerry to Samsung, you can see that BlackBerry is an enterprise vendor. Samsung, not so much.
Sign up for Computerworld eNewsletters.