A muddled browser mix
Google has long been the leader in pushing forward the HTML5 standard in its desktop Chrome browser, regularly outpacing both Mozilla and Apple, despite their strong HTML5 commitments. In mobile, Apple's Safari has held the lead, but that changed last fall: In the HTML5test.com tests of HTML5 compatibility, the iPhone 5's Safari browser scored 360 points out of a possible 500, whereas the Galaxy S III's stock Android browser scored higher, at 380 points. Google's optional Chrome browser scored 369 points.
InfoWorld's tests show that the stock Google Android browser is more compatible than Chrome for Android with AJAX and TinyMCE, which means it works better with high-functionality sites. Yet Google is trying to push Chrome as the standard Android browser. There should be just one Google Android browser, and Chrome is the natural choice so that you can get cross-device syncing. But Google has to make sure Chrome for Android handles HTML5, AJAX, and plug-ins like TinyMCE as well as as its older browser did, which still ships with many new Android devices. Then it can kill off that old browser and simplify the user experience without compromising it with two variations.
Untangle the email jumble
Along the same lines, Google needs to merge its Gmail and Email apps. Yes, I know it wants to promote its own services, but it's nuts to expect users to bounce between email clients, which anyone using an Android smartphone for both personal and business purposes is likely to do. Email is email -- don't create an artificial division.
If Google wants to really promote its cornucopia of privacy-invading services, it should copy the intent behind either Windows Phone's People app or BlackBerry 10's Hub, which provide an integrated communications experience across email, social media, and messaging. A Google app that combined its many communications-centric services would make a lot of sense for users and reinforce its brand -- unlike the Gmail separation of today.
Simple security holes to plug
Android has made a lot of strides in its security and management capabilities, though it continues to trail iOS, Samsung's SAFE version of Android, and BlackBerry 10. A few straightforward changes would go a long way to making Android a safe choice for business users:
- A VPN configuration utility that humans can use. An iOS user doesn't have to know all the protocol details to connect to a VPN, but an Android user does, which is just silly. It could use support for Cisco IPSec VPNs, too -- like iOS does.
- Support for certificate-based PEAP-secured Wi-Fi networks, again like iOS.
- An option to disable side-loading of apps, so non-Google Play apps can't be installed. At the least, the ability to set a password on the Unknown Sources side-loading control would help, but an API control for mobile device management tools to use to disable the side-loading feature on corporate-managed devices would be even better. Such side-loaded apps expose Android's biggest security weakness: Its unregulated app model, which has made Android the No. 2 magnet for malware, after Windows.
- The Google Play app store also has a lot of malware, despite Google's Bouncer malware scanner. Either Google needs to vet its apps closely, as Apple, Microsoft, and BlackBerry all do, or create a program for safety-guaranteed apps that would let users -- and MDM tools -- know which apps are safe to install from Google Play.
- Up the device encryption level from 128-bit to 256-bit, for parity with iOS, Samsung SAFE, and BlackBerry 10.