It's a conundrum facing many of today's workers: how to carry the latest and greatest smartphone with fun, personal apps and securely access corporate data from the same device.
Enterproid, which is broadening its beta this week and introducing itself as a company, has a new take on solving the problem.
[ Also on InfoWorld: Motorola's big plans to fix Android's security woes. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
"All the solutions today are compromises between security and management by the company and freedom by the user," said Andrew Toy, CEO and co-founder of Enterproid. A worker might be forced to use an unappealing phone at the office and so decide to carry two devices, one for personal use and another for work. Or a company might take some risks by allowing users to access corporate data from a less secure device.
Enterproid joins a few other companies trying to figure out an elegant way to separate work from play on a single Android-based phone.
It does so by building a special enterprise section in the phone, made up of Enterproid's platform software and its own email, calendar, contacts, messaging, and browser apps that can securely access corporate data. The apps are based on Android tools but have "business-class extensions," Toy said.
For example, all corporate data is encrypted on the device, he said. Also, the apps use a proprietary set of permissions, so no standard application can request or access any data in the Enterproid apps.
The Enterproid apps are only available in the enterprise section of the phone, which appears to the user as a separate home screen. Enterproid calls its platform "Divide," because it creates separate profiles for personal and professional use on each device.
That means an enterprise can force users to input a password to open the professional profile, which would make it harder for someone who steals the phone to get at corporate data. The user can opt not to use a password to access the personal profile.
The two profiles are "partially aware of each other," Toy said. If a user is looking at the personal profile, the user will see an alert in the Android notification panel that new messages have arrived in the email box of their work profile. Users can move between the profiles in several ways, including double-clicking on the home button.
IT departments can remotely manage the professional profile of the device using tools hosted by Enterproid. An IT manager can see information about voice, data and SMS use and see how that use is split between the personal and private profiles.
IT administrators can also set policies from a management console, including screen lock and password requirements and which applications are permitted in the corporate profile. They can also set a customized skin, or background, for the enterprise profile and prohibit downloading applications from the Android Market to that profile.
They can also set more sophisticated rules. For example, if an IT manager worries about potential security issues with a particular app, the manager can forbid the user from accessing any corporate data while that application is running.
IT managers should be comfortable with using a hosted management tool, because corporate data doesn't actually flow through Enterproid, Toy said. "We don't route data through our data center," he said. "We are a management system, and the actual data transport is done by ActiveSync." Any corporate mail service that uses ActiveSync is compatible with Enterproid's system.
Enterproid is also offering management tools for individual users. Users can log into their own management console, where they can access various functions, including locating the phone if it is lost. By default, the IT manager cannot access the location of the device. A user must permit that, he said.
Also, by default, IT can only wipe corporate data and cannot wipe personal data from the device. Individuals may remotely wipe their data, however, from their management consoles.
Enterproid is allowing individuals and businesses to sign up for the service. During the beta period, the service is free. Final pricing hasn't been set, but it will be priced like a service rather than sold as a piece of software.
To try out the service, people can sign up on the Enterproid site for an invitation. Once they get an invitation, they download an application to their phone over the air and enter their corporate credentials to get started. The Divide application is a couple of megabytes in size, and all the existing apps amount to about 20MB, he said.
Enterproid plans to release an SDK (software development kit) so that third parties, such as developers in an enterprise, can build their own encrypted apps for the system. Enterproid also hopes to expand its platform to be compatible with Apple iPhones and Microsoft Windows Phone devices.
There are other attempts at partitioning work and personal activities on mobile phones. VMWare this month demonstrated a virtualization platform that enables two profiles on an Android phone. It's product has been criticized by some because it runs two full versions of the Android operating system, which they say can slow down the phone.
Open Kernel Labs has yet another approach. It is offering tools that let applications run in their own virtual machines. This isolates the application, so any attack targeting Android wouldn't be able to access the application.