Are Droids lying about their security compliance?
IT may be forced to buy costly management software, block all Android devices, or risk unsafe data handling
Follow @MobileGalenThe current Froyo 2.2 version of Google's Android OS for smartphones such as the Motorola Droid and HTC Incredible doesn't support on-device encryption, making it incompatible with security settings at many businesses. However, some users are reporting that their Droids can connect to such networks, despite the policy mismatch. That indicates some Android smartphones are lying about their security compliance.
The Microsoft Exchange email server has a tool called Exchange ActiveSync (EAS) that lets IT set policies for a device to access the server. One common policy at many companies is requiring that the device encrypt any data stored on it. Many states' law requires such encryption be enabled on devices that contain customers' and employees' personal information, for example.
[ Also on InfoWorld: Get the details on what each mobile OS actually supports for mobile management and security. | Keep up on key mobile developments and insights with the Mobile Edge blog and Mobilize newsletter. ]
Android users can install the NitroDesk Touchdown app or a mobile management app such as that from Good Technologies to create an encrypted workspace on their Android smartphones. These apps then manage your email and keep it encrypted in those workspaces, which complies with the EAS policy requirement. Without such apps, Android does not support the EAS on-device encryption policy.
When a colleague bragged to me recently that his new Droid X was able to connect to the corporate network, which requires on-device encryption, I became concerned. It was only a year ago that Apple's iOS 3.2 update revealed that older iPhones had been lying about their compliance with EAS's encryption policy. The problem was a bug in the OS that Apple quietly fixed, but became a public embarrassment calling into question Apple's honesty when suddenly thousands of devices stopped connecting to Exchange servers.
Could the same thing be happening here? Are some Droids falsely reporting on-device encryption compliance?
