A recent audit on technology has earmarked security howlers in three of the biggest names in tablet devices, which has raised a lot of concerns with regards to the security ramifications of allowing employees to bring their personal devices at work.

Context Information Security‘s recent student had iPad, the Galaxy Tab and the PlayBook under the radar and the general consensus was that the Samsung tablet’s “enterprise readiness” was the least out of the three. Even though the BlackBerry PlayBook and Apple’s iPad fared somewhat better, but both of them had chinks in their armor that included desktop software which does not encrypt backups – not by default anyway.

The PlayBook was the sole tablet that provided decent separation between the personal data and work data, which is something that should be a pivotal feature when one considers the escalating BYOD (Bring Your Own Device) trend.

Each of the trio of devices supports Exchange ActiveSync, which is a factor connoting the fact that the configurations of the security core can be maneuvered and managed via a central exchange server. Even so, their suitability is influenced by the security control disparity. And these controls include the protection of data, software update and integrity, security configuration profiles, access control, connectivity, and then there is backup and synchronization – these factors tell us about the ease with which iPhone spy software or BlackBerry spy software can penetrate the respective devices.

The data protection on Apple’s iPad is strong, and so are the facilities regarding damage limitation. However, potential security breaches include the frequency of jailbreak attacks, and futile encryption on the disk unless a robust policy of passcode is applied. And even though the disk encryption scheme on the iPad is decently designed, iTunes backups by default store clear text files, which is obviously not acceptable for storing corporate data that is sensitive. A similar approach of back up is adopted with the PlayBook.

Even though the Samsung device is not accompanied by a locked bootloader, however, the disk encryption which is built in results in a more fragile support which makes the device rather difficult to use. Also, even if one enables the encryption of the Samsung Galaxy devices, it permits apps that are rather badly written to store and save the sensitive info on any SD card which is unencrypted and inserted in the tablet.

Plus, the lack of management tools which aren’t up to the enterprise level, also mean that it is difficult to maneuver anything more than a tiny number of Galaxy devices within the enterprise environment – something that the device shares with the iPad as well. BlackBerry’s PlayBook on the contrary, gives amazing logical and data separation among the two modes – personal and work, owing to a more all-round construction that saves biz data wipes from the employer while ensuring that the personal data remains intact.

BYOD is Unstoppable

Even though the security controls on the more conventional laptops and desktops are considerably easier to apply, however the recent trend that sees employees being allowed to bring own devices to work is something that cannot be stopped now. It is virtually impossible to ignore the growth of tablets and devices in workplaces and homes that offer a mélange of connectivity, portability and productivity – something that wasn’t possible earlier.

This format is ideal when one factors in social networking, and also when one considers sharing and creating documents, presentations and generating other type of content that one can carry with them as well. However, the same features also conjure a veritable dilemma by summoning security concerns for the organizations and firms. Our research implies that most of the device manufacturers still need to do a lot before their tablets can summon the security level needed for their use in corporate enterprises – and use with minimal spread of iPhone spy software and BlackBerry software among other malware.

A lot of the security merchants are busy marketing tools that are third-party and are designed to ensure that the security glitches engulfing the use of devices in the corporate environments. These tools would ensure that a lot of the issues outlined are rectified – although how much of it would be rectified is still not clear. BYOD management’s effectiveness and the relevant security mechanism was initially beyond the jurisdiction of Context, but now with the rise of the trend and the need of the hour, all contextual eyes and other gazes are on BYOD and its security repercussions.

Image courtesy of edans, Flickr.

This is a result of the law suit filed by the ACLU and  EFF in the federal court. These two agencies are attempting to charge federal agents who have been monitoring suspects through cell phone tracking methods without attaining warrants first. As a result of this action, a ruling by the federal court last year forced the Department of Justice to release around 214 names of individuals guilty of this practice. Subsequently, there were convictions on a public level or guilty pleas. The issue arises when the U.S Court of Appeals for Washington DC questioned if the government should make public the cases where the defendants had been cleared of all charges like using mobile phone spy (read more about cellspyexpert).

Privacy for one and all?

Currently the government is involved in 6 such cases in three states (Washington, Florida, and California) where the case was dismissed and the defendants got off clean. However, the Department of Justice claims that the government should not release information regarding the individuals information since that too is a privacy violation. It is interesting that the DOJ is fighting for the rights of the same individuals who systematically manipulate privacy, in this case, employ cell phone tracking without warrants. Though they may get off guilt free, it remains that there has been investigation and therefore some sort of suspicion towards their actions. In the fight for privacy, it is too immature a point in time to cover up any information regarding it.

But the Department of Justice continues to argue otherwise. By publically pointing out these individuals, the embarrassment and shame of being criminally investigated is detrimental to their well being. Especially since the charges against them have not been found to be true, it is unfair for these people to have to deal with the bad publicity that comes with being associated in such a case. It is bad enough that they were publically highlighted for the case and it only makes sense to protect them from further scrutiny.  However, the ACLU and EFF are adamant that Americans deserve to know what is happening on all fronts in order to understand their own privacy rights better in regards to being tracked through cell phone spy.

Public Interest levels

Many in the Civil Division’s federal programs branch say that even if the public is made aware of the details of all the cell phone tracking cases, withholding the information on the few cases where no one was found guilty will hardly make a difference. Moreover, the argument is that in reality public interest levels are not as high as made out to be in such cases. Privacy concerns exist, yes, but the public seems to be more interested in the outcomes and implemented policies and not the legal or technical details.

So while the courts and federal agencies engage the government in a battle for information relating to cell phone tracking and cell phone spy, the public must do with whatever information it can gauge in between the lines. Whether any of that information will be able to help ensure against threats via cell phone is another question altogether.

Currently the exact features seem to be kept under hush-hush priority but that doesn’t stop users from coming up with their own wish lists. After all, the defects and problems in the previous update stand as reminders of what we’re all hoping to get fixed. Apparently from what is being talked about, there is something to keep everyone satisfied. Here’s what the rumors are:

For Users/Consumers

1.       The update will have a SIRI feature which is in fact a voice assistant.

2.       Google Chrome Browser

3.       Improved Touch Keyboard

4.       Clearer Google Integrational features

5.       Tablet specific features

For Corporations/Businesses

1.       Laptop running capability

2.       A dual boot with Microsoft Windows

3.       A file system

4.       Increased Android spyware/malware security

5.       Doing away of mobile Flash

Annual Updates

Some more good news that can be expected is that Google has decided to release one update per year. So this means that constant updates aren’t going to plague your conscience; ample time to use the device and explore all it has to offer. Not to mention the regularity will do good for both users and the company in creating a more reliable device and user oriented service.

More Safety, More Usage

If we’re to look at user demands right now, the answer would be simple enough. The Android is the most unsafe mobile platform, and that too for a number of reasons, including that it lacks safety and anti-Android spyware features nor does it allow third party developers to provide them. If the Jellybean is able to come out as a security oriented API then progress like this would truly leave its competitors in the dust. Enterprises which wish to use Android to monitor employees and would like to see Android become the next BYOD option might just be able to make the switch (from Samsung) in the future.

User Interface Enhancement

The User Interface is also set to be enhanced. It is supposed to be easier to use and promises some changes which are different from its predecessors. Now what exactly is so different can only be left up to your imagination. However, it does seem that users may have to adjust to the new settings (hopefully not disappointing ones).

The nitty gritty of it isn’t all that well known but the word is that there is no improvement when it comes to device to device synchronization. This would be disappointing for many users since having a single User Interface for a single device is found to be annoying by most. Perhaps one of the reasons that the iOS does so well is that the interface remains the same regardless of device.

So what will it really be like? Will it live up to the rumors and our dreams? Come June and we’ll know how the Jellybean really tastes instead of just daydreaming about it.