Suddenly, it’s Google vs. Samsung for Android security

At first blush, Google’s purchase of Divide this week seems like way too little, way too late. But even if its dual-persona mobile-security approach isn’t the right battle tactic, Android security is the war that needs to be fought. And maybe now it will be.

Ironically, had Google purchased Divide a year ago, it would have looked brilliant. Last spring, dual-persona mobile devices were all the rage; they were smartphones that had a personal space and a workspace, keeping applications and data safe and separate. IT shops loved the idea. Sure, the dual-persona approach had been around for a few years: It was part of BlackBerry’s hoped-for rebirth, using its Balance technology. Enterproid, later renamed Divide, offered the technology for Android in 2011. Open Kernel Labs had a similar approach in 2012, and defense giant General Dynamics later bought it to offer dual-persona Android devices to the military.

[ Making sense of mobile device, app, and information management. | Mobile security: iOS vs. Android vs. BlackBerry vs. Windows Phone. | Keep up on key mobile developments and insights with the Mobilize newsletter. ]

But no one really cared until Samsung announced Knox in February 2013. Suddenly, dual-persona smartphones got IT’s attention outside the military-industrial complex. Samsung was going all-in on Android security, an aspect of the mobile platform to which Google had long only paid lip service. In fact, Google cared so little about mobile security that it disbanded its highly respected 3LM security team, acquired when it bought Motorola Mobility. Given Android’s huge popularity outside the enterprise, IT feared those unsecured devices would eventually break in, so the Knox promise seemed like manna from heaven.

Dual-persona mobile security isn’t catching on Here we are a year later, and Knox is struggling. The first version of Knox didn’t live up to Samsung’s promises, it was not widely available, and it came with sticker shock. News reports indicated the feds were unhappy with how Knox worked in practice. Today, the dual-persona frenzy in IT seems to have dissipated, and the newly released Knox 2.0 is struggling for attention.

It’s not just Knox: BlackBerry keeps losing market share, even in the allegedly security-concerned enterprise — Balance simply hasn’t helped. The Divide product came and went as a relabeled AT&T offering and is rarely sighted in the real world. General Dynamics’ military Android effort likewise seems stalled — it’s certainly invisible in the world at large — even as defense agencies have certified iOS along with Knox and BlackBerry for most employees.

The bottom line: Dual-persona mobile security feels like a dead end.

Part of the issue is that switching personas is annoying to users. I can attest to that from my experience with BlackBerry Balance. BlackBerry did a good job with Balance’s design, but even good design doesn’t overcome the fact that you have to switch modes, and on a smartphone, you switch between personal and business modes a lot. It makes more sense to separate the data and apps under the hood, as some mobile-management tools allow on iOS and Android. Essentially, they let the originating server own its data and apps and manage them directly. Enhanced policies on data sharing offer easier control of data flow across apps, especially in iOS, which requires developers to whitelist sharing and makes sharing an explicit user action.

The wrong technology, but the right battle for Android Still, even if dual-persona mobile security is dying, there’s a war brewing in the Android world over whether Google makes real security and manageability part and parcel of Android — which IT would love — or Samsung gets it right and establishes Android enterprise dominance before Google gets its act together, if it ever does. IT would easily live with a Samsung hegemony, given the company’s huge market share, if Samsung showed it could actually deliver on security and management needs — and stick with it for the long term.

That’s the real issue here, not whether Divide and Knox end up being Android’s paths to enterprise acceptance. Google has gained little trust in IT, for good reason. Samsung got Defense Department approval last year for Knox but squandered that blessing through a botched deployment.

On one level, neither Google nor Samsung seems in a position to execute on a security and management strategy that would compare to Apple’s. They have bigger problems.

Samsung’s been wobbly on several fronts. The newest Galaxy, the S5, poorly copied Apple’s Touch ID technology while not moving the needle forward in other areas — people think “tacky back” when they think of the S5, not “cool smartphone.” Samsung has visibly retreated from its grand innovation ambitions of spring 2013, when it put on a Broadway show to introduce its fantastical vision of the connected home. This year, in a subdued presentation, its CEO emphasized practicality and a move away from “innovation for innovation’s sake.” Samsung’s smartwatch efforts have been embarrassing. Its strategy of copying Apple products has largely failed except for the smartphone and tablet; its Apple TV and iPod Touch clones went nowhere, for example, and even its decent tablets do poorly in the business world in comparison to the iPad. All in all, Samsung feels like it’s flailing from one half-baked idea to the next.

Google has had its own problems, not least of which is that Android innovation has largely stalled since 2011’s Version 4.0 Ice Cream Sandwich, as Google seems more interested in developing applications designed to hoover up data from any platform (à la Google Now) than pushing Android itself to new heights. Its device focus seems to be shifting to the five-year-old Chrome OS, but its cloud services remain unable to handle serious business needs.

However distrusted Google is and how wobbly Samsung seems to be, the fact is that it will take one of these companies to make Android security trustworthy enough for broad business use. Even with the help of mobile-management tools, Android simply can’t hold a candle to iOS or BlackBerry when it comes to security and manageability. And Microsoft keeps improving Windows Phone, which is now approaching respectable levels.

Google and Samsung are the two companies that have the means and reach to change that situation. HTC and Sony are barely hanging on, and Lenovo’s strategy in acquiring Motorola Mobility from Google is unclear, but even if it has Samsung-level ambitions, it will take several years to realize them. Despite all the talk about emerging Chinese giants such as Xiaomi, they don’t matter a whit in North America or Europe; they’re completely consumer-focused anyhow.

The very fact that Google is investing in Android security is significant. If it follows through with more of the same, we’ll see Google and Samsung vie to fix Android’s security shortcomings before the other. Whoever gets it right first and delivers the technology broadly will dominate Android in business. If Google does it, the whole platform wins. If Samsung does it, Samsung wins and gains more ability essentially to fork Android by making its services push out Google’s. If neither does it, Apple keeps its current win.

However it turns out, this is a fight that needs to happen. For business, Android needs to get serious — or get out of the way.

This article, “Suddenly, it’s Google vs. Samsung for Android security,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen’s mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.