Motorola’s big plans to fix Android’s security woes

It’s official: Motorola Mobility execs have confirmed to InfoWorld that the smartphone maker is working to fill the security gap in Android smartphones. Android’s popularity comes despite the fact that Android devices can’t be managed to meet business-class security needs like a BlackBerry or iPhone can. Android does have very basic security capabilities, but not enough to be trusted. Yes, you can run client apps that come with their own management and security features, but they only secure the email, contacts, and so on that they manage, leaving the rest of the Android device exposed and unmanaged.

To address this, Motorola Mobility is relying on 3LM (Three Laws Mobility), a small startup it acquired that develops enterprise security and management tools for Android. 3LM executives have now confirmed those plans and filled in some of the details of their game plan.

What Motorola intends to do is create the APIs for Android that add the missing security and management capabilities at the OS level, so the entire device can be managed via policies by mobile device management tools, such as those from Good Technology, MobileIron, and Zenprise. Motorola Mobility plans to offer its own mobile management suite by July.

The management infrastructure created would be similar to that available on Research in Motion’s BlackBerry platform, on Microsoft’s now-defunct Windows Mobile platform, and on Apple’s iOS 4 platform. The 3LM-created APIs would enable a whole series of new centralized management and security capabilities on Android that enterprises have hungered for. Such capabilities would include malware protection, enterprise-level encryption for data at rest and in transit, user administration for predefined Active Directory and/or LDAP groups, remote application installation, remote lock, remote wipe, and advanced password rules.

For reference, the Android OS natively supports SSL encryption for data in transit, as well as remote lock, remote wipe, and basic password rules that can be deployed through the Exchange ActiveSync protocol in Microsoft Exchange, enterprise Gmail, and other corporate mail servers. The new Android 3.0 OS for tablets has added on-device encryption.

When Apple introduced similar capabilities last summer, it wasn’t long before mobile device management vendors took advantage of them — and banks, hospitals, and other security-conscious organizations began opening their doors to iPhones and iPads.

Should the Motorola Mobility effort deliver on its promise, the same open-door policy is likely to happen with Android. To get around the fact that Motorola Mobility is an Android device developer, with products such as the Atrix smartphone and Xoom tablet, 3LM will be run as an independent subsidiary that also provides the APIs to Motorola Mobility competitors like Sony Ericsson, HTC, Sharp, and Pantech.

Delivering on Motorola Mobility’s promises is of course a tall order for a startup, but the 3LM founders’ credentials are encouraging: Gaurav Mather was previously Google’s Android program technology manager. Co-founder Tom Moss was Google’s worldwide head of business development and operations for Android. Motorola, meanwhile, can provide the funds, clout, sales, marketing, back office, and other infrastructure to get things moving fast.

If Motorola Mobility comes through, would it gain traction among other Android device makers and by mobile device management (MDM) vendors? Ojas Rege thinks that chances are good — if 3LM were to be truly independent of Motorola Mobility and if there were a clear, sustained commitment to the APIs and supporting technologies. Rege, vice president of product at MDM vendor MobileIron, didn’t know the specifics of Motorola Mobility’s plans, so he could not assess the 3LM proposition specifically. But he said that such developments from any major provider could have a positive effect on Android’s business fit.

Should multiple APIs spring up, with different device makers taking their pick from the choices, both MDM vendors and IT managers would have to decide how many to support, based on market share, technology differences, and other factors. Rege said that Google doesn’t want Android to get too fragmented, so if an effort like Motorola Mobility’s ended up being one of many, he would expect Google to step in earlier.

Rege said that Google has MDM in its Android goals, noting the addition of on-device encryption in the recently released Android 3.0, but acknowledges that Google isn’t moving as quickly as entertprises need, given the demand by users to bring Android devices into the office. An MDM API effort such as Motorola Mobility’s plans could help Android gain faster acceptance by enterprises, Rege said, and that in turn could spur Google to move faster on making such capabilities native to the Android OS. If Motorola Mobility became the de facto MDM API provider for Android device makers, the question of Google’s speed would be largely moot, and both IT and MDM vendors would have an easier time making Android an equal member of their mobile device portfolio.

Additional reporting by InfoWorld executive editor Galen Gruman.

This story, “Motorola’s big plans to fix Android’s security woes,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.