Android: Why the Big Fuss?
25.01.2010
The iPhone has drastically changed the smartphone market, introducing a simple user interface, an application store, and even new business models. Now Google wants a piece of this growing market - and is set to grab it with its Android mobile platform.
The business model is more challenging, as Android is an open-source platform with phones being produced by traditional handset makers. Android is creating lots of buzz now-a-days, and already boasts more than 20 models and a growing application market. Everyone is eager to see how this new platform will succeed.
Android is an open platform on which users can install applications developed by thousands of developers - just like the iPhone. While this is a great advantage to consumers, it presents some security issues.
Users will inevitably download malicious applications, as they have no real means of controlling the application code. They will accept that the applications use sensitive resources, such as localization, networking, and Google user accounts - knowing that otherwise it cannot work. But they will have no guarantee that these sensitive resources will be used safely.
Furthermore, Android is a large, Linux-based system - so it cannot be bug-free. It is therefore subject to security holes, which will become increasingly visible as more attackers target this environment. The iPhone is already familiar with such problems and the bad press it results in.
Android devices have a huge potential in terms of functionality. Accordingly, service providers and network operators want to deploy new services to generate new revenues. But for most of these services, some sensitive assets need to be protected on the phone. Malicious third-party applications are a real threat.
Two types of secure execution environments that are isolated from the Android system are now available for mobile platforms: on-device Trusted Execution Enviroments (implemented from Elatec's technology partner) and Secure Elements (such as the UICC).
Secure Elements can be excellent secure containers - particularly for highly sensitive banking keys.
Trusted Execution Environments, on the other hand, are the perfect solution to control or access sensitive device resources, while accessing the full processing power of the phone. Some use cases, such as user interface and device cryptographic hardware accelerators, require such a solution - which can be implemented jointly with a Secure Element for an optimized secure solution.
Smartphones will soon offer an array of new value-added services - but revenue-generating services require security technologies. The good news is: These technologies are now available. Smartphones will not be transformed into a PC-like security nightmare!
