BlackBerry leads the pack when it comes to secure mobile platforms, according to a study by security firm Trend Micro, Bloor Research and Altimeter Group.
BlackBerry attained the highest average score, followed by Apple IOS, and Windows Phone, but Android was scored the lowest, the report said.
The platforms were compared on a combination of factors including built-in security, application security, authentication, device wipe, device firewall, and virtualisation.
The ranking was the same when the platforms were compared in terms of their overall ability to meet the demands of use in the enterprise.
“Security people I work with are scared witless by consumerisation and the rapid adoption of these devices. Aside from the technical challenges, organisations need to understand the importance of a decent mobile device security policy and supporting user education," said Nigel Stanley, security practice leader, Bloor Research.
Raimund Genes, CTO at Trend Micro said that against the growing, unstoppable backdrop of consumerisation and BYOD, every mobile device is a risk to business.
"What is interesting in these results is that, whilst some mobile platforms have evolved very noticeably along enterprise lines, there is still a strong ‘consumer marketing’ legacy in some quarters and this is negating some of the progress made on the enterprise front. Indeed, some of the attributes we have examined in the report are still firmly ‘enterprise-unready," he said.
The researchers commented that corporate-grade security and manageability make BlackBerry the option of choice for the most stringent mobile roles.
However, many features and protections that are commonly enabled or enforceable through the BlackBerry Enterprise Server (BES) are not present on devices that are user-provisioned through BlackBerry Internet Services (BIS).
Some of the strongest features restricting high-risk activities that users may undertake, such as removal of password protection for the device, may be rendered inactive if a user’s device is not provisioned via the BES, the report said.
The iOS application architecture natively provides users much protection because all applications are “sand-boxed” in a common memory environment. Security in iOS also extends to the physical attributes of the iPhone and iPad.
There are also no options for adding removable storage, which in effect provides another layer of protection for users.
But where the BlackBerry IT administrator has complete control over the device, in iOS, the IT department can configure items only once the user has supplied their permission, the report said.
Researchers said Microsoft has learnt the lessons of the past and created a reasonably robust and secure smartphone operating system in Windows Phone.
The OS uses privileges and isolation techniques to create sandbox processes. These “chambers” are based on a policy system that, in turn, defines which system features the processes operating in a chamber can access.
Although Android is now available in more recent versions (4.x), version 2.x is still the most widely deployed on existing and new handsets. This is a security risk in itself, the report said, because there is no central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period.
On the positive side, Android is a privilege-separated operating system and applications cannot access the network without prior consent. Apps run in their individual sandboxed environment and permissions are granted by the user on a per app basis.
Unfortunately the end user often fails to inspect the permissions request dialogue closely in their haste to use the app, the report said. It is also often unclear, when permissions are given, what the application is actually capable of.