1. Google and BlackBerry have collaborated to strengthen Android security for enterprises. Google has enhanced Android security through improved encryption, scanning and updates. BlackBerry extends this with advanced management, connectivity and apps.
2. BlackBerry management provides a single console for multiple Android deployment options. Its connectivity ensures secure access to corporate networks and apps from any device. Secured apps can be deployed alongside the Google Play catalog.
3. Together the solutions from Google and BlackBerry deliver the most comprehensive Android security for enterprises, including security updates, hardware protection on BlackBerry devices, and a full security suite.
Android in the Enterprise New Security Enhancements: Google and BlackBerry Strengthen the Case
1. Android in the Enterprise
New Security Enhancements: Google
and BlackBerry Strengthen the Case
White Paper
2. Executive Summary
BlackBerry®
and Google have worked together to enhance and simplify secure mobile productivity.
The collaboration brings the leader in mobile security together with the world’s most popular
mobility platform.
With enterprises rapidly embracing the Android
TM
platform to transform their workflows and
processes through mobile innovation, Google has made a number of significant improvements in
Android-specific security. These enhancements add to Google-provided security services, which
are continuously updated to address both new and ongoing threats.
While security at the application and operating system level is critical, enterprises can go further
by choosing the right mobility management platform. Building on Google’s security enhancements,
BlackBerry Secure EMM Suites deliver the best Android security, productivity, and flexibility, to
meet all enterprise use cases.1
The complementary solutions delivered by BlackBerry and Google accelerate change while ensuring
compliance with corporate security guidelines. This paper describes how these developments work
together to keep enterprise Android users productive and protected.
Getting a grip on mobile security in the enterprise is no small feat. Inevitably, just when CIOs, CSOs
and IT administrators think they’ve got things under control, a new media report emerges to keep
them up at night.
It’s often difficult to assess the true level of risk, and tougher still to determine how to mitigate it.
There are now simply so many moving parts, so many competing requirements, so many new
technologies, and so many emerging threats that staying on top of it all can be overwhelming.
Many of the key issues are interrelated, including:
1. BYOD
While corporate-owned devices are still popular in organizations of all kinds, 74% of organizations
report that they’re currently adopting or planning to adopt BYOD to some extent. Many are
struggling with how to manage these devices and the apps they contain, and liberal BYOD policies
(where IT has insufficient control) are surprisingly widespread.
2. Device, OS and app proliferation
Tied to BYOD is the reality that IT is under pressure to say yes to more device types than ever
before. By 2020, the number of unique devices owned by the average mobile worker will have
increased to 4.3. More devices mean more operating system versions to contend with, which
makes it harder to ensure that timely updates and security patches are in place. Harder still?
Managing the increasing number of apps these devices are running, which analysts predict is set
to explode this year.
The Growing Complexity of Mobile Security
White Paper
3. 3. Pressure to mobilize all processes
Businesses are under more pressure than ever to develop their own mobile apps, with many
adopting “mobile first” and “mobile-only” business strategies in an effort to lower costs and
increase agility. And organizations across the spectrum are adopting a wide range of new mobility
initiatives, ranging from payments to collaboration to business analytics. Sales firms are driving
efficiency by enabling reps to close and input deals on the spot. Banks are boosting customer
satisfaction (and warding off competitors) with full-service mobile banking apps. Emergency
response teams are using mobile collaboration apps across borders to resolve crises faster than
ever before.
4. Multiple mobility management solutions
Today, most enterprises have several point solutions patched together to manage devices, apps,
identity and authentication, VPNs and more. This complexity, often spanning multiple vendors,
contracts and interfaces, creates cost inefficiencies and unique vulnerabilities.
Recognizing the challenges and opportunities that enterprises and IT organizations are facing,
BlackBerry and Google worked together to enhance and simplify secure mobile productivity. Let’s start
with a look at how Google has made Android safer through improved encryption, containerization,
scanning and more.
What IT Needs to Know About the New Android
Google’s Android security model is, and always has been, multi-tiered, with application sandboxing,
as well as security through Google Play™ services. The following recent updates add additional
layers of protection:
• Requiring full-disk, block-level encryption for all capable Marshmallow and above devices
• Starting in Nougat, Android supports file-based encryption as well
• Providing device integrity using Verified Boot which is required on Marshmallow and above
capable devices, and will be in strict enforcing mode on Nougat devices
• Expanding the use of hardware-backed cryptography and removing older, export cipher suites
• Enforcing mandatory access control (MAC) over all processes using SELinux, which enhances
security by confining privileged processes
• Implementing vulnerability exploit mitigation with ASLR (Address Space Layout Randomization) and
Fortify Sources. Additionally hardening the mediaserver and increasing ASLR randomness in Nougat
• Introducing seamless updates with Android Nougat, so that new Android devices built on Nougat can
install system updates in the background, enabling these devices to automatically and seamlessly
switch into the new updated system image
• Incorporating attestation services for application developers
White Paper
4. In addition to the recent enhancements made to Android, Google provides a number of security
services as a baseline:
• “Verify Apps” is a service that checks all the applications that are installed on the device –
even installations from unknown sources – to ensure users are protected against Potentially Harmful
Applications (PHAs) prior to install. All previously installed apps are regularly re-checked. Verify Apps
performs over 400 million security scans per day.
• ‘SafetyNet’ is a service that validates that the device is operating as expected according to the
Android security model, and detects and protects against network-level attacks. SafetyNet analyzes
about 600 million network connections per day.
• The Safe Browsing API, used by Google Chrome™ on Android and available to other browsers, protects
against browser-based exploitation and websites attempting to deliver PHAs.
• Webview updates are now provided via Google Play as needed to ensure users have the latest
Webview security updates and other bug fixes.
• Google Play services provides a way to automatically update the device’s Security provider to protect
against known exploits.
• Google Play scanning engines now employ machine learning and upwards of 10,000 CPUs.
• Google is now also delivering monthly security updates for Android to address vulnerabilities and
ensure enterprise customers get timely Android OS patching.
Google works continuously to reduce the existence of Potentially Harmful Applications in the Android
ecosystem by vetting applications offered via Google Play and expanding the set of security services
for applications that run on the Android platform. All applications on Google Play are subjected to an in-
depth security analysis before being made available to the public. This analysis includes static analysis,
dynamic analysis, heuristic analysis, third-party review, and when needed, a manual review to identify and
classify any potential threats. Applications are also re-reviewed on an ongoing basis.
A major portion of detected PHAs originate from Russia and China, where there is a large market for
non-Google Play app stores. In 2015, Verify Apps reduced the number of PHA installations outside of
Google Play by 80%. This is significant – according to Google’s own analysis (detailed in the Android
Security 2015 Year in Review report), PHAs continued at low levels throughout 2015, and less than 0.15%
of devices that downloaded only from the Google Play Store had PHAs installed.
Devices that were infected typically used side-loaded applications or applications from unknown sources,
outside of Google Play. Only those applications thoroughly vetted and available on Google Play provide
additional protection levels.
As a result of these enhancements in the Android OS and Google’s continuous, in-depth review process,
its holistic security ecosystem now protects over 1.4 billion devices.
Google’s Baseline Security: 400 Million Scans a Day
White Paper
5. How BlackBerry extends the Picture
White Paper
With Google making powerful enhancements to the Android OS and working hard to eliminate harmful
apps, why does it matter what mobility management platform you’re using?
The truth is, there’s a lot more to the secure mobile productivity story. More opportunities to capitalize
on, and more challenges to address.
The combination of Blackberry and Google brings the industry leader in mobile security together
with the world’s most popular mobility platform. The collaboration delivers the most comprehensive
Android security offering on the market, and the best possible approach to cross-platform EMM,
providing enterprises with the following value-added benefits:
1. Multiple Android deployment options –
all managed through a single pane of glass
BlackBerry supports multiple deployment modes for Android, including Android for Work, Samsung
KNOX™ and Good for Work (and combinations of the three). Regardless of how you deploy, your
administrators can manage Android devices from the same console, alongside all the other
devices, enterprise apps and value-added solutions (such as WatchDox®
) that drive your mobile
productivity. BlackBerry’s solutions also integrate seamlessly with Google Play for Work, and any
app in the Play catalogue is available for immediate deployment and business use. For end users,
the experience is both seamless and familiar.
2. Trusted BlackBerry Secure Connectivity
With BlackBerry Secure Connect Plus (available whether you deploy on-premise or via the cloud),
employees get secure connectivity to their corporate network no matter where they’re working. They
have easy access to apps and data behind the firewall, and an enhanced experience for data and
video streaming. On the administrative side, this eliminates the need for expensive mobile VPNs, and
makes it a very attractive option for regulated industries. Administrators can also set compliance
requirements for access granted to managed devices, including checking for security patch levels.
3. Secured access to corporate-developed
and commercial applications
Now, secure Good Dynamics apps can live within Android for Work and Samsung KNOX work
profiles. This gives customers the best of both worlds: access to broad Google Play catalogue
(as whitelisted by IT) plus Good Dynamics secured applications, all managed by IT.
What is the Good Dynamics Platform?
The Good Dynamics Platform uses next-gen containerization to protect all corporate data. With FIPS-
validated crypto and years of usage in the most demanding environments, it enables organizations to:
• Protect corporate applications from leaking enterprise data outside of IT control,
through policy-based app controls
• Secure enterprise data in use, at rest and in motion between backend servers and apps
• Maintain the security of documents and data shared between apps,
via encrypted app-to-app tunneling technology
• Preserve end user privacy without the need for intrusive geo-location or
whole device wipe techniques
6. White Paper
4. Hardware that’s extra hard
BlackBerry has applied its world-renowned security model to BlackBerry PRIV ®
, its first-ever
Android smartphone. With zero-day updates, regular security patching, and protective measures
against tampering, PRIV is one of the most secure Android devices on the market today. Bolstering
the app scanning and verifying technology Google delivers, BlackBerry PRIV includes DTEK™, a tool
that monitors the information that apps are using and how they’re using it. This data is analyzed
alongside other security measures, such as password strength and encryption, to assign a security
score – and provide feedback to users on how they can better protect themselves.
5. A comprehensive suite of security solutions
WatchDox, BBM™ Protected, AtHoc™, and SecuSuite®
form a comprehensive portfolio of enterprise
software addressing secure messaging; crisis communications; secure voice, texting and video
calls; and secure enterprise file sync and share (EFSS). These applications are available within select
Secure EMM Suites, which address the needs of organizations at every level of mobile maturity.
6. Support that’s multi-OS, across all ownership models
BlackBerry’s solutions portfolio is platform-neutral, and allows organizations to deploy and manage
devices across all ownership models, including bring your own device (BYOD); corporate-owned,
personal enabled (COPE); corporate-owned, business only (COBO); or a combination of the three.
7. Flexible enough for any use case
No matter your requirements, the BlackBerry enterprise software portfolio can address
your organization’s needs. This is true even of organizations subject to stringent regulatory
requirements, or those that work frequently with contractors and business partners. Support for
the following is guaranteed:
• All Android devices, including wearables
• All user classes
• Differing app, security, and usage requirements
• Device-agnostic Identity & Access Management (IAM)
8. No licensing hassles
Leveraging the benefits of the Google-BlackBerry partnership is as easy as choosing a Secure
EMM Suite. There’s one suited to every organization, no matter your size or industry, or how far
along you are on the path to mobile maturity.
Security-conscious organizations, including those in regulated industries, such as healthcare, finance
and government, have long trusted BlackBerry to safeguard their data and protect their mobile
communications. Now, as Android-based devices become increasingly attractive for productivity,
enterprise IT administrators can rest assured that Google is continuously enhancing security measures
to address threats of all kinds. And the great news is that IT can use trusted BlackBerry mobility
management and collaboration solutions to further enhance the security of their Android deployments.
7. White Paper
That means you can focus on what’s truly important – unlocking the potential of mobility, and using it
to transform your organization.
To find the Secure EMM Suite that’s right for your organization and start your free trial now, go to
BlackBerry.com/suites
The suites can provide you with all of the following mobility essentials:
• Mobile Application Management (MAM)
Mobilize your critical business apps, workflows and business processes, including business-class
productivity and collaboration apps, as well as third-party and custom-built apps.
• Mobile Content Management (MCM)
Access your business files from SharePoint, OneDrive, Box and more,
with native document-editing capabilities.
• Identity & Access Management (IAM)
Protect against intruders with advanced authentication technologies that simplify access to
services, including mobile, internal and cloud applications, without hassle for users.
• Mobile Security & Containerization
Segregate business apps and data into containers, walling them off from personal apps and data,
and keeping them under complete corporate control.
Secure and effective teamwork and productivity tools from BlackBerry help you get even greater
security value from your investment. Here are just a few to consider.
• WatchDox by BlackBerry is the leading secure enterprise file sync and share (EFSS) solution,
enabling users to share, edit and control their files on every device. WatchDox embeds digital
rights management (DRM) protection in your files so your content stays secure everywhere it goes,
even after files are downloaded and shared with third parties.
The BlackBerry Secure EMM Suites offer the security credentials, accreditations, and technologies
that will allow you to mobilize your business tools – from your Microsoft applications to your
custom-built apps. All this with consistent security on mobile devices and other endpoints,
across different operating systems and ownership models.