Nov 26, 2014
Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.
You’ve cut your teeth on consumer apps and now you turn your attention to the enterprise market. What’s waiting for your apps when users start running them inside corporate firewalls? What do your apps need if you expect them to be adopted there?
I moderated a panel at Uplinq 2014 called “Android Applications for the Enterprise,” and the news is that it’s a different world inside the enterprise, where security is the watchword and “What is this app doing with my data?” is the first thing that the chief information security officer (CISO) wants to know.
Our panelists included:
Christophe Colas, VP Product Marketing, Trustonic. His company develops a secure environment for mobile platforms.
Sudhi Herle, CTO and EVP Engineering, AgreeYa Mobility. AgreeYa makes niche devices for companies in specific verticals.
David Richardson, Principal Consumer Product Manager, Lookout Inc. Lookout protects mobile devices from security threats, loss and theft.
Here are some takeaways from the session:
The market for Android apps in the enterprise – BYOD and Choose Your Own Device are the dominant themes right now. In the mobile security area, enterprises need to comply with regulations and see inside the devices they own so that they know what they’re doing on the network. In those companies still avoiding BYOD and using only their own hardware, “security” means devices are locked down and the enterprise has firm control over where/when/how employees are using apps. The markets for these solutions are small but very lucrative for developers.
Security requirements developers should keep in mind – Sudhi broke down the enterprise perspective of device security into three parts: 1) Is this a malicious app trying to do something unusual on the network or get to some kind of data? 2) Does the app transport data to the cloud securely? What kind of encryption does it use? 3) What does the app do with data, especially corporate data? With or without permission, data gets cached on a mobile device, so is the data encrypted or tagged? Who can see that data?
How developers can ensure their apps are secure – Automated tools can determine all the ways that people can enter your app from outside; for example, through intent receivers. It’s best to have an outside provider validate your app. Sudhi noted an audit AgreeYa performed which showed that most of the apps in one operator’s app store were using SSL libraries incorrectly because they relied on insecure code the developers had incorporated without knowing all the calls the code made.
Working with Google – Panelists agreed on the staggering pace at which Google innovates, but pointed out that the enterprise is more interested in stability, decent battery life and reasonable device pricing than in innovation. Google is strongly focused on keeping developers happy, such that most of the uncertainty around building Android apps has gone away. Although it’s still early days for Android in the enterprise, the elements likely to evolve fastest are the Device Administration APIs, the notion of device owner and new blacklist/whitelist functionality.
Is it the right time? – David observed that most enterprises are still trying to figure out their BYOD strategy. Few CISOs can articulate what they need and it’s still the Fortune 1000 companies that are spending cycles on how to work with Android apps. As for MDM, developers will find it a fairly mature, saturated market with a lot of competition and little innovation.
Fragmentation – On this perennial bugaboo, Sudhi commented that in the markets where it’s lucrative to build enterprise apps, most OEMs are shipping Android 4.1 or later. He doesn’t see much fragmentation: “The fragmentation everyone talks about is in the low-end market in emerging countries, where you can find even new devices coming out with Gingerbread.” He counseled enterprise developers who are worried about fragmentation to take a step back, figure out which markets they want to target first, then survey the landscape of devices and Android versions before worrying about fragmentation.
Are you seeing security as a big issue with your enterprise customers? Let me know in the comments below.