Mobile Malware Update

Blue Coat Systems has published an interesting report on the state of mobile malware. The good news is that in the words of the report “the devices’ security model” is not yet “broken.” This means that smartphones and tablets are still rarely hijacked by viruses in the way that computers commonly are.

Now for the bad news. On the Android side (though apparently not yet on the iOS side), virus-style hijackings have begun to appear:

Blue Coat WebPulse collaborative defense first detected an Android exploit in real time on February 5, 2009. Since then, Blue Coat Security Labs has observed a steady increase in Android malware. In the July-September 2012 quarter alone, Blue Coat
Security Labs saw a 600 percent increase in Android malware over the same period last year.

But this increase is from a minuscule base, and this type of threat is still relatively minor on mobile devices. Instead the report says, “user behavior becomes the Achilles heel.” The main mobile threats are from what the report calls “mischiefware.”

Mischiefware works by enticing the user into doing something unintentional. The two main categories of Mischiefware are:

  1. Phishing, which tricks users into disclosing personal information that can be used for on-line theft.
  2. Scamming, which tricks users into paying far more than they expect for something – like for-pay text (SMS) messages or in-app purchases. Even legitimate service providers can be guilty of this type of ‘gotcha’ activity, with rapacious international data roaming charges, or punitive overage charges on monthly ‘plans.’

“User behavior becomes the Achilles Heel” is hardly a revelation. A more appropriate phrase would be “User behavior remains the Achilles Heel,” since in this respect the mobile world is no different from the traditional networking world.

Droid Razr first look.

First impression is very good. The industrial design on this makes the iPhone look clunky. The screen is much bigger, the overall feel reeks of quality, just like the iPhone. The haptic feedback felt slightly odd at first, but I think I will like it when I get used to it.

I was disappointed when the phone failed to detect my 5GHz Wi-Fi network. This is like the iPhone, but the Samsung Galaxy S2 and Galaxy Nexus support 5 Ghz, and I had assumed parity for the Razr.

Oddly, bearing in mind its dual core processor, the Droid Razr sometimes seems sluggish compared to the iPhone 4. But the Android user interface is polished and usable, and it has a significant user interface feature that the iPhone sorely lacks: a universal ‘back’ button. The ‘back’ button, like the ‘undo’ feature in productivity apps, fits with the way people work and learn: try something, and if that doesn’t work, try something else.

The Razr camera is currently unusable for me. The first photo I took had a 4 second shutter lag. On investigation, I found that if you hold the phone still, pointed at a static scene, it takes a couple of seconds to auto-focus. If you wait patiently for this to happen, watching the screen and waiting for the focus to sharpen, then press the shutter button, there is almost no shutter lag. But if you try to ‘point and shoot’ the shutter lag can be agonizingly long – certainly long enough for a kid to dodge out of the frame. This may be fixable in software, and if so, I hope Motorola gets the fix out fast.

While playing with the phone, I found it got warm. Not uncomfortably hot, but warm enough to worry about the battery draining too fast. Investigating this, I found a wonderful power analysis display, showing which parts of the phone are consuming the most power. The display, not surprisingly, was consuming the most – 35%. But the second most, 24%, was being used by ‘Android OS’ and ‘Android System.’ As the battery expired, the phone kindly suggested that it could automatically shut things off for me when the power got low, like social network updates and GPS. It told me that this could double my battery life. Even so, battery life does not seem to be a strength of the Droid Razr. Over a few days, I observed that even when the phone was completely unused, the battery got down to 20% in 14 hours, and the vast majority of the power was spent on ‘Android OS.’

So nice as the Droid Razr is, on balance I still prefer the iPhone.

P.S. I had a nightmare activation experience – I bought the phone at Best Buy and supposedly due to a failure to communicate between the servers at Best Buy and Verizon, the phone didn’t activate on the Verizon network. After 8 hours of non-activation including an hour on the phone with Verizon customer support (30 minutes of which was the two of us waiting for Best Buy to answer their phone), I went to a local Verizon store which speedily activated the phone with a new SIM.

Deciding on the contract, I was re-stunned to rediscover that Verizon charges $20 per month for SMS. I gave this a miss since I can just use Google Voice, which costs $480 less over the life of the contract.

Developing for Android: Promise and Reality

When Android came out a couple of years ago, Matt Lewis of Rethink Wireless saw it as an opportunity to avoid the fragmentation that open source projects are prone to:

Google is not a handset OS company. Android is simply a means to an end – the end being to create a vast new expanse of real estate which Google can beam its advertising inventory to. This demands a level of consistency and interpretability from Android so that, regardless of who implements the platform on whichever device, application compatibility is maintained.

Alas, Matt was over-optimistic (or under-cynical). Here’s what Rethink said this week about Android:

As for Android developers, many are angry that there is no SDK as yet for Nexus One. This, in turn, has highlighted the issue of fragmentation, with different OS releases and even different devices requiring different SDKs, with limited compatibility between apps written for the various versions. Until there is an SDK for Android 2.1, the latest OS upgrade, which so far runs only on Nexus One, programmers cannot be sure their apps will work properly with the new handset.

A not so perfect Storm

The Verizon Storm may be heading for failure in more than one way. A raft of reviewers, led by David Pogue of the New York Times are trashing its usability. This means that even with the marketing might of Verizon behind it it may not fulfill its goal of being a bulwark against the iPhone in the enterprise.

But the Storm was an experiment in another way by Verizon. The other three major American mobile network operators have capitulated to Wi-Fi in smartphones. Against the new conventional wisdom, Verizon decided to launch a new flagship smartphone without Wi-Fi. The Storm looks like a trial balloon to see whether Wi-Fi is optional in modern smartphones. If the Storm is a success, it will demonstrate that it is possible to have credible business smartphones without Wi-Fi. But if it turns out to be a flop because of other factors, it will not be a proof point for Wi-Fi either way.

But Wi-Fi is a closed issue by now for all the network operators, perhaps even including Verizon. Phones have lead times of the order of a year or so, and controversies active back then may now be resolved. Verizon covered its bets by launching three other smartphones around the same time as the Storm, all with Wi-Fi (HTC Touch Pro, Samsung Omnia, Samsung Saga).

Before its launch, AT&T hoped that the iPhone would stimulate use of the cellular data network. It succeeded in this, so far beyond AT&T’s hopes that it revealed a potential problem with the concept of 3G (and 4G) data. The network slows to a crawl if enough subscribers use data intensively in small areas like airports and conferences. Mobile network operators used to fear that if phones had Wi-Fi subscribers would use it instead of the cellular data network, causing a revenue leak. AT&T solved that problem with the iPhone by making a subscription to the data service obligatory. T-Mobile followed suit with the Google phone. So no revenue leak. With the data subscription in hand, Wi-Fi is a good thing for the network operators because it offloads the 3G network. In residences and businesses all the data that goes through Wi-Fi is a reduction in the potential load on the network. In other words, a savings in infrastructure investment, which translates to profit. This may be some of the thinking behind AT&T’s recent acquisition of Wayport. The bandwidth acquired with Wayport offloads the AT&T network relatively cheaply. AT&T’s enthusiasm for Wi-Fi is such that it is selling some new Wi-Fi phones without requiring a data subscription.

The enterprise market is one that mobile network operators have long neglected. It is small relative to the consumer market, and harder to fit into a one-size-fits-all model. Even so, in these times of scraping for revenue in every corner, and with the steady rise of the Blackberry, the network operators are taking a serious look at the enterprise market.

The device manufacturers are way ahead of the network operators on this issue: the iPhone now comes with a lot of enterprise readiness Kool-Aid; Windows Mobile makes manageability representations, as does Nokia with its Eseries handsets. RIM, the current king of the enterprise smartphone vendors also pitches its IT-friendliness.

Wi-Fi in smartphones has benefits and drawbacks for enterprises. One benefit is that you have another smart device on the corporate LAN to enhance productivity. A drawback is that you have another smart device on the corporate LAN ripe for viruses and other security breaches. But that issue is mitigated to some extent if smartphones don’t have Wi-Fi. So it’s arguable that the Storm may be more enterprise-friendly as a result of its lack of Wi-Fi. Again, if the Storm becomes a hit in enterprises that argument will turn out to hold water. If the Storm is a flop for other reasons, we still won’t know, and it will have failed as a trial balloon for Wi-Fi-less enterprise smartphones.

Open wireless handsets and networks for America?

I have previously written about OpenMoko. It seems now that it was the drop before the deluge. Google’s Android appears to have gained good traction with Sprint and T-Mobile joining the Open Handset Alliance, with Dell rumored (update) to be planning an Android-based phone, and with Verizon expressing lukewarm support. Nokia has for some time sponsored open source handset software through Maemo.org, but this week it upped the ante with its acquisition of TrollTech. Trolltech is responsible for Qtopia, a semi-open source platform used in Linux-based phones. That makes four credible Linux-based mobile phone software platforms. Update: Make that five – the LiMo Foundation is a consortium of carriers (including NTT DoCoMo and Vodafone), phone makers (including Samsung, Motorola and LG) and others “dedicated to creating the first truly open, hardware-independent, Linux-based operating system for mobile devices.”

But a phone doesn’t have to be open-source to be an open application platform, and this category is just as vigorous, but better established. Nokia’s Symbian phones have always been open to an extent – there are over 2 million developers registered in Nokia’s developer organization, Forum Nokia. Then we have Microsoft. Microsoft claims that sales of Windows Mobile phones are set to double year-on-year, to 20 million units. Windows Mobile provides a sufficiently open application environment that applications like Skype run on it. The iPhone is not yet officially an open application environment, but there is still a healthy slate of applications from third parties for those with the stomach to take the unofficial route. This is scheduled to change in February when the open-ness goes official with the release of Apple’s SDK for the iPhone. So that’s three major open application environments for smart phones.

2008 is also the year that Wi-Fi phones will come into their own. The dam broke with the iPhone. Wi-Fi on the iPhone raises the bar for all the other smart phones, making Wi-Fi a baseline checklist item for the next generation of smart phones. Previously mobile network operators were fearful that Wi-Fi in a phone would divert traffic from their data networks. This fear led, for example, to AT&T’s removal of Wi-Fi from their version of the Nokia E61. But there is now new evidence. At last week’s IT Expo East I heard an unsubstantiated report that 60% of wireless data usage in December was by 2% of the phones: iPhones. If this is even partly true, it would demonstrate that a web-friendly phone will drive traffic on the cellular data network even when it has Wi-Fi.

Google phone alliance members

The Open Handset Alliance was announced today by Google and 30 or so other companies. Until now the highest-profile open source handset operating environment was OpenMoko.

The list of participants has no real surprises in it. Nokia isn’t on the list, most likely because this project competes head on with Symbian. This may also help to explain why Sony Ericsson isn’t a supporter yet, either. But the other three of the top five handset manufacturers are members: Motorola, Samsung and LG. All of these ship Symbian-based phones, but they also ship Windows based phones, so they are already pursuing an OS-agnostic strategy. Open standards are less helpful to a market leader than to its competitors.

Of course the other leading smartphone OS vendors are also missing from the list: Microsoft, Apple, Palm and RIM.

Ebay is there because this massively benefits Skype.

Silicon vendors retain more control of their destiny when there is a competitive software community, so it makes sense that TI is aboard even though it is the market leader in cellphone chips. Intel is another chip vendor that is a member. Intel can normally be relied on to support this type of open platform initiative, and although Intel sold its handset-related businesses in 2006, its low power CPU efforts may evolve from ultra-mobile PCs down to smartphones in a few years.

Among MNOs Verizon and AT&T Mobile are notorious for their walled-garden policies, so it makes sense that they aren’t on the list, though Sprint and T-Mobile are, which is an encouraging indication.

At the launch of the iPhone Steve Jobs said that the reason there would be no SDK for the iPhone was that AT&T didn’t want their network brought down by a rogue application. I ridiculed this excuse in an Internet Telephony column. Even so, the carriers do have a valid objection to completely open platforms: their subscribers will call them for support when the phone crashes. For this reason, applications that use sensitive APIs in Symbian must be “Symbian signed.” When he announced the iPhone SDK, Steve Jobs alluded to this as a model that Apple may follow.

So Sprint’s and T-Mobile’s participation in this initiative is very interesting. Sprint’s press release says:

Unlike other wireless carriers, Sprint allows data users to freely browse the Internet outside its portal and has done so since first offering access to the Internet on its phones in 2001.

Open Internet access is actually available from all the major US MNOs other than Verizon; AT&T ships the best handset for this, the iPhone. But the iPhone doesn’t (officially) let users load whatever software they want onto the phone. Symbian and Windows-based phones generally do, and again all the major MNOs ship handsets based on these operating systems. An open source handset goes a big step further, but who benefits depends on what parts of the source code are published, and what APIs are exposed by the proprietary parts of the system. As a rule of thumb, one would think that giving developers this greater degree of control over the system will increase their scope for innovation.