MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS

Page created by Derrick Parker
MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS
Helping Customers Migrate and Maintain the Latest Android OS
MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS

2 Introduction
3 Legacy Operating Systems
4 Android Enterprise Evolution
6 How Honeywell Helps
8 Android Lifecycle Management
9 Conclusion and Recommendations

                       Mobile Operating System Transition White Paper | Table of Contents | | 1
MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS

A shift in the mobile operating system
landscape has occurred over the last
several years. Microsoft has ended support
for Windows® mobile applications and
security patches are no longer available,
leaving companies no choice but to
upgrade to Android. Those that do not
upgrade will be exposed to the security
risks that are inherent with an unsupported
operating system. This paper will elaborate
on these points and provide the reader with
guidance on recommended solutions.

                        Mobile Operating System Transition White Paper | Introduction | | 2
MOBILE OPERATING SYSTEM TRANSITION - Helping Customers Migrate and Maintain the Latest Android OS
  Customers currently running applications
  that require a legacy Microsoft® operating
  system (Windows CE 6 or Windows Mobile/
  Windows Embedded Handheld 6.5) will no
  longer recieve support for their platform.
  Mainstream support, which includes regular
  updates, has ended for both legacy systems.
Microsoft extended support (security      As support for legacy operating
fixes) ended for Windows CE 6 in          systems has ended, customers need
early 2018 and ended for Windows          to make decisions to move forward.
Embedded Handheld 6.5 in early
                                          Android’s large market presence
2020. Vendors are unable to provide
                                          supports a broad variety of OEMs
patches should a vulnerability or
                                          and hardware form factors, making it
error be found in Microsoft code.
                                          more likely that a device is available to
For this and other reasons, many
                                          meet the customer’s use case and cost
customers are transitioning to new
                                          requirements, including devices that
applications running under Android™.
                                          offer integrated physical keypads.

                                Mobile Operating System Transition White Paper | Legacy Operating Systems | | 3
  Prior to 4.0 Ice Cream Sandwich, Android
  offered little in the way of enterprise features.
  The consumer-focused operating system was
  augmented by OEM extensions and third-
  party software to allow it to be controlled
  and managed in the enterprise environment.
Enterprise features gradually began          Added features include bulk                   As its market share has grown, Android
appearing in the 4.2 Jelly Bean and 4.4      provisioning to speed device setup,           has become a target for exploits and
KitKat releases, culminating with the        Device Owner (Android Enterprise)             malware attacks. Google has responded
introduction of Android for Work in 5.0      mode to allow fully managed devices           by increasing the protections to prevent
Lollipop. Android for Work provided          at the corporate level, always-on VPN         the introduction of Potentially Harmful
an extended set of management APIs           and encryption enabled by default to          Apps (PHAs), as well as implement
and a container system for separating        protect personal and corporate data.          defenses inside the OS that limit the
and independently managing                                                                 ability of the system to be compromised
                                             Popular mobile operating systems such
personal and work apps and data.                                                           should a PHA be installed. A few of
                                             as Android enable companies to access
                                                                                           these protections are discussed below.
Google® has continued investing heavily      a large ecosystem of applications,
in enterprise capabilities in each of its    development tools and resources, but          Detailed information is available in
last several versions, renaming Android      also involve security risks that must be      Google’s Android Security 2018 Year
for Work to Android Enterprise.              addressed and mitigated. Google has           in Review report located here:
                                             steadily evolved its approach to security.

                                 Mobile Operating System Transition White Paper | Android Enterprise Evolution | | 4

                                                                                                                                                                                                                        S mode (1803)
                                                                                                                                                                                                                        Windows 10 in
                                                                                                                                        2 (Android 8)

                                                                                                                                                                    3 (Android 9)
                                                                                                  Google Pixel

                                                                                                                                        Google Pixel

                                                                                                                                                                    Google Pixel

                                                                                                                                                                                                           Windows 10

                                                                                                                                                                                                                                        Surface Pro
                                                                                                  (Android 7)

                                                                                                                                                                                               Chrome OS
                                                  iOS 12.1.3
                                                               Android 6

                                                                                      Android 7

                                                                                                                            Android 8

                                                                                                                                                        Android 9



                                                                           Knox 2.6

                                                                                                                 Knox 2.9

                                                                                                                                                                                    Knox 3.2
                                       iOS 11.2

         WHAT WAS COMPARED? OS OS OS Platform OS Device Platform OS Device OS Device Platform OS                                                                                                             OS            OS           Device
             BUILT-IN SECURITY
         Access Control by Default 2 2 2 2    2    2       2     2    2    2    2       2     3                                                                                                               2             2              2
            Authentication Security     3           3           2            2         2              2            2         2              2            3              3             3         2             2             2              2
    Device Encryption on by Default     3           3           2            3         2              3            3         2              3            3              3             3         3             2             3              3
              File-Level Encryption     3           3           1            1         3              3            3         3              3            3              3             3         3             3             3              3
                      App Isolation     3           3           3            3         3              3            3         3              3            3              3             3         3             2             3              2
                        OS Updates      3           3           1            2         2              3            2         2              3            2              3             2         3             3             3              3
                  Security Updates      3           3           2            2         2              3            3         3              3            3              3             3         3             3             3              3
                       App Updates      1           1           3            3         3              3            3         3              3            3              3             3         3             2             3              2
                     App Privileges     3           3           3            3         3              3            3         3              3            3              3             3         3             1             3              1
          Runtime App Permissions       3           3           2            2         2              2            3         3              3            3              3             3         3             2             3              2
       Platform Integrity Protection    2           3           2            3         2              2            3         3              3            3              3             3         3             3             3              3
                       Root of Trust    3           3           1            3         2              3            3         3              3            3              3             3         3             3             3              3
                 Exploit Mitigation     2           3           2            3         2              2            3         2              2            3              3             3         3             3             3              3
                  Network Security      1           1           1            1         2              2            3         3              3            3              3             3         3             3             3              3
               Network Encryption       2           2           1            1         2              2            2         2              2            2              2             2         2             1             2              1
              Built-in Anti-Malware     2           2           3            3         3              3            3         3              3            3              3
                   Secure Browsing      3           3           3            3         3              3            3         3              3            3              3
         Authentication Methods         2           2           3            3         3              3            3         3              3            3              3             3         3            3              3             3
 Authentication Policy Management       2           2           2            3         2              2            3         3              3            3              3             3         3            3              3             3
          Encryption Management         3           3           2            3         3              3            3         3              3            3              3             3         3            2              2             2
            Device/Corporate Wipe       2           2           3            3         3              3            3         3              3            3              3             3         3            3              3             3
                Workplace Isolation     2           2           2            3         2              2            3         3              3            3              3             3         3            3              3             3
                   Secure Key Store     3           3           3            3         3              3            3         3              3            3              3             3         3            3              3             3
          Jailbreak/Root Protection     2           3           2            3         2              2            3         3              3            3              3             3         3           NA              3            NA
                        App Vetting     3           3           3            3         3              3            3         3              3            3              3             3         3            3              3             3
               Enterprise App Store     3           3           3            3         3              3            3         3              3            3              3             3         3            3              3             3
        App Monitoring and Control      2           2           3            3         3              3            3         3              3            3              3             3         3            3              3             3
             Secure Remote Access       2           2           2            3         2              2            3         2              2            2              2             3         2            3              3             3
               Policy Management        3           3           3            3         3              3            3         3              3            3              3             3         3            3              3             3
         Remote Health Attestation      1           1           1            3         2              2            3         3              3            3              3             3         3            3              3             3

  Source: Gartner (January 2019)        1 = WEAK                                 2 = AVERAGE                     3 = STRONG

                                             • Windows lags in runtime protection                                                                   • Android security updates
                                               for isolation and segmentation.                                                                        come faster than firmware.

                                             • Android 9 is stronger in most areas                                                                  • Android uses encryption by
                                               of corporate-managed security.                                                                         default and Windows does not.

                                                   Mobile Operating System Transition White Paper | Android Enterprise Evolution | | 5
  Honeywell is strongly committed to cybersecurity.
  Our global businesses include aerospace and
  process solutions that demand a very high
  degree of security in all aspects of operations.
A corporate-level cybersecurity task force    Enterprise Launcher. These tools control
sets and maintains security policies and      user access to system resources and
standards, including test procedures          can restrict the system to execute only
used during product development               designated apps. Removing the user’s
that specifically identify software           ability to install or run unauthorized apps
issues that could make systems more           makes the system far less vulnerable to
vulnerable to exploits. This approach         security exploits caused by user actions.
eliminates potential vulnerabilities
                                              Honeywell offers tools that enable
before products are even released.
                                              customers to establish application white
The cybersecurity team monitors               lists or black lists, control availability
multiple information sources to learn         of a wide range of device features            Honeywell is committed to providing
of potential system security issues as        and control which IP addresses are            the best available security and lifecycle
early as possible, and has implemented        accessible through the firewall.              on its mobile computing platform. To
an escalation protocol that mobilizes                                                       receive the best available security on
                                              Another important aspect of security          Android devices, the only way is to run
resources company-wide on a priority
                                              is maintaining an updated system.             the latest Android version. To keep
basis to address these issues.
                                              Researchers are constantly discovering        up with the ever-changing security
Once an Android vulnerability is revealed     and responsibly reporting vulnerabilities     landscape, Google adds security
and a corrective action posted by             in the Android code base that could           features to new Android version releases.
Google, Honeywell’s Android security          potentially be subject to malicious           Honeywell provides unmatched
experts implement the fix and deliver         exploits. Google even offers a bounty         security and lifecycle by guaranteeing
it to customers. Direct distribution of       program to encourage researchers              and delivering more Android version
patches and updates enables Honeywell         to find and report potential issues.          compatibility and provides flexibility
to reduce response time compared to                                                         so that you can upgrade at your own
                                              Google and chipset providers such as
OEMs who must go through secondary                                                          pace. For customers not yet ready
                                              Qualcomm® provide security patches to
channels to deliver their updates.                                                          to upgrade OS versions, Honeywell
                                              OEMs on a regular basis for incorporation
Many enterprise customers choose to           into their software builds. Honeywell         offers security patching services.
restrict end-users further by “locking        updates its Android system images
down” the device through the use of           on a regular 60-day cadence, with
an Enterprise Mobility Management             patches for extremely critical exploits.
(EMM) agent or app such as Honeywell

                                         Mobile Operating System Transition White Paper | How Honeywell Helps | | 6
  Customers deploying mobile computer
  solutions in the rugged enterprise
  environment expect a longer usage cycle
  than consumers. Where smartphones in
  consumer use cases generally turn over
  in 2–3 years, enterprises are expecting
  their systems to last 3–5 years or longer.
Historically, embedded operating              For those not ready to upgrade their         most recent patch. In other words,
systems used in rugged mobile                 devices to the latest Android version,       patches are cumulative. Specific
computers had a lifecycle corresponding       Honeywell offers the Sentinel™ security      patches cannot be applied individually.
to enterprise use cases. Windows CE           patch program. Sentinel provides security
                                                                                           SECURITY PATCHES ARE TESTED
and Windows Embedded Handheld                 patches for Android versions up to
                                                                                           FOLLOWING Honeywell standard test
were supported by Microsoft for 10            eight years old. Again, maintaining the
                                                                                           procedures applicable to all software
years after initial introduction.             latest Android version is the security
                                                                                           releases. It remains the responsibility
                                              best practice rather than resorting
Different from Windows, Android                                                            of the customer to test any software
                                              to security patch backporting.
provides an incremental approach.                                                          updates received from Honeywell
Each Android version is built upon the        TIMING OF DELIVERY TO CUSTOMERS              to their satisfaction prior to rolling
last, adding new features to the newest       IS QUARTERLY, or less if no severe           out an update to their estate.
Android version. The only way to receive      patches applicable to the supported
                                                                                           CUSTOMERS RECEIVE THESE
the best available security, including all    operating system version are
                                                                                           BENEFITS under the terms of a
new security features, is through the         reported. Applicable patches will
                                                                                           service contract, either standalone
latest Android version, not through a         generally be delivered within 90 days
                                                                                           or incorporated into another type of
patch. While patches are provided for         of public disclosure with exceptions
                                                                                           service agreement. Customers without a
prior Android versions, it is important       possible for imminent threats.
                                                                                           contract will not receive security patches
to know that patches for prior versions
                                              CUSTOMERS UTILIZING THIS SERVICE             after Google security patch support ends.
do not contain all the security features
                                              ARE EXPECTED to apply all previously
included in the latest Android version.
                                              released patches in order to apply the

                                Mobile Operating System Transition White Paper | Android Lifecycle Management | | 8

  Android is a secure operating system,
  utilizing application isolation and exploit
  mitigation techniques to provide a high level
  of security to the user. The key security point
  is to maintain the latest OS version and
  choose devices with the longest lifecycle
  possible. Backporting is not the security
  best practice and should be avoided.
Honeywell’s products are designed from         MOBILITY EDGE                                  software once, and then deploy across
the start to meet Honeywell’s rigorous         One way businesses can simplify the            multiple devices in multiple form
security standards. Security is evaluated      migration process is by selecting devices      factors, more rapidly and at a lower cost
throughout the development process,            that are built on a unified mobile platform,   than typical mobile deployments.
identifying and mitigating vulnerabilities     like Honeywell’s Mobility Edge™. Devices
                                                                                              Businesses wishing to extend product
even before products are released.             built on this common hardware and
                                                                                              lifecycle and gain a better return on
                                               software platform are easier and less costly
Education of customers and constant                                                           their technology investment will be
                                               to deploy and manage and have longer
monitoring of security vulnerabilities                                                        assured by the fact that Mobility Edge
                                               lifecycles with a history and guarantee
and exploits, with defined processes for                                                      platform devices can be upgraded
                                               of providing the most forward Android
addressing those issues that are discovered,                                                  through at least Android 11 with a
                                               version compatibility than other devices.
further protect our customers’ systems                                                        commitment to continuing efforts
from compromise. A subscription-based          Mobility Edge devices feature a common         towards feasibility of Android 12 and
notification model enables customers           hardware System On Module, or SOM,             13 compatibility. Honeywell also
to take immediate action to mitigate           which is a single, certified module that       provides critical security updates for
risk while software is being patched and       includes the device’s CPU, memory,             Android versions up to eight years old.
tested. Customers can be assured that their    WWAN (in selected devices), WLAN,
systems are designed and supported to the      Bluetooth® and near-field communication        HONEYWELL MARKETPLACE
highest standards and they can operate         (NFC). They also feature a common OS           For businesses needing help with their
their businesses with confidence knowing       software image and a common software           Android transition strategy, the Honeywell
Honeywell is working to help them              ecosystem, which includes not only             Marketplace offers a helpful resource.
maintain the security of these systems.        Honeywell software, but also software          Honeywell Marketplace is an enterprise
                                               from Honeywell-approved independent            app store that provides businesses with
With its large market share and extensive
                                               software vendors (ISVs).                       direct access to software and solutions
ecosystem of apps, developers and
                                                                                              developed by Honeywell and third-
VARs, Android has become the clear             Having a common SOM and OS software
                                                                                              party independent software vendors.
choice for many enterprises in a variety       image provides flexibility and reduces
                                                                                              Companies can search for solutions by
of industries. Transitioning to Android        costs for businesses to deploy additional
                                                                                              industry, by solution type (developer
involves writing new apps, adapting            device form factors because there are
                                                                                              tools, ERP, etc.) or by technology
workflows and changing the mobile              no added development or certification
                                                                                              (mobile computer, wearables, etc.) and
devices workers use. This can be a             costs. Companies can validate all
                                                                                              find a diverse set of applications to
costly and complicated endeavor.               their mobile devices, use cases and
                                                                                              help ease their mobile transitions.

                                                  Mobile Operating System Transition White Paper | Conclusion | | 9
For more information:

5775 Soundview Drive, Suite
Gig Harbor, WA 98335

                              Mobility Edge and Sentinel are trademarks or registered trademarks
Honeywell Safety and          of Honeywell International Inc. Android is a trademark or registered
Productivity Solutions        trademark of Google LLC. Bluetooth is a trademark or registered
                              trademark of Bluetooth SG, Inc. Microsoft and Windows are
300 S Tryon St Suite 500      trademarks or registered trademarks of Microsoft Corporation. All
Charlotte, NC 28202           other trademarks are the property of their respective owners.

800-582-4263                  Mobile Operating System Transition White Paper | Rev C | 08/20             © 2020 Honeywell International Inc.
You can also read