"Google's Android OS has become a malware magnet," writes CIO.com blogger Constantine von Hoffman. "Its dominance as a smartphone platform is turning it into a much bigger security risk compared to Apple's iPhone."
To be fair, Good Technology CTO Nicko van Someren predicts the iconic Apple iPhone, often heralded as malware-free due to a curated App Store, will also be a target of sophisticated attacks in the coming year. He cites the ability to jailbreak the iPhone with a single tap on Jailbreakme.com, thus opening the device to malware.
"The technology Jailbreakme.com makes use of is potentially usable by the bad guys," says van Someren. In other words, malicious code writers may be able to jailbreak iPhones without their owners knowing about it.
Slideshow: 15 Best iPhone Apps for Busy CEOs
Researcher Charlie Miller recently wrote a malicious app that looked like a stock-market monitoring tool and got it past the watchful eyes of the App Store vetting process. The app would connect to his server and allow him to download malware to the iPhone. Thus, Miller showed that malicious apps might already exist in the App Store.
CIOs in a Tough Spot
Android vendors are working to shore up security problems. "We'll see an increasing number of measures being taken by vendors like Google and phone vendors to lock their systems down and make them less vulnerable to malware," van Someren says.
Yet herein lies the rub. CIOs are bumping up against employees wanting to plug their consumer Android devices into the network, while waiting for vendors to get Android devices as close to enterprise-ready as possible. The lag between these two forces will put CIOs in a tough spot next year.
Just take a look at the $200 Amazon Kindle Fire tablet, which, by many accounts, should have a big holiday season. New Kindle Fire owners will likely want to receive at least corporate email on the device, which runs a customized Android 2.3 Gingerbread OS. As a result, Kindle Fire has the potential of burning up the enterprise.
Consider MobileIron's technical criteria when evaluating devices to support in its mobile device management suite: A device must have the ability to encrypt data, configure email remotely, support password lock and wipe, configure secure connectivity, deploy apps, and establish identity through a certificate.
"Amazon Kindle Fire does none of these things," Rege says.