RELATED: Is RIM ruined?
The DOD is inviting vendors to bid on software to secure non-RIM smartphones and tablets, according to a report by Reuters. The Defense Information Systems Agency (DISA) may award a contract in April 2013. The contract would cover 162,500 devices to start and ultimately reach 262,500.
The request for proposals was posted Oct. 22, the day the U.S. Immigration and Customs Enforcement Agency announced it will end its contract with RIM to adopt iPhones instead, according to Reuters.
The DOD is not scrapping its BlackBerries, but expanding the devices it may allow for use. The Reuters story quoted a DOD spokesperson: "DISA is managing an enterprise email capability that continues to support large numbers of RIM devices while moving forward with the department's planned mobile management capability that will support a variety of mobility devices."
One of the companies bidding on the management software contract will be RIM itself, offering its BlackBerry Mobile Fusion application for managing Android and iOS devices.
The DOD's decision shows how dramatically the smartphone and tablet market has changed in the five years since the iPhone was first released. RIM has relied on its vaunted secure network connections, and device and operating system security to become the standard mobile device in many government agencies and security-conscious enterprises. It can no longer do so.
Apple has been steadily improving iOS security and management capabilities, adding on-device encryption, securing each device's unique AES encryption key, and adding programming interfaces for use by mobile device management (MDM) software vendors.
MIT's Technology Review had an assessment of Apple's iOS security evolution in August 2012. "Technologies the company has adopted protect Apple customers' content so well that in many situations it's impossible for law enforcement to perform forensic examinations of devices seized from criminals," according to the story.
But some of that protection hinges on making sure different parts of the security architecture are in sync, according to a December 2011 assessment by viaForensics, a digital security firm in Oak Park, Ill. "iOS provides and additional layer of encryption for files which implement their Data Protection APIs," notes a blog post at the company's website. "This additional encryption uses the device passcode as a component of the encryption keys and as such forensic examinations which simply bypass the passcode will not recover the data. [But] The additional protection is only applied if the developer enables the Data Protection APIs so most third-party apps, Web cache and other system data are usually recoverable."
Earlier this year, Apple published a whitepaper on its iOS security architecture.
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnwwEmail: [email protected]
Read more about anti-malware in Network World's Anti-malware section.