OptioCore: Super-Secure Android Wants To Invade The Enterprise

OptioLabs has just released OptioCore, a secure version of Android, to handset makers. It's pretty cool, but does it mean Android is ready for the enterprise?

From a security standpoint, Android has always been a case of untapped potential.

The Two Sides Of Android Security

On one hand, it's an open and popular operating system, which means it's a prime target for hackers. According to researchers from Georgia Tech, 2013 will be the year mobile malware gets serious, and Android is vulnerable. Google's App Verification Service, which is supposed to identify harmful applications upon instalation, is kind of a flop, and the majority of users don't install any third-party antivirus software.

On the other hand, Android's dominance and openness also creates a market for third parties to try to fix these problems, and that's just what Optio Labs, created by Allied Minds, claims to have done. The mobile device management and security firm has recently released a hardened version of Android that includes a bunch of baked-in security features – and not just malware detection.

The OptioCore OS and administrative tools (Optio MDM) will be distributed through a series of hardware partners and software integrators. But the company was unwilling to share specifics: "We are in collaboration with numerous established, multi-national OEMs, systems integrators and software companies on various strategic initiatives and commercial activities." We'll know soon enough, as devices using the new OS should be available in late 2013, and the PR push should begin even sooner.

Lots Of Security Features

So what does OptioCore do? Pretty much everything.

First, there's malware protection. The company claims to protect against "all known Android malware variants including Rage against the Cage and other root exploits."

Second, there's auditing down to the application level, which is good news for regulated businesses.

Third, based on policies that can be stored locally or in the cloud, admins can remotely administer or wipe phones, view devices that are out of compliance, and perform all of the other features that are common to Mobile Device Management (MDM) applications. It even allows users to store different profiles on a phone, so a work wipe won't affect personal files.

That's all great to have, but it can already be done with existing software. What really makes Optio's Android different is the system's ability to tie into location-based services.

Location, Location, Location

Admins can lock down phone behaviors through PhantomLink, a service that uses Bluetooth "beacons" to determine physical proximity. If you want to disable a phone's cameras or turn off texting in a product development meeting, you can. You can also require physical presence in a location to access documents or applications, ensuring that data can't slip out the door to your office, even if the devices accessing that data go home with your workers every night.

If you already have an MDM solution you like, OptioLabs isn't against using it, but the vendor will have to write its own hooks into OptioCore via an application programming interface (API). That means early adopters will probably be playing around with the bundled tools for at least a few months.

The OS is also open to further customization, particularly for vertical markets with specific needs that can't be met through the MDM console. According to Brian Dougherty, OptioLabs' Director of Engineering, "OptioCore can be augmented with additional procedures and controls to create custom, domain-specific flavors of OptioCore." Security reviews for these products would happen through a third party.

OptioCore isn't perfect – someone with physical access to the hardware could still root the phone – but being able to tie into physical spaces via PhantomLink should dramatically limit the risk of intentional or accidental data leakage. If it all works, it's a massive step toward making BYOD manageable, and since it's still Android, there's a good chance it will run on phones employees actually want to bring to work.

 

Image courtesy of Shutterstock.