Android Phones Get Dual Accounts 109
holy_calamity writes "AT&T is adopting technology that gives a person with an Android device two user profiles, enabling company email and other data to reside in an encrypted partition separate from a user's apps, games and unfettered web browsing. AT&T is calling the feature Toggle, and plans to release it later this year. Toggle is a regular app that, once installed, creates its own encrypted desktop under the control of company IT bosses. Toggle is a rebranding of an app developed by startup Enterproid, which continues to develop its own version. AT&T think this move will encourage smartphone adoption in the enterprise. Interestingly, Apple's current version of iOS and app guidelines exclude multiple profiles on one device."
I see new company policies coming. (Score:1, Troll)
<wish_this_was_only_humor>
Attention all employees of XYZ Corp, Inc. :
On this date, xxxxxx, XYZ employees are no longer permitted to have Android devices on site. The fact that the maker of said devices regards them as secure devices designed for use by corporate entities, this device is not completely closed-source and has not yet been investigated thoroughly by XYZ. Therefore, this device is not only discouraged for use because we're scared, but any employee using an Android device on company premi
Re: (Score:3)
Hopefully this fixes that.
Re: (Score:3)
That's the policy at my company... if you want the VPN software required to access email through a regular email client, you have to sign a waiver agreeing to give them the ability to wipe your entire phone. I said "no thanks, I'll just keep using OWA when I want to check, even though it sucks."
Re: (Score:2)
Oh, I know, I was talking about Corporate misconception and fear of it. It's a great idea and a good move.
Apparently whoever looked at my comment saw it as overrated. I guess people don't understand what I'm saying. If I take the humor out, I sound like a robot, and I HATE that.
Re: (Score:1)
Wow, apparently predicting the future based on past observations is also a Troll move. :)
Re: (Score:2)
That's how a remote wipe works. There is an Android / iPhone app that keeps the Exchange account separate and only that application's data (mail / calendar / etc.) are wiped. The Exchange passcode requirement only applies to the app so the phone itself doesn't require one.
Re: (Score:2)
That's precisely why I use TouchDown for Android on my phone - it only wipes the data associated with the account that requested the wipe, not the entire world. The corporate policy also requires that data is locked behind a PIN code - if you use Android's built-in mail app, that means locking the whole phone, but with TouchDown you only get PIN request when you activate the app.
Re: (Score:2)
You're assuming, of course, that the 'droid won't lie to the server about its identity, nature, capabilities, or compliance intent.
That doesn't mean it's hopeless, it just means that you (the enterprise) needs to have an official policy prohibiting employees from accessing email with non-compliant clients, and be willing to enforce it if you find out that everyone in Marketing (including the VP) has subverted it because you went overboard and made using it the official way hopelessly dysfunctional. Effectiv
Re: (Score:2)
We have a policy, a written agreement, and an Exchange policy where all unknown devices are quarantined until we verify their capabilities. Devices that are known to be secure are allowed to bypass the quarantine.
The problem is that people who do enterprise security see the world through blinders that fail to grasp that security is a continuum, and who keep trying to ram sledgehammer/meatcleaver "one dysfunctional size annoys everyone" non-solutions down everyone's throats, oblivious to both the likelihood and consequences of informal civil disobedience and quiet passive-aggressive rebellion.
Not all of them do and you should get out more.
Re: (Score:2)
Thanks. I'm glad someone gets what was saying.
Re: (Score:1)
Why is stuff like this considered "innovative"? (Score:4, Insightful)
Smart phones today are, in terms of performance and architecture, not that much different from a notebook computer of a few years ago. Why are people surprised when smart phones today can do stuff that normal PCs could do decades ago, even when these PCs were a small fraction of the power and capability of today's smart phones? Why do so many people mistakenly consider stuff like this to be "innovation", when rather it's just a case of not intentionally limiting the device's capabilities?
Re: (Score:2)
Re: (Score:2)
And a commercial for that company, from decades ago, has been playing over and over again for the past few weeks?
Please, , make it stop!
Re: (Score:2)
... Apparently, the preview thingie -is- useful. Slashdot interpreted my (openingbracked) $_DEITY (closingbracket) as a html hack to be removed.
Re: (Score:1)
Maybe not everyone wants to carry a full-fledged PC in their pocket? The world isn't made up of people just like you, you know.
Re: (Score:2)
Apple products are scaled down to "mass user" needs - so just avoid them if you think that you are on higher level of human development. There will *always* be more sophisticated devices (like, say, N900), albeit the higher level they target, the more skills they require to use them, and the fewer (and the costlier) they are.
Re: (Score:2)
The same reason people thought the iPhone was innovative for being the first product to bring multi-touch to market. They don't understand technology and see something shinny.
Re: (Score:2)
Indeed, anyone who's ever SSH'ed into their iPhones would see it was just another UNIX machine, with a /home/mobile directory where the user's data is located. I had wondered what would happen if I made several directories under /home and just symlinked mobile to one of those directories, would that make the iPhone a multi-user device?
I gotta try that with my iPod this weekend...
why not encrypt everything? (Score:2)
does it have a backdoor for big brother?
why should only business data get protection from thieves and the government?
Re: (Score:1)
Re: (Score:1)
Apparently yours and my opinion of this is overrated.
Company's perception of danger from Android devices, as well as curiosity, has gone up 10 fold.
My comment [slashdot.org]
Re: (Score:2)
Considering your comments were moderated as Troll, I'll just mention that your companies perception is more accurate than your rhetoric.
Re: (Score:2)
big bro is already in the house
Re: (Score:2)
does it have a backdoor for big brother? why should only business data get protection from thieves and the government?
ActiveSync policies don't connect to your phone, they just impose policies on the phone. The remote wipe doesn't work if the thief can shut off the active sync before you enable the remote wipe. You could get remote wipe too if you sign up for Office365's E1 plan and use ActiveSync with the service. I know, you probably don't want to give MS any money. But, the option is there, and it's a lot cheaper than buying your own Exchange server. My company just moved away from BPOS (previous version of Office365) d
Re: (Score:2)
Re: (Score:2)
From TFS, the important bit is "under the control of company IT bosses". We looked at using Android phones, but stopped because the apps are a lot more wild-west, and locking out all apps would not sell the idea to the C-levels. With this approach, the business controls the emails and business side of things, which I'm going to jump to the conclusion that also means they can disallow applications from seeing that data and completely lock out applications from that zone. You still get to install all your
Re: (Score:2)
Tagging (Score:5, Interesting)
Why is this tagged as "Apple", "iPhone" and 'iOS"?
Re:Tagging (Score:4, Insightful)
Because TFS mentions them in the last paragraph, and some folks only read the first and last sentence of a paragraph and make up the middle, not realizing that this story has nothing to do with the iPhone beyond mentionning that such a service would be against Apple's TOS.
Re: (Score:2)
beyond mentionning that such a service would be against Apple's TOS.
I would classify this as grandstanding. There are already iOS / Android apps that separate Exchange accounts from the rest of the phone including the remote wipe. Not the described dual persona nirvana but in most cases I assume should satify the balance between controlled corporate data and your personal phone.
Re: (Score:2)
Maybe because it mentions Apple and and iOS in TFS.
Not saying it's right, but what can you expect?
Re: (Score:1)
Why is this tagged as "Apple", "iPhone" and 'iOS"?
Only way to get the fandroids interested in a submission - bait them with the prospect of Apple-bashing.
Tag a submission as "Android" and "malware" and the Apple fan boys will flock just as fast...
Re: (Score:2)
While I cry a little because of the truth of this, it made me laugh a little this morning. Thank you.
Re: (Score:1)
So... why are you here? For the fandroid bashing?
--Jeremy
Re: (Score:2)
Because it's a glaring missed opportunity in iOS devices. I don't want to mix my personal and work contacts/calendars/email, but in iOS there is little separating them. Give me a work profile and a personal profile. At least good old Nokia/Symbian was smart enough to have this 5-6 years ago starting with their first generation smartphones, although the data is not partitioned or encrypted. But at least it was easy to keep work stuff separate from personal stuff on the smartphone. Why Apple continues to be b
Re: (Score:2)
Because it's a glaring missed opportunity in iOS devices. I don't want to mix my personal and work contacts/calendars/email, but in iOS there is little separating them. Give me a work profile and a personal profile. At least good old Nokia/Symbian was smart enough to have this 5-6 years ago starting with their first generation smartphones, although the data is not partitioned or encrypted. But at least it was easy to keep work stuff separate from personal stuff on the smartphone. Why Apple continues to be blind to this I'll never understand.
At Apple, work is play. Play is work. There is no difference.
Besides doing it that way is complicated. And Lord, we don't need complicated.
Re: (Score:2)
At Apple, work is play. Play is work. There is no difference.
Are they hiring?
Re: (Score:2)
I've never really seen the use for multiple accounts on my phone, but multiple profiles (same data, apps, etc., only some data is emphasized over others in different profiles) would be useful. Another nice thing would simply be a "game mode", for handing my phone to my nieces and nephews, that would only let them play games and not access anything else on the phone.
Re: (Score:2)
Because it's a glaring missed opportunity in iOS devices. I don't want to mix my personal and work contacts/calendars/email, but in iOS there is little separating them. Give me a work profile and a personal profile. At least good old Nokia/Symbian was smart enough to have this 5-6 years ago starting with their first generation smartphones, although the data is not partitioned or encrypted. But at least it was easy to keep work stuff separate from personal stuff on the smartphone. Why Apple continues to be blind to this I'll never understand.
There are already iOS / Android apps that separate Exchange accounts from the rest of the phone including the remote wipe. Not the described dual persona nirvana but in most cases I assume should satify the balance between controlled corporate data and your personal phone. Even without the app I disagree that they are not separated. You choose which contacts/calendars/email you want to display if not all of them. Each maintains your own identity, signature, etc. But without the app a remote wipe nails the w
Cell phone plans (Score:2)
Re: (Score:2)
Or employers stop paying for mobile phones at all. Very few companies pay for broadband Internet access these days and that used to be fairly common.
A long time ago... (Score:3)
... in a decade far, far away we used to use multi-user operating systems. Which used to keep one user's data private from another - unless they explicitly wished to share. They also let the sysadmin install software packages for everyone to use, or each user could run their own local programs - which could not access other user's data.
Sounds familiar? So why propose a "solution" that only gives application-layer (rather than OS-layer) protection between users? That only protects properly one (corporate) user - isn't my personal data of at least equal value? That can't easily be extended to several users (think "e-banking user" which shares no data at all with "games user")? And there's no inherent reason why the different user programs can't share the same display screen either, with different passwords and screen lock timeouts - so you don't need a password to run Angry Birds, but do to unlock your contacts.
Re: (Score:3)
Android already uses different Unix user IDs ("accounts" if you will) to isolate different applications from each other. This gives you better protection than a desktop operation system, because applications running on the same screen are more isolated from each other.
I'm pretty certain every app under this Toggle scheme will also run in its own context.
Re: (Score:2)
And several Android phones (like the Motorola Droid 3) use chroot and other sandboxing techniques to isolate apps even further from each other. Right down to randomising the UID of the "normal user" account on the phone.
This is one of the reasons it's been so hard to root the Droid 3.
Re: (Score:2)
that number in the tens!
Actually, I see the number 1 use case for this as cheating on a partner.
It's actually pretty relevant to about 100 million employees in the United States. I suspect people work for corporations in other countries as well.
RIM is in Danger (Score:5, Insightful)
This idea was discussed in a meeting with the various CxOs yesterday, where I work. While the recent Blackberry outage brought this to everyone's attention, the big kicker is people don't like carrying two phones.
In government, really only RIM has gone thru FIPS compliance testing and that is one of the big reasons they are so popular. Our CIO brought up that Apple has been taking the iPhone thru FIPS compliance testing and he was looking forward to being able to get an iPhone instead of the Blackberry.
That is until I pointed out the only way it'll pass compliance is if the iTunes Store is disabled and you can't load any apps on the phone. Did he want an iPhone with only the default Apple apps? "Uh, no." was the answer. And neither will anyone else.
Being able to have one phone is the key. This could be an interesting step in that direction.
Re: (Score:2)
You need to read more carefully. He didn't say "iPhone 5", he said iOS5 iPhone - that is the existing iPhone 4S.
iOS5 has been released. You can read about it on Slashdot [slashdot.org].
Re: (Score:1)
Am confused: GP compared a handful of phones that exist, then described an existing device sans downloadable apps (which everyone that owns an iphone knows, since that's how an iphone looks when purchased).
You seem to be comparing a phone that just released this morning to vaporware from a company that's struggling.
No disrespect, but your comparison does seem pretty pointless. Theirs, OTOH, seems valid except for it being one anecdote. Statistically, the CEO in GGP (chill)'s story ups the count to two. O
Re: (Score:1)
Re: (Score:3, Informative)
Re: (Score:2)
Apparently everyone missed that RIM is already doing this: http://us.blackberry.com/apps-software/business/server/full/balance.jsp [blackberry.com]
They're taking a bit of a beating right now but I have to say, if I want to actually type quickly and accurately I won't be using my Android, I'd rather do it on a BB. I can type about twice as fast when there's a real, well designed, keyboard.
RIM has the momentum against them though. Businesses have a desire to move away from RIM, but have no options with similar security. This feature will provide similar security and be one of the last hurdles for the switch.
Re: (Score:2)
Re: (Score:2)
a physical world analogy would be comparing a sheet metal locking cash box to a time locking bank vault with glass and thermal re-lockers
Re: (Score:2)
I used to have the same opinion about the keyboard until I got used to Swype. I'm much faster and more accurate using that. Give it a try.
Re: (Score:1)
Re: (Score:2)
same here; bought a samsung galaxy s2 and was worried about lack of a physical keyboard. Swype has me going quick enough to not even care at this point.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Nokia's Symbian (Score:1)
I don't get this (Score:3)
Maybe I'm misunderstanding, but if you compromise the phone, don't you also compromise the app? This is like some of the "solutions" I've seen from people that want to use their home computers to connect to sensitive enterprise resources (e.g., VPN). "Oh, why don't we distribute organization-approved VM images to the people to run on their home desktops?"
I mean, if you can't trust the host, you sure as heck can't trust the guest. And the encryption is just a feel good red herring that doesn't really solve that problem.
Re: (Score:1)
The user desktop might be the guest of the business desktop.
Re: (Score:2)
Little to do with that.
Everything to do with me dictating how you will use the company phone I am providing you - security vs usability.
Now, I have the security and micromanagement that I need (in theory)... and I can also give you the herd-of-cats usability you desire, without threat (hopefully) to why I provided you the device in the first place.
Also has everything to do with me owning the phone and data that is on it... you can imagine that co-mingled data is a nightmare when you own half the crap on the
How about Dual SIM? (Score:3)
What, carriers don't want any features that might actually empowers their consumers or helps them get away from the "subsidized" (aka bought on credit) phone handset scam? Not to mention, having multiple plans or prepaid SIM cards is also a great way to dramatically cut international roaming costs.
Remember the technologically advanced 90s? Phones used to have that feature back then.
Re:How about Dual SIM? (Score:4, Informative)
Android DOES support dual-SIM phones, so don't place the blame there. Just Google it, you'll find Android-based dual-SIM phones. Just not sold by AT&T, or TMobile.
I'm not sure why AT&T doesn't carry any, and maybe they soon will, now that they're using Enterproid. There's no reason to say that your two SIM cards won't both be locked to AT&T. You pay for two plans, but only carry one phone. Seems like a win for them.
Re: (Score:1)
could be they are afraid you will use a sim from a different carrier?
Encrypted eavesdropping (Score:2)
Sure is a lot cheaper than a rack of Nauri.
http://www.wired.com/science/discoveries/news/2006/04/70619 [wired.com]
Now Dual Networks (Score:5, Insightful)
What we really need is the 3G/4G/++ telco cartel broken so that my phone can have accounts on two networks simultaneously, so I'm not locked into a single failurepoint - that frequently fails. Just like LANs to the Internet, which can have dual WANs without prohibitive subscription rates.
In fact a second WWAN connection that's rarely used could cost more per bandwidth than the primary WWAN, so the telcos would each make a fatter profit off the "insurance" second WWAN.
So it's obvious that the telcos care more about their cartel and its power to do whatever it wants without consequences (universal warrantless wiretapping, anyone?) rather than actual increased profit and improved service for their customers.
Re: (Score:2)
1. Turn phone off
2. Remove SIM #1
3. Insert SIM #2
4. Turn phone on
OK, this isn't the same as instant, live switching, but if your concern is just for handling network failures, it should work well enough.
Re: (Score:2)
Only AT&T uses SIMs in the US, and AT&T sucks.
But indeed I want the network device to use different WAN interfaces. Mid-call, or mid Internet session. If the primary network is going up and down, I don't want to power cycle the device over and again.
Re: (Score:2)
For now, if you're on AT&T, you can switch to T-Mobile. People have been unlocking iPhones to run on T-Mobile for as long as the iPhone has been around.
Re: (Score:2)
Verizon has SIM cards with their LTE network. I have a nifty little access point that uses one, and their 4g usb sticks use them as well.
Re: (Score:2)
So I guess something like this [samsung.com] won't be sold in the US. Dual SIM phones are quite popular here (India), but they tend to be mostly dumbphones. People use one operator for long distance calls and another for local, or one's a company provided SIM and the other's their personal one, obviating the need to carry 2 phones.
Haven't seen any smartphones with this though - apart from a few no name Chinese ripoffs of Nokia handsets.
Re: (Score:2)
Of course what would be awesome would be a smartphone with a real multiport expansion bus. So multiple SIMs, or other expansions that aren't simply serial connections.
The whole model, where features are locked into HW, is a strike at the heart of the openness that's always been part of the PC, and of networking. Which is what people outside the US still can expect more of in their phones.
Re: (Score:2)
You could build one, then it would have to be FCC (or equivalent) certified, and that's the stumbling block.
Re: (Score:2)
Has anyone ever hacked an ARM/Android smartphone to add devices to a CPU bus? Like solder on an FPGA...
Re: (Score:2)
Wouldn't it be better if the networks agreed that phones can use each other's networks under specified circumstances?
They supposedly already do it here (UK), though I have never noticed any evidence of it bar a couple of operators who have a strategy of sharing towers. I do recall reading that there are phone settings, which the operators set so that it basically never happens except for 999 (911) calls, but some people claim to have been able to convince the operator to allow them to change it.
Re: (Score:2)
No, why? There are geographically overlapping networks. Any one of them fails (as happens often in the US), and the other is still almost always available.
What you're describing is available in the US. The "specified circumstances" is "roaming", which costs far more than even the robbery they charge for service on the home network. If your phone even supports the different frequencies, or entirely different technologies (CDMA, GSM, WiMAX, LTE, etc) selected by different telcos partly to keep "their" phones
Re: (Score:2)
This exists already. Some World phones are also satellites phones. If you want fail-over service, you have to be willing to pay for it.
Enterprise? What about the calendar? (Score:1)
When I got my Nexus 1 back in Jan 2010 I loved everything about it except one thing. Using the search function on the phone did not return results from the calendar. I was trying to manage about 48 patients and frequently needed to be able to look at their appointment schedules going out a year. Before getting the Nexus 1 I had used Palm PDAs for almost 10 years. The search function in Palm OS brought back calendar items from day one. How could it be that a search company's operating system could miss
Re: (Score:1)
Re: (Score:1)
Actually I've looked at it in the past and I'm looking now in case something changed recently, and NO, the calendar does NOT appear in the searchable items list. I have to use searchify (a third-party app as I mentioned) in order to get any calendar results.
In the future, please refrain from responding to my posts. Thank you.
Re: (Score:1)
I am running Android 2.3.6. and all my applications are up to date. On the Nexus 1 there are no "overlays", just plain Android. If you're getting calendar results from a search I think they are coming from Samsung's overlay on Android or from a third party app you installed and forgot about, not from Android or from a Google authored app. Exhaustive web searches indicate that Google has not produced anything that searches the Google calendar short of opening a web browser and doing it manually.
I discover
Yet another misleading headline (Score:1)
Android versions 2.0 and later already support multiple accounts. My own phone has 2 accounts associated with it, and would have more if I could stomach using MotoBlur. Things like securely checking (and, depending on the infrastructure, syncing) corporate email and calendar can be done without a "split personality" device, but I guess that just doesn't fly in the case of IT control freaks.
Re: (Score:2)
Not like that, but multiple users of the device. I would really like this on my tablet. An unlocked account on my tablet for anyone to use, that has no access to my gmail account.
Incorporating multiple users on to portable device (Score:1)
This wasn't a feature on stock before? (Score:1)
I like the idea but see problems (Score:2)
They essentially want to create sandboxes or jails like on my favorite OS Freebsd.
It can only work if android had been created with this in mind. The problem is that hackers will probably figure out how to get into the other sandbox if the sandbox mechanism isn't well designed. Encryption isn't enough since the decode key resides on the device. Further what about one sandbox sniffing the others network traffic? That's why the OS has to be designed with it in mind.
But the idea of a separate desktop contr
Apple (Score:2)
Because they want you to have one phone for personal, and another phone for the business...to boost the sell!
Is that so hard to understand?
Re: (Score:2)
Wrong forum: http://forums.macrumors.com/forumdisplay.php?f=134 [macrumors.com]