By giving the OK for the U.S. government and military to use Android devices with Samsung's security platform, the Pentagon has confirmed that Google's operating system can be locked down as well as the BlackBerry OS, once considered the gold standard in mobile security.
Samsung announced Friday that the Department of Defense (DoD) had approved the use of Knox-enabled Android smartphones and tablets. Currently, that would include only the Galaxy S4, but Samsung has said more devices would ship with the platform in the near future.
The DoD nod places the S4 on par with the BlackBerry Q10 and Z10 smartphones and Playbook tablets running the Pentagon-approved BlackBerry 10 operating system. Apple is expected to get similar approval this month for iPhones and iPads running iOS 6.
Samsung, which is making a big push in the enterprise market with Knox-enabled S4s, can now say that Android devices can be made as secure as their rivals.
"The OS can certainly be locked down with technology and there is no way to indicate Android is less secure than others, including iOS and BlackBerry," said Xuxian Jiang, a mobile security researcher at North Carolina State University. "The recent approval of S4 for Pentagon and government use is clearly a positive sign."
A key Knox feature borrowed from the BlackBerry lets IT administrators place work and personal information in separate containers on the same device. Called "partitions," the feature encrypts business apps and data in a secured bin, which is all that admins can access. This allows people to wipe their device clean of corporate data when they leave a company, while holding on to their personal information.
Security with Android devices in general has been a problem not because of the operating system itself, but because of the ecosystem around it. Most mobile malware is written for the platform, because the malicious code can be hidden in apps and distributed through any website. Google Play, the official Android app store for consumers, is considered reasonably safe by most experts.
Last year, nearly all of the more than 35,000 instances of mobile malware stemmed from devices running Android, according to IDC. Apple has avoided the same malware problems by requiring that all apps for the iPhone and iPad be vetted by the company and distributed only through its App Store.
Google recently changed its Play Developer Program Policies to say, "an app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism."
The move makes it much more difficult to turn a benign app into a malicious one once it leaves Google Play. When apps could be updated through a third-party server, unscrupulous developers could install malware or have the upgrade gather more personal data than the previous version.
[In depth: Avoiding basic BYOD blunders]
Samsung worked with the National Security Agency (NSA) in developing Knox, which the company hopes will attract corporate customers despite apprehension over Android security. Projections show there is a market. IDC predicts that a third of the 737 million Android smartphones shipped in 2016 will be used in business. Android today accounts for about 70% of the smartphone market.
Because of Android's market clout, Samsung is not expected to be alone in making Android enterprise ready. HTC, Motorola and LG have established business units with the same goal.
While Knox looks good on paper, the real test of the platform will come once it is in use by government and corporate customers. "I'm sure attackers will see what they can do with this new system knowing that there are government assets running it, so time will tell how secure it is," said John Grady, an analyst with IDC.
In the meantime, other companies are building additional security on top of Knox, so Samsung devices can be used in classified networks. General Dynamics has built a hardened version of Android that uses the company's root certificates instead of Samsung's. General Dynamics plans to make its technology available for use on any Android smartphone.