Donate to Science & Enterprise

S&E on Mastodon

S&E on LinkedIn

S&E on Flipboard

Please share Science & Enterprise

Smartphone Isolates Apps into Business and Personal Sections

Android smartphone (Johan Larsson/Flickr)Computer scientists and engineers at the Fraunhofer Institute for Secure Information Technology (SIT) and Center for Advanced Security Research (CASED) in Darmstadt, Germany have developed smartphone software with separate business and personal areas. The team plans to discuss their research next week at it-sa (IT security) trade fair in Nuremberg.

The work of the Fraunhofer team is aimed at the growing practice of employers to provide smartphones to their key staff. At the same time, smartphone holders find it difficult to use these employer-provided devices only for business use, and personal applications (apps) get added to them.

The solution devised by the Fraunhofer team is called BizzTrust, and is so far written for Android phones. BizzTrust separates private and business applications on the phone into two separate protected areas for data and apps.

The software can identify whether content belongs to a business or a personal application, store it separately in the appropriate section, and control access to the data during operation. These features, say the developers, enhances the security of business data while still allowing employees to install as many private apps as they wish. If attackers break into an unsecured personal app, the attackers cannot use the personal app to access company data, thus limiting the impact of the attack to private data on the smartphone.

To implement what amounts to two virtual smartphones in a single device, the Fraunhofer team modified the Android operating system to identify all data from trusted applications. Companies providing the phones can also provide their own apps to employees and keep them updated on a regular basis.

Because these assignments and rules may change over time, the business applications are updated or deleted as needed as soon as the authorized user logs in to the company network. Security is provided by a check of the telephone’s software conducted before the device can log onto the company’s network via a secure VPN link. If a modification is detected in the device, the company’s network can block access to critical applications.

The next steps for this technology, says the Fraunhofer team, are to equip smartphones with integrated smartcards that provide additional security functions, and develop tools to permit IT administrators to routinely manage their smartphones. Fraunhofer SIT is partnering with other companies to develop these management tools.

Read more: Scheme Protects Against Wireless Network Security Breach

Photo: Johan Larsson/Flickr

*     *     *

Comments are closed.