Zebra Mobile eXtensions (Mx)
Bruce A Willins
Sr Director Technology Solutions
Agenda
• The genesis of Mx - Why?
• What is Mx and Who Uses Mx
• How are Mx Features Being used by customers & Application Developers
• Tools That Enable Access To Mx
Mx OS Extensions Is An Enabler Advanced Management & Security
Exactly…with Mx alone end users get NOTHING !
MX Features Are Made Available Via Three Zebra Offerings
(1) MDM Toolkit
(2) StageNow
(3) EMDK
MDM Vendors
IT Administrator Software Developer
Mx Designed To Meet COBO Demands
Healthcare
Retail
T&L
Manufacturing
Government
HTC/Others
Personal - Only BYOD COPE COBO
BYOD – Bring Your Own Device
COPE – Corporately Owned
Personally Enabled
COBO – Corporate Owned
Business Only
ILD CLD
Extended Life Cycles To Reduce TCO
Hardened Security
MDM/EMM To Reduce IT Overhead & Downtime
Enterprise accessory ecosystem
LoB Missing Critical
High Differentiation / Ability To Customize
High Customer Touch
> 1.5B Units (Smartphone & HH Devices)
Short Life Cycles
Ease of Use Over
Security
“Consumer” WIFI
Limited IT Control
Partial Wipe
Limited App Extensibility
Assumes Untrusted Apps
User Controlled Updates
Dual Persona
Short Support Cycles
Large Volume To Influence
COPE/BYDO Focus / Context
Mx Need Driven By Mobile OS Inflection Point Driven By Smartphone Consumerization
2000 – 2011+
Application Rewrite and/or Re-Architect
Microsoft
Android
Apple
HTML5/JS
Other
WE8H / Win 10
Smart Phones
Enterprise Only OS’s
The Genesis of Mx – Value To Zebra Stakeholders
Meeting IT Needs
Zebra MX - Enterprise Overlay
Android
Leveraging Consumer Scale
2014 1B+ Smartphones >20B App Downloads
Zebra Utilities
RhoMobile
Enterprise Browser
EMDK
Rx Logger
Enabling App Developers
WinMobile
Change Drives Opportunity
Enterprise Customers Are Taking This Opportunity To Re-architect Their Applications Improving The UX (keys to touch), Flattening UI’s, Leveraging Gestures, Future Proofing (e.g. X-Platforms)…
Device Admin API (DAAPI) - Necessary But Not Sufficient
Policy Description
Password enabled Requires that devices ask for PIN or passwords.
Minimum password length Set the required number of characters for the password. For
example, you can require PIN or passwords to have at least six Alphanumeric password
required
Requires that passwords have a combination of letters and
numbers. They may include symbolic characters.Complex password required Requires that passwords must contain at least a letter, a
numerical digit, and a special symbol. Introduced in Android Minimum letters required in
password
The minimum number of letters required in the password for all
admins or a particular one. Introduced in Android 3.0.Minimum lowercase letters
required in password
The minimum number of lowercase letters required in the
password for all admins or a particular one. Introduced in Minimum non-letter characters
required in password
The minimum number of non-letter characters required in the
password for all admins or a particular one. Introduced in Minimum numerical digits
required in password
The minimum number of numerical digits required in the
password for all admins or a particular one. Introduced in Minimum symbols required in
password
The minimum number of symbols required in the password for
all admins or a particular one. Introduced in Android 3.0.Minimum uppercase letters
required in password
The minimum number of uppercase letters required in the
password for all admins or a particular one. Introduced in Password expiration timeout When the password will expire, expressed as a delta in
milliseconds from when a device admin sets the expiration Password history restriction This policy prevents users from reusing the last n unique
passwords. This policy is typically used in conjunction Maximum failed password
attempts
Specifies how many times a user can enter the wrong
password before the device wipes its data. The Device Maximum inactivity time lock Sets the length of time since the user last touched the screen
or pressed a button before the device locks the screen. When Require storage encryption Specifies that the storage area should be encrypted, if the
device supports it. Introduced in Android 3.0.Disable camera Specifies that the camera should be disabled. Note that this
doesn't have to be a permanent disabling. The camera can be Other features Prompt user to set a new password. Lock device immediately. Wipe the device's data (that is, restore the device to its factory defaults).
Android – An Enterprise OS
• Beyond Android’s Original Purpose - Consumer Mass Adoption (drive more search for Google)
• Android Continued Hardening Over 7 Deserts, 7 Years, 22 API Levels, and Billions of Deployments
• Froyo 2.2 (May 2010) - Device Admin API (DAAPI)
• ICS 4.0 (Oct 2011) - Turning Point For Enterprise Security
• Numerous Key Security Additions
• Strong Password Support
• EAS Policies
• VPN Support / Per-User VPNs
• Full Device Encryption
• Encrypted Key Store
• SE-Linux Additions
• ASLR (Address Space Layout Randomization)…….. (many more)
What Mx Is Not
Is not designed to replace Android functionality but to supplement Android functionality
Does not cost you anything — there are no licensing fees
Does not take over – you decide if and when to activate features
Does not require installation – it is pre-installed and ready to go
Directly extensible features available to end users via the UI
Is not a proprietary version of Android
Indiscriminant Access to privileged features/functions/APIs
Mx Os Extension Basics
How is the device configured? …A device is configurable via XML constructs
How is the XML generated?… StageNow, EMDK, or MDM Toolkit, (manual but not recommended)
What triggers the consumption of XML….An application binds to the MX framework and passes XML
How do I know if the XML was consumed correctly? … a response XML is generated
Mx Os Extensions Made Available via EMDK & StageNow
Mx OS Extensions Foundation
EMDK StageNow
67+ Major Operations
Some of Which Are Compound
Operations
Mx Is Available For AOSP & Google Mobile Services (GMS) Platforms
• Privacy - relinquishment to Google of significant data rights, inconsistent with enterprise protection of data
• Google Account Logistics – services require a Google account
• Forced Updates - “Google Terms of Service” (//www.google.com/intl/en/policies/terms/) “When a Service requires or includes downloadable software, this software may update automatically on your device once a new version or feature is available.”
• Malware Exposure - Google Play Riddled with Malware (NIST best practice no access to public app store
• Hardware Design Constraints – all hardware designs must comply with Google CDD, which limits enterprise device choices
• Application & Customization Restrictions – UI constraints
• Potential Functional Limitations – Must adhere to Compatibility Test Suite
AOSP ~ 22.5% of All Smartphone Shipments (4Q 2014) (https://www.abiresearch.com/press/4q-2014-smartphone-os-results-android-smartphone-s/)
Google Maps.
Google Cloud Messaging
Google Play Store
Google Play Services
Google+
Google Analytics
Google Mail - GMAIL
Google Wallet Instant Buy
Google Cloud Platform
Mobile Chrome Browser
GMS Challenges GMS Features
Top 4 Mx FAQ
• Q: Would/Will you do something like Mx for OS’s other than Android? A: We’ve provided Mx like functionality for legacy operating systems through an SDK/EMDK. We cannot however extend such functionality in other “closed” operating systems such as WE8H and IOS.
• Q: What happens if later versions of Android include an Mx Feature? A: You have the option to use either and if a direct 1:1 mapping exists then the Mx operation will eventually be remapped.
• Q: Any consideration in making Mx an open standard? A: Yes. We are exploring 3 options to standarize Mx; industry consortium, standards organization, or directly into Android (preferred route).
• Q: Where do Mx features come from ? A: Originally came from our domain knowledge but have now been driven by enterprise customer requests.
Privilege Access Functionality Through Mx
• Basic Android “User Applications” - Not Adequate For Many Enterprise Android Needs
• Unprivileged – prevent adversely impacting; other applications, the operating system, accessing private data, accessing other application's files, performing network access, keeping the device awake…
• End User Approved Permissions - Required “permissions” declared in the manifest are approved by end user
• Typically self-signed with a developer held certificate/private key (simply identifies author), Permission Levels – Android apps list permissions in their manifest, Permissions are either (normal, dangerous, same signature, signatureorsystem (platform sign)
• Privileged Apps with “Signature-or-System” Protection Level – Enterprise Functionality But Not Scalable
• System Apps - Critical Apps, Protected In read-only /System /app (cannot be uninstalled by user)
• User Apps that that are “platform level signed” (OEM Signed Applications)
• Mx Provides Gated, Controlled Access To Privilege Features, Platform Signing Is Not Necessary To Access Mx Features
Some Consumer Offerings Do Not Adequately Protect
Privilge APIS
Mx - Facilitating Rapid Response Feature Requests Working on Adoption
MDM Management Console Software
3). MDM Console Software Update
Rewrite, Test, & Release Console Software & UI
MDM Agent
2). MDM Agent Update MDM Rewrite, Test & Release
Android Operating System
1). OS Update Zebra Rewrite, Test, & Release
MDM Compiles DSD For UI Update
Edit Zebra XML & DSD Documents
CSP Update
Sync
Use Existing MDM Sync To Bring To Device
MDM Agent
Existing MDM Agent Triggers XML Consumption
Code Changes
Before Mx All Three Major Components Must Be Updated Under The Mx Paradigm Only A CSP Is Updated
Mobile OS Mass Adoption Has Its Downside
WW SMARTPHONE MARKET (UNITS)
Worldwide Device Shipments
(thousands of units, Gartner Oct 2013)
0
500
1000
1500
2000
2500
3000
2012 2013 2014
Mobile Phone
Tablet/Ultramobile
PC (Desk-based and Notebook)
2014 Mobile Phones To Out-ship
PC’s By ~ 7:1
• Retail • PCI – DSS (Payment Card Industry – Data Security Std) for mobile payment (MPoS)
• QSA (Qualified Security Assessor) Audits
• Critical Infrastructure • NERC – CIP (North America Electric
Reliability Corp – Critical Infrastructure Protection)
• Healthcare • HIPAA, – Health Insurance Portability & Accounting, HITECH, Omnibus
• Controlled Substances • DEA CSOS – Controlled Substance Ordering System
• Financial • Sarbanes-Oxley, Gramm-Leach Bliley Act (GLBA), Basel II
• Government • NIST FIPS – Federal Information Processing Standards
• Gov’t PED (portable electronic devices) Requirements
• STIGS (Security Technical Implementation Guide)
• DoD Directive 8100.2 (commercial wireless devices in DoD Gov’t Info Grid (GIG)
• Federal Information Security Management Act (FISMA) / NIST Info Categorization Guidelines
• Legislation Requiring Breach Notification • 46 States Have Enacted Breach Notification for Personal Information
• Federal Legislation In Discussion, But Pending
REGULATORY COMPLIANCE IS FUNDAMENTAL TO ZEBRA CUSTOMERS DIRECTIVES/MANDATES/EDICTS
Mx-Osx Enables comprehensive Lockdown “Principle of least privilege” On/Off-Enable/Disable/Filter
Android Debug Bridge (ADB)
Device File Access
All USB Activity
ON /Off
/ Discovery
Off
Recording
GPS
Cellular
Camera
Comprehensive Lockdown and Monitoring Enabling Only the Functionality Needed to Perform the Operation and No More
Imager
SD Access
Interfaces
Sensors
Software
Devices
Settings
&
Capture Application
White List URL Filters
Speaker Display
Brightness
User
Settings
Proxy
How Are Customers & Developers Using Mx
• UI Controls - My associates are invoking unnecessary settings which generates an IT service call and results in lost productivity…..
• Mx allows Black Listing of System Applications, black listing the settings apk limits the end user settings to; Sound, Display, & About.
I wonder what happens when I do this?
• Certificate Management – I need to install/revoke certs & enable staging on a secured network
• Silently Install/Remove A CA Root Cert
• Silently Install/Remove client certs / private key
• Auto-Clock Adjustment - device needs cert to get time update but cert cannot be installed due to invalid time set
Limited Settings
Intent Generation
• Enterprise Reset – I want to programmatically reset the device but I also want to persist some applications, settings, and data
• Mx enables users to issue an “enterprise reset”, anything stored in the Zebra enterprise folder will persist
over the reset.
How Are Customers & Developers Using Mx
• White Listing - My associates should only run approved applications…..
• Mx provides active (not just removal of icons) application white listing, limiting applications that can be loaded and/or executed to those explicitly approved
• White Listing Privilege Extensions – My application wants to be able to submit
XML and wants to designate other trusted applications to do the same.…..
• White Listed Approved applications can designate other trusted applications to enable Mx XML submissions
Circle of Trust
Submit To Mx
Cannot Submit To Mx
• Launcher Control (Enterprise Home Screen) - I want an application specific device or I have part time workers that should not have full Android access.…..
• Mx allows you to control the launcher, with enterprise home screen the device can be locked to a limited set of capabilities
• Mobile Application Management (MAM) I need to manage all applications on the device .…..
• Mx to install, remove, update, applications unattended.
Sample Upcoming Mx Capabilities
• Mobile alerts are distracting our drivers, creating a safety hazard…….
• Mx: Programmatic Control to Enable/Disable Mobile Alerts
• I have screens in my application that contain sensitive data which I do not
want in a snapshot….or….The QSA for my MPOS application requires disabling screen shots….
• Mx: Programmatic control to prevent Screen snapshots
• I do not want sensitive information copied to the clipboard…. • Mx: Programmatic control to enable/disable the clipboard
• Notification Bar is allowing access to settings & applications • Mx: Programmatic control to enable/disable pulling down of the notification bar
Mx – New Real World Issues Escalated Lost/Stolen Devices
• Enterprise
• IDC – 70% of enterprise data now resides on mobile devices
• ~4.3% of employee issued smartphones are lost or stolen (Ponemon Institute)
• 57% were unprotected
• 60% believed to have sensitive data
• Industries with the highest loss rate; healthcare & pharmaceuticals, education & research,public sector organizations
• Symantec Study Human Nature – 50 “lost Phones” • 43% Clicked “Online Banking”
• 53% Clicked “HR Salaries”
• 57% Opened “saved passwords”
• 72% Checked “private photos”
•
http://www.today.com/tech/exclusive-lost-cell-phone-project-dark-things-it-says-about-363707?franchiseSlug=todaytechmain
Mx - Dealing With Lost/Stolen Devices Autonomous Countermeasure Matrix For Android Mx
Countermeasures
Threats Wipe SD card
Factory reset Wipe Secure Storage Keys
Password Reset All Users
Password Reset Specific User
Lock Device Uninstall Specific Application
Send Alert to Application via Intent
Maximum password limit X
MDM Client Removal X X
Force through XML X X
Exchange ActiveSync (EAS) password limit x x x x x X
Device is Rooted
X
Exceeding a Configured Threshold Results in One or More Countermeasures
Runs Autonomously on Device Negating Dependency on Network Connectivity
Configured by Enterprise Administrator & Pushed to the Device
E.g. Profile Settings
Zebra Technologies Confidential Restricted
Mx => Numerous Features & Functions To Enhance Programmatic Device Control, Management & Security
MX Programmatic Configuration
• MX uses a standards based XML schema (OMA-CP PROV / MSPROV) • New features can be developed and immediately plugged-in and used by all solutions (MDM, Staging, EMDK)
• Concurrent use by multiple applications with sync & async options on transient & persistent operations
• XML generated by Eclipse Pug-in (EMDK), StageNow workstation or MDM Console
Extensible Configuration
CSP
XML Object
CSP
XML Object
CSP
XML Object
CSP
XML Object
Admin Developer
Staging / MDM
EMDK
MX Management System
XML File XML File
THANK YOU