A new Android app allows a smart phone to behave as if it were two separate devices. It lets a person use their phone as normal to install apps or play games and then flip into a second, walled-off environment in which it acts like a different device. That second environment offers heightened security to protect data from malicious apps.
“It looks like a completely different device, but it is actually running side by side on your own phone,” says Andrew Toy, CEO of startup Enterproid, which is beginning a closed trial of the software today (sign up for the beta program).
The new app, called Divide, is intended to enable people to separate work and play—to use their phones however they wish and still meet the demands of IT departments worried about security. Employees who want mobile access to e-mail and other work content typically receive BlackBerries or are required to comply with policies that, for example, prevent them from installing new apps or give IT staff the power to wipe the phone remotely.
“In the post-iPhone world people are no longer happy with just a BlackBerry because they perceive their personal device as more advanced,” says Toy. “But they don’t like giving up control of that device, and who would want a smart phone without apps?” Some people carry two phones, says Toy—one belonging to the company and another for personal use.
When a user installs the Divide app, it registers with the user’s work e-mail account and takes on that employer’s security policy. This might mean a password is required when flipping into work mode or that e-mail cannot be retrieved while roaming internationally.
When users do flip into work mode, they find a conventional Android home screen with stock apps for Web browsing, e-mail, a calendar, contacts, SMS, and making calls. Divide stores all its data—for example contacts and e-mails—in an encrypted storage area on the phone. It also acts as a kind of firewall between apps that run inside the work mode and the others the user has installed.
“The default attack on Android is for an app to just ask the operating system for your data—for example, your phone book,” says Toy. Android allows apps that use sensitive information such as your location or contact list, but some apps have been found to abuse this capability, sending data such as e-mail addresses to criminals.
Apps that run inside Divide do not communicate with the Android system, so they can’t access this kind of data directly. When they want access to information such as a person’s contact list, they ask Divide, which acts as an intermediary. It won’t send data in the other direction, from inside Divide to outside it, and its encrypted data store is not part of the operating system’s own stores.