With such rapid adoption, it’s no surprise that Android smartphones and tablet PCs are increasingly making their way into the enterprise. This is further amplified by the consumerization of IT trend, in which employees use their personal mobile devices for business. Companies often encourage this, since it lowers their IT costs and allows employees to use their preferred devices.
Integrated IPsec client lacking with Android
Android, however, brings some risk with it. For instance, one of the challenges enterprises face is securing communication between the mobile devices and the company network. VPNs are a tried-and-tested remote access technology designed to resolve this exact issue. Android’s VPN client, starting with version 1.6 (called “Donut”), is based on the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). It also supports L2TP with IPsec pre-shared keys and VPN connections via IPsec VPN, on the basis of certificates and an optional L2TP-"secret" mode.
And while many companies use IPsec for secure remote access to their networks, no integrated IPsec VPN client is available on Android - not even in the current version. Apple has already fixed this shortcoming in iOS, in part, because it wanted make the iPhone attractive for businesses. Since its third iteration, the iPhone has featured an integrated IPsec client that works with common VPN gateways.
Access to smartphone firmware necessary
The Android operating system doesn’t just lack an integrated IPsec VPN client; it also makes installing and configuring third-party VPN software quite complicated. IPsec VPN clients have to be integrated into the kernel of each device, and the client software has to be installed specifically for a memory area. This means that the firmware of each Android smartphone or tablet has to be modified accordingly.
IPsec VPN providers have to ask each vendor of Android systems, like HTC, Samsung or Sony Ericsson, for access to the system software of the devices. Considering how time-consuming and financially burdensome this process is, many vendors, justly, frown upon it. Vendors are particularly not fond of disclosing the details of their Android implementations to third parties.
Alternatives: PPTP and L2TP via IPsec
Until a “real” IPsec VPN client is available, Android users can use their devices’ integrated VPN clients based on PPTP or L2TP, which is deployed over IPsec. A “real” IPsec VPN connection, however, is more secure because it encrypts data prior to authentication.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.