There have been some rumblings in the industry, especially th finance and big banking, of allowing employees to use their own phones for intra-office communication—in this case: allowing them to use iPhones or Android phones. This move has been spoken about due to the potential financial windfall that these companies could see by not having to purchase a handset for every employee. However, this opens up a huge problem that these corporations must already be aware of. And unless they want to reap the whirlwind, they’ll have to think long and hard about commissioning their own proprietary software.

Why? The reason is simple: security.

Ronen Halevy, an author of the same mind as I, from BerryReview has this to say on the matter,

Every time I hear the doom and gloom story about companies looking to replace their enterprise BlackBerrys with iPhone and Android devices I wonder if I have stepped into an alternate dimension. I can understand smaller companies and companies that have lax security but this would be a ridiculous decision for finance, law, or any other professional company. The reason can be summed up into one techy term “Rooting.” (Also known as JailBreaking)

This isn’t even the first problem that came to mind for me, but it’s something that really needs to be addressed. Yes, allowing users to use a handset that permits them to easily break through whatever security features exist will give them access to the sensitive information being transferred by the phone—and worse, if the phone falls into the hands of the competition they’ll have an easy-as-pie time breaking into the employee’s account.

Halevy mentions the ease of rooting iPhones and Android handsets, but that’s only half the problem. Later in the article it’s mentioned that Android handsets store their secure login data in PLAIN TEXT (which means it’s unencrypted.) If this is true for any handset and a cracker gets their hands on the physical phone they can just take the data storage out of the phone and access it directly—no rooting required.

However, as OS similarity and marketplace popularity increases for these handsets we will also see cyberwarfare attempts against them. For example, Trojan Apps: applications specifically designed to pretend to be benign that instead break into an already rooted phone, read that username/password database, and transmit their findings back to home base so that it can be cracked elsewhere.

Big corporations could get around these problems by writing their own secure apps for the iPhone and Android that are designed to connect into the corporate network. If the underlying OS doesn’t supply enough encryption they can roll their own with heavier and more powerful keys—it may slow down communication a little, but it will discourage crackers from attempting to hijack their employees’ phones. Plus, it will prevent the employees themselves from breaching the security of the network through their own dalliances with apps of little-repute after JailBreaking their own phones.

When I first heard about JPMorgan and others thinking about testing BlackBerry alternatives this is precisely what I thought about. I figured that they’d be including secure communication and secure storage applications rolled into one on the phones using VPN, encrypting its e-mail archive and username database, and obfuscating the keyboard from the rest of the handset when active—assuming this last bit is technologically possible on iPhone or Android.

In fact, if Google or Apple wants to court big business communication, they might think about writing hooks into the firmware and OS that will ease these sorts of security measures.