Exploitation of computing devices is an ever increasing problem in today's mobile workforce environment. Bring-your-own-device (BYOD) trends are accelerating in today's everything-mobile environment. One disadvantage for today's users is that they have to carry multiple devices to stay connected to every aspect of their lives. The advent of consumerization has led employees to demand a greater say in the devices, applications and carriers they use at work. They either tend to regard company-issued mobile phones as their own, or they are looking to bring personal devices into the workplace to help them manage their day—but few are prepared to juggle two separate handsets nowadays. IT departments are struggling to react to the pace of change that these new types of hardware and operating systems pose in the enterprise environment. Data security is a particular concern as currently devices are used interchangeably for private and professional purposes, without proper restrictions placed on data access both on and off the device. At the moment, the frontier between personal and business devices is blurred, while smart phones are increasingly used for work purposes.
More specifically, a growing number of employees are already using their own phones for work-related activities. According to Forrester, 60% of companies now allow their employees to use personal smart phones and tablets at work a trend known as BYOD—‘Bring Your Own Device’. However, using the same device for work and private purposes may be problematic. For instance, using your business phone to store your personal contacts means that these may end up in the company's backup base, raising privacy concerns. Further, having company data on a personal device raises the likelihood that dissemination of the company data outside of company communication channels may occur.
Today's MDM/MAM solutions is drastically complicated by an increasing demand by users to BYOD. On one hand enterprises need to ensure that data are secured and under the control of the enterprise, but on the other hand the user wants to retain control of device data that are personal in nature. This see-saw battle gave rise to recent technological advances in the area of applying MAM to applications, often termed “containerization” or “sandboxing”.
However, a major challenge in applying MAM to a “container” revolves around the interaction between applications and the IPC subsystem of the mobile device platform. Ideally only interfaces that are 1. crucial to the functionality of application 2. necessary for MAM should be exposed via inter process communication (IPC). These two requirements however, poses serious challenges and security risks. For example, allowing applications to expose application interfaces via IPC introduces an attack vector where intruders can invoke the application interfaces for malicious purposes, possibly result in data leakage. The MAM component could theoretically intercept the calls at the IPC level, but this often requires direct hooks into the mobile platform which might not always be desired. Alternatively completely disabling the application interfaces of applications is not practical either some of them are crucial to the functionality of the application (e.g. Android component's lifecycle events are invoked by the Android Binder IPC subsystem). Another example is where application interfaces that supports MAM are often extremely powerful (eg. Deletes data, lock application). Exposing these application interfaces via IPC poses an extreme risk where a malicious application can invoke resulting in possible data loss.