VMware has been demoing what sounds like almost identical technology for a while now:

http://itknowledgeexchange.techtarget.com/IT-watch-blog/like...

It creates a virtual machine that's hardware encrypted on the device, and actually runs them as two separate phones. Similar full-on or pseudo-virtualized environments have been used on the iPhone, iPad, and other devices to various degrees of success over the years, but I think it is a slight hyperbole to say "this could change the way people use smartphones, entirely".

as far as i can read, that's incorrect. VMWare virtualize the phone's hardware. That's actually adding some security between the 2 environments (personal and business, mind you).

The linked article seems to be about 2 separate disk partitions, but the same user space. And that doesn't sound good then.

You're right. I definitely shouldn't have used the term "identical". The user interface paradigm seems very similar in concept, regardless of the underlying technology, and I guess I was trying to push back on that hype as an original take.

There was a consumer grade phone a few years ago that pulled very similar partitioning tricks but my Google-Fu has failed me in retrieving it. Thanks for clarifying.

Such a device was featured in Charles Stross's recent novel Rule 34.

I don't see anybody ditching RIM yet. Security needs to be proven with a track record. No matter what systems they deploy, there will always be exploits and hacks.

A number of companies already allow use of non-RIM smart-phones for company email though. I know of at least one big-four consulting firm that issues iPhones instead of BBs, and an oil major that allows reading of company email on iPads. I'm sure they're not the only ones.

^This - many IT organizations are allowing (and actually distributing) iPhones.

There are quite a few companies using iPads as well (SAP for example bought 3,000+ for their sales workforce)

> I don't see anybody ditching RIM yet.

Then you haven't been reading asymco :).

This recent article includes such sentences as "During the last month alone RIM lost 1.2 million users." http://www.asymco.com/2011/10/07/3411/

Ok yes, I know, obviously a lot of people are moving away from RIM.

In the context of the article, by "anybody" I meant companies and organisations, who are working with highly sensitive and confidential information. That's the segment the phone in the article is trying to compete in. In order to move these people away from RIM, they have to build up trust though, which is a long process.

Enterproid does something similar : http://www.techspot.com/news/45771-enterproids-divide-separa...

They call it the Divide platform. The professional side of the device has includes enhanced security, access control, remote wipe capabilities..

"All software installed on Bizztrust-enabled Androids is automatically scanned before the user logs on to their company's network via VPN; if any irregularities are detected, the user will not be able to use compromised apps"

What exactly does that mean? Do they keep a blacklist of apps? Perhaps they only mean the "work apps"?

And if the phone is compromised, how can you trust the "scan"?

A compromised phone scanning itself does not make a lot of sense. If the server scans the phone, it still can't be trusted since you're asking an insecure device: "are you compromised?".

Guess the point is just to know if there are any unwanted apps, that did not gain "root", on the phone. Is this useful?

I think that an individual user would be unable to modify much in the "work" partition:

>> Control over apps in the "work" partition is handled by the end user's corporate IT team

So maybe each time the phone checks in to the network, some sort of hash is computed to see if anything is different than the expected system?

Anyone know if this is open source?

Given that it comes out of a Fraunhofer Institute, I highly doubt that it is open source. I would also assume that this product is actually only a tech demo, not a fully implemented solution.

Dalvik is not intended to be part of the Android security model. Security comes from the separation of processes based on user permissions at the Linux level.

I don't see how this statement addresses what I said.

I am referring to the fact that applications can be installed from Market (or otherwise), receive no explicit user-granted (or visible) permission, and yet have unfettered access to the largest chunk of native code in the system, which more often than not is a year behind the latest security updates.

No amount of userspace virtualisation can work around that.

If you didn't know that, anything that sounds like a negative comment of a G. product on HN is down voted. It's like a meme. No need to worry.

The kernel vulns are still there in most phones and exploitable from user space.

Have a look at the very new Android security review, by "experts" and official:

http://source.android.com/tech/security/index.html

While its a good start (user separation among others), it doesnt address any core security issue, like timely kernel updates (and many phones don't even support OTA properly/don't get updates pushed, so no timely Android core updates either), sdcard security, drivers fully communicating in user space (this one won't be fixed as its a work-around to avoid GPL).

IIRC, the Access Linux platform was running each app under a different user ID. Is Android doing something similar?

Yes. That's exactly what android does. So as long as there is no kernel (or set-uid OS) exploit, applications run with perfect separation.