6/8/2010 - Author: Felicia

Businesses need cell phones that have secure email capability, the ability to have encrypted storage, remote wipe for lost devices, and functionality with office documents. Microsoft Exchange has and continues to be the industry standard for email server technologies. Its feature set and security makes hosted email at google look like swiss cheese.

Recently, UoC Davis dumped gmail as its email provider over privacy concerns. I am not supportive of the recent trend of colleges to get rid of their own internal email systems where they have control and privacy and then outsource that all to Google. Have you ever tried to contact technical support at Google or Yahoo regarding your email there? Good luck with that. The article about UoC Davis also talks about the city of Los Angeles moving all their stuff to Google. I think that is just crazy. I'm all in favor of schools and government reducing their costs, but they need to find ways to do it without creating a giant single point of failure with security and privacy issues. I'm sure someone will argue with me the reliability of internally-hosted email servers, but they can't argue with the topics of control, security and privacy. Google stores data like Facebook does. They store email indefinitely in dozens of places on dozens of servers around the world. So how does it ever get deleted? What happens when a hard drive in one of these servers dies and gets sent back for warranty replacement? Who has access to the data during all those changes of hands? I didn't really mean to go off on a tangent here, but you have to understand that POP3 or other non-Exchange email servers are not a viable option for real business.

Exchange offers secure transfer between the server, client, and smartphone regardless of location assuming you are NOT cheating and using POP3. Most Exchange server administrators do not enable POP3 for security reasons. They want you to be using the secure protocols of RPC or RPC over https. Windows Mobile smartphones have ActiveSync built-in. This uses RPC over https. Thus email transfer between phone and server is secure. When the iPhone first came out, it could talk to Exchange, but not in a secure format. I believe that has since been corrected. However, iPhones are still fake smartphones because they do not synchonize calendar, contacts, and tasks the same as a Windows Mobile smartphone.

Windows Mobile is like having full access to all your contacts, calendar, tasks and email on your phone whenever you wish. iPhones keep your contacts separate from your iPhone contacts. So your phone contacts don't synchronize into the server. When you lose your phone or it dies, you lose those contacts that were just in your phone. The Android phone suffers the same problems. I'm really at a loss as to why you would want to have two separate lists of contacts. People have been having problems for years with losing their list of phone number contacts in their phones because they weren't using Windows Mobile phones that sync'd to an Exchange server. I don't have this problem. If I get a new phone, I simply setup ActiveSync on the phone and voila, all is well. And if I lose the phone, I can do a remote wipe of all the data on it.

The Google Android is a joke as well. It is being hawked and pushed as the latest cool thing, but it is really a giant pain in the rear. I've had several clients that didn't bother to ask me about phones before they went and got a phone. They went to the store and the sales folks told them to buy the Android. They got the phone home and tried to setup email sync with the phone and in their words, "email chaos and destruction ensued". I haven't seen it with my own eyes, but the stories they told me involved some forced setup where you had to have a gmail email address and that would suck email from your regular email address into gmail and then deliver it to your phone. What?! That's just nuts.

I've had similar issues with iPhones. They just don't sync as seamlessly as a Windows Mobile phone. I don't really care what Windows Mobile phone you get, but if you get one, your email sync life will be easy as eating cherry pie. You set it up and it just works. I had a client with an iPhone who freaked out thinking that the email sync with her iPhone wasn't working. Indeed, when I looked at it, the real issue had to do with the fact that the iPhone doesn't sync email with the Exchange server. It simply waits for new email to be pushed to the iPhone. So she wasn't seeing all the existing email in her inbox and sent items. So I had to change the phone configuration entirely to be a pull from the server to the phone rather than to use the push technology where the server pushes email to the phone. This is just plain stupid. Why does that option even exist? Why can't you just specify to sync the folder and WYSIWYG (what you see is what you get)? This is the way that Windows Mobile works.

Oh yeah, did I mention that you have to have iTunes installed on your computer in order to update your iPhone? That's not the case with Windows Mobile phone. With Windows Mobile, you just download an independent updater and use that to update your phone. When you are done with it, you simply delete the file. This is the way that Windows PDAs have been for years. I can't stand it when you have to install some pig of a software package just to use a device. What if I don't want to pig up my computer with iTunes?

Regarding the remote wipe technology, I hear that iPhone has finally enabled this critical business feature. Windows Mobile has had it ever since the Exchange server could do such a thing. Android, who knows and who cares? If I have to funnel my email through gmail, how crazy is that. And it doesn't sync my calendar, contacts, and tasks like Windows Mobile.

Getting your cell phone hacked by texting is a whole other topic that I'll have to address in another blog post, but suffice to say that all phones are susceptible to that vulnerability. The only thing I don't like about Windows Mobile is that it doesn't allow you to encrypt the entire internal memory of the device. None of the devices do that yet. Windows Mobile does allow you to encrypt the memory card you put in it. I don't believe the iPhone has that capability yet based upon recent articles I've read.

The only tool I've seen that can encrypt the internal storage of the phone is Phone Crypt. I really love the feature that Phone Crypt has where it will totally encrypt your conversations and send them over the data channel. The limitation is that both phones need to have Phone Crypt. But if I was a corporate exec, I would want to have Phone Crypt for a couple reasons. #1 Secure my inter-company phone calls from the NSA and all other snoopers. #2 Encrypt the internal contents of the phone.

You have to realize that remote wipe feature only works if the phone is still online and checking in with the server after it has been stolen. If I was a criminal, I would immediately take the phone to a location where no cell signal could penetrate and then hack it. So it still has all the data on it. You also have to realize that all of the phones store your email, contacts, calendar, etc on internal storage. So it doesn't matter if the add-on memory card is encrypted. If that phone falls into someone else's hands, they can still get at all of your email, contacts, calendar, notes, tasks, and full call history. This is why we desperately need OS-level internal storage encryption for smartphones. Only Phone Crypt delivers that.

Also, Phone Crypt is the only realiable way to block trojans and viruses on cell phones. I have tried firewall and antivirus products made by the large vendors. I am not happy with any of them. For instance, I had Trend AV on my smartphone for a year, and then when the subscription came up and I decided to not renew, it blew away the entire configuration of everything on my phone. No kidding! Why would you want to use a product like that?

Bottom line is that I think the iPhone, Blackberry, and Android are all fake smartphones. The only one that really fits best for businesses and individuals that care about security and having a low total cost of ownership of their phone is the Windows Mobile platform phone.
_________________________________________________________________________________
Update on 6/11/2010
My friend Bethany who works with a lot of Unix servers emailed me that there is a product called Cyrus Imap and that it is very secure. She said that you can have the sync between the email server and the smartphone full SSL protected. I had never heard of Cyrus Imap. I did a project earlier this year where I tried to use Imap connection between an email server and Outlook 2007. I found out that Outlook 2007 requires you to use a PST file even if you are connecting via Imap. This is pointless in my opinion. If you are going to be forced to use a PST file, then what is the advantage of using Imap over POP3? There isn't one. So if you want to have the syncrhonized email functionality that Exchange provides, there really is no way around it. You have to use Exchange.

Bethany also pointed out that the Droid does an excellent job of synchronizing with Gmail email accounts and Google calendar, etc. I would expect that. But how many people are using Gmail accounts for their business? No one that I know. Everyone that I know is using email that has their business name domain. You don't really look like you are seriously in business if your email address is a yahoo or gmail account or something provided by your ISP. However, the Droid might be a good choice for a person who only wants personal use and connectivity to their personal Gmail account.

Bethany also had an interesting opinion on wireless. She felt that Windows Mobile doesn't work really well with wireless anymore. Every time I've tried the wireless on my Windows Mobile phone, it has worked. However, I don't do that very often and none of my clients do it. People don't want to mess around with trying to put their phones on different hotspots. This is why they buy the data plans for their phones. With the data plan, your phone just works. The connection is always there.