Modernizing Authentication — What It Takes to Transform Secure Access
If there isn't already a proverb to the effect that someone's greatest strength is also their greatest weakness, there should be. A prime example in the enterprise is mobile devices like smartphones and tablets. Their mobility has spawned a veritable computing revolution. Yet that mobility also creates a number of vulnerabilities.
All of today's mobile devices possess accurate location awareness. Although we often use the word "GPS" to describe any kind of location tracking, actual GPS is only one of the methods used by modern devices to determine their own locations. Mobiles also rely on the known locations of cellular towers they are associated with, as well as any Wi-Fi network to which they may be connected. But calculating location can be a drain on battery power, which becomes a factor when we look at ways to keep track of mobile devices.
Although the term "tracking" can have nefarious overtones, there are many legitimate reasons for a business to keep tabs on the location of mobile devices:
- It was lost. Probably the single most common use for tracking location, lost mobile devices can represent serious security concerns for any organization. They might contain corporate emails, logins, and other sensitive information.
- It was stolen. Like being lost, but in this case tracking information might be used not only for finding and retrieving the device but finding and prosecuting the thief.
- Workforce management. When mobile devices are used by employees in the field, location data can help a company fine-tune efficiencies. For example, the data may reveal that too many field personnel are in one area while not enough are in another.
- Rules enforcement. Due to the sensitive data they may contain, a business may want to restrict where employees or other workers like contractors may take company-owned mobile devices.
- Customer service. Using mobile device location, a company like a tow truck service can dispatch the closest field worker to a customer, improving response time.
- Investigations. Mobile device locations could reveal suspicious activity like corporate espionage. Suppose a company's device was often tracked to a location at a competitor's workplace, for instance.
Finding iPhones and iPads
Most Apple users are familiar with Find My Device, Apple's iCloud-based location service. This finder service can be useful for spot checks, such as finding a lost phone. Find My Device can also remotely lock or wipe a phone, allowing its owner to secure it against data loss. But there are limitations, too.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Find My Device requires that the mobile device be logged into iCloud. This means that the user must have signed up for an iCloud account and set up the phone to connect to it prior to initiating any tracking.
Because this service uses on-demand location tracking, the device is not regularly updating its location with iCloud. Therefore, if it loses its battery power or data connection, retrieving its last known location may be useless if that spot check took place hours, days, or months ago.
You can turn to a third-party app like GPS Location Tracker, which maintains an ongoing location log stored on the company's server. There, you can view a map of the device's travels. But note that this is not real-time tracking; the log is not literally live.
Looking for Android
Unlike Apple's own Find My Device service, Android does not have an "official" device tracking option. However, there are several creative third-party apps which not only provide location tracking but additional security features.
Popular desktop anti-virus vendor AVG has a free Android AV app which includes location finder and remote wipe-and-lock. Another free app, Locate My Droid, allows you to authorize multiple email addresses to view the location of a particular device.
But again, these apps must be installed in advance. If your device is already lost or missing... well, there is Plan B. This app can be remotely installed to an Android device from the Google Play Store (assuming the device is registered under your Google Play account). Once it installs, it send an email to the device's registered Google account with its location. Plan B literally is a last resort; it only works on certain versions of Android and even then, results can be erratic.
Real-time live tracking is available for Android, but its reliance on GPS means that it could drain the battery quickly.
Where is that Windows (Phone)?
Microsoft’s Windows Phone 8 is set up with a Windows Live cloud account. Unlike Apple's finder service, Windows Phone 8 users do not need to install an app. So finding the location of a Windows Phone 8 device is the most seamless option among mobile platforms. Using the Windows Phone website from any computer you can find, lock or erase a stray device. On the other hand, the Windows Phone app market is relatively small compared to Apple and Android, so options for third-party tracking apps with more features are limited.
Mobile Device Managers
Often, larger organizations deploy a mobile device management (MDM) solution to manage their coterie of mobile devices. MDM solutions centralize configurations and app installs across many devices and even across mobile platforms.
Some MDM products like AirWatch include the option of installing location finder apps to client devices. These can be effective in the same ways as the apps we've talked about already, but it's important to understand the limitations of MDM-based location tracking.
MDM-based location tracking relies on apps which can be undermined by the end-user, for example by turning off the GPS function. Depending on the MDM deployment, users may even be able to uninstall a location tracking app -- presumably, something a thief in-the-know would do. Finally, power consumption limitations still apply, which is to say that real-time tracking is not feasible unless the device is generally connected to charging power, such as in a field vehicle.
Aaron Weiss is a technology writer and frequent contributor to eSecurity Planet.