Mr. Hyde's Bloody Deeds

Split-personality syndrome in phones

Mobile handsets will soon start shipping with multiple personalities. But it's not a Jekyll and Hyde moment: it's the industry's answer for people who need more than one phone.

Can't make up your mind about which mobile operating system to go for on a smartphone? You're in good company. Nokia was faced with the same decision for months as it courted Google and Microsoft and dithered over the future of its own MeeGo and Symbian platforms.

Just before the Mobile World Congress (MWC) in February, the company decided to burn its boats and pick Windows Phone 7 as its primary platform. However, Nokia CEO Stephen Elop said at the deal's announcement that, with 200 million Symbian users around the world already: 'We will ship 150 million or more Symbian devices.'

Nokia will keep the product lines separate and even ship a solitary MeeGo-based device in the near future 'as an opportunity to learn about the innovation we have done with the user experience'.

Nokia need not have made such a rigid choice. At the company's user conference in 2009, VMware CTO Steve Herrod asked: 'There is such a huge diversity in operating systems. Why is it that I have to buy a specific device to run certain applications?'

Dual boot

VMware demonstrated a prototype handset at VMWorld that would run Android applications on a mobile phone designed for Windows Phone 7. A version of Android was running in a virtual machine alongside another that contained the Windows software. Underneath was a version of the company's virtualisation software that worked out when and how to run the code in each virtual machine.

Now, handsets are beginning to appear in the shops that let users experience two or more smartphone operating systems. You have to reboot Viewsonic's V350 to switch it from Windows Phone 7 if you are feeling curious about how Android works, which will take time. But other handsets are coming that will let you mix and match smartphone personalities on the fly. Late last year, for example, VMware signed a deal to supply virtualisation software to handset maker LG.

Mark Kokes, HTC America's expert in multimedia platforms and technology, believes the killer application for virtualisation – from a user's rather than a vendor's perspective – will be security rather than curiosity about other operating systems.

'We have been conducting joint research with the University of Illinois. They've found that the probability of an attack on a mobile phone has increased by 40 per cent over just the past few months,' he says. 'The problem at the moment is that security is appended rather than built in from the ground up.

'My personal perception is that there is a real opportunity in this space around security. Today, RIM is the only organisation that owns an end-to-end security experience.'


Concerns over the security of mobile handsets led to the creation of the 'ObamaBerry', a supposedly hack-proof custom version of a RIM BlackBerry developed for US president Barack Obama that carries an estimated $4,000 price tag. Obama is far from alone in wanting a secure version of a consumer device.

A senior engineer at a US military contractor said last year at a seminar organised by Green Hills Software, a specialist in RTOS and development tools: 'Officers are turning up with iPhones saying: 'I want this; you make it happen'. We want a way of upscaling consumer-level phones to top security.'

Steve Subar, CEO of virtualisation software provider Open Kernel Labs, claims: 'If you want something like an ObamaBerry now, you can take a phone and reflash it with our software. You can have the full capabilities of a full smartphone but, even if there is malware, the secure portion is practically impervious to attack.'

It's not just officers who want to use consumer-oriented operating systems, says Green Hills CTO David Kleidermacher, who points to the more complex secure radio communications and interception systems being developed for field operations.

'We are seeing demand, at least in some form factors, for an Android user interface,' he says. 'Historically, something like Android would be a no-no. The government would say: 'This is a bad idea'. Android is not a trusted operating system and would be disallowed. But if the main system is controlled by a trusted operating system with Android used just as a GUI, that can work.'

Critical functions, such as the command to scrub encryption keys if there is a danger the unit will be picked up by an enemy, would remain in the RTOS running alongside Android. The virtualisation layer is used to coordinate communication between the two platforms. 'You don't want to trust something like zeroing keys to Android,' says Kleidermacher.


Green Hills president Dan O'Dowd cautions against putting too much faith in the concept on its own: 'Secure virtualisation - some people think that is a tautology. Originally, virtualisation was proposed as a way to consolidate server computers. Now it is being promoted as the be-all and end-all to security. You can take all these bug-ridden operating systems and put them into a secure virtual machine. It's a great plan – if the virtualisation system is secure. It's not; it's the other way round. You need to add security to make virtualisation secure.'

Where virtualisation has an advantage in security over an application-oriented operating system, says O'Dowd, is that there are fewer ways to attack it and it can have direct hooks into processor functions that enforce a clean separation between the memory spaces used by different operating systems running on top of the virtual machine.

'You must have separation. Everyone sees virtualisation as solving the security problem but unless you have secure separation on the silicon itself you can't achieve that,' says O'Dowd.


However, if the virtualisation layer can be made trustworthy, it then makes a suitable home for software that defends against attacks launched across the network, or that scans downloaded applications. Subar adds: 'If you consider what usually gets focused on in enterprise security, such as antivirus software, that is sitting today on an untrusted operating system.'

The enterprise is where companies such as Green Hills and OK Labs are now looking. If the virtualisation system can enforce a clean separation between a security layer and the application operating system, it can do the same for two different application operating systems.

'What's happening here is the consumerisation of IT,' says Subar. 'It's going from locked-down corporate laptops to bringing employees' own devices to the network.

'Today, you can get separation by getting two devices, with one running in the business domain and the other as a personal device. But that doesn't work well for the employee who has to carry them around,' Subar adds.

Two contracts?

OK Labs launched its offering for enterprise users at MWC last month. 'It will be available to enterprises to license, just like other software,' Subar claims. 'They will be able to add it to the device and we are working with the carriers and OEMs to implement it.

'The handset makers have grabbed this by the horns: they are looking to sell at the high end of the product line where they get the better margins. And the carriers are salivating over the possibility of having two contracts per device.'

The operating systems could be different, for example using Windows on the enterprise side and Android on the user side, or simply different installations of one. 'We know that the hottest job in enterprise right now is writing Android apps,' says Subar.

A final opportunity for split-personality cellphones is among tech-savvy consumers who want to run the latest version of an operating system such as Android but find that their carrier does not officially support it. Installing a second personality would give them access to the new applications without the carrier having to give up control over the core software.

The question is whether carriers will officially support this approach or regard it as a form of jailbreaking.

'Some operator programmes are very rigid, as in North America. But in China most handsets are purchased in the market and then you, in effect, bring the operator to your phone. The operator may have a concern over the changes – and reliability and security are a part of that – but they have a lot less control,' says Subar.

Owning the interface

If virtualisation moves from the enterprise to the mass market, carriers and handset makers will consider their overall strategy before supporting it. It is hard to imagine Apple officially supporting the ability to run Android on an iPhone.

Nokia's Elop believes the company's future lies in picking one smartphone platform and sticking with it and says he avoided doing a deal with Google for Android because he was worried about commoditisation.

'Owning the interface is where Apple wins and where Nokia struggles. Everybody is looking to achieve the same feat as Apple,' says Kokes.

He argues that the security improvement offered, at least in principle, by virtualisation can offset the commodisation of handset hardware that the ability to mix and match software platforms on top implies, and that it provides a way for handset makers to compete on features.

Kokes adds that virtualisation is hardly a big shift in strategy for many of the hardware suppliers: 'Handset vendors have, for the most part, adopted a multiplatform strategy.'

The number of people who wind up with a split-personality phone will depend on whether the handset makers want to promote the idea beyond the corporate realm.

Further information

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them