Bundling Security on Mobiles

Posted on March 31, 2008
Filed Under China Business, China Distribution, Malware, Mobile |

F-Secure is partnering with CSL, Hong Kong’s largest mobile operator, to offer CSL customers an integrated on-device protection and automatic over-the-air security update named F-Secure Mobile Security Service.

This user-friendly application contains a comprehensive set of security features to protect against mobile malware, viruses, spyware and other unwanted attacks which can transfer through mobile networks, Bluetooth, infected memory cards or and PC by data synchronization.

…CSL’s F-Secure Mobile Security Service will be available to all of CSL’s 1O1O and One2Free customers through a five-month free trial period from April 8, 2008. The service, which combines an integrated antivirus and firewall, will be pre-installed in Symbian Series 60 second and third edition smartphones, Windows 6 Professional PDA and Sony Ericsson UIQ devices.

Smartphones are not only the next big gee-whiz information and communications technology expected to be embraced by the digitally literate with a disposable income, they’re also a burgeoning target for hackers. The extended concept of the “digital wallet”, where the mobile phone is used as a payments platform, is already attracting digital pickpockets.

So it’s no surprise that as smartphones have spread security vendors have released solutions for the most popular OS’, Symbian and Windows Mobile. The eventual size of the market will easily dwarf the number of PCs in the world and the vendors are thankful that the hacking community is going in the same direction.

In terms of distribution, as goes bundling on PCs, so goes bundling on smartphones. The difference is that with mobiles it’s the service provider rather than the manufacturer that’s the usual interlocutor for security firms. F-Secure is bundling its software with smartphones sold and/or distributed by CSL. As with PCs, bundling is aimed at consumers, not businesses.

In interesting exception was Trend Micro’s deal with Sina a couple of years ago. Trend Micro had been the anti-virus provider for Sina’s online email service. The companies went a step further and partnered on selling Trend’s mobile security solution to Sina users. The companies have ties via a marriage between Trend’s CEO and the former co-chairman of Sina’s board. This drew a since-settled SEC investigation into insider trading, but that was resolved.

McAfee has a different view of mobile security. Their global marketing supremo, Jan Volzke, in vnunet:

…it would be nearly impossible to get consumers to install security software onto handsets because of the way they are set up.

“You can do this on the PC because Microsoft opened up the software,” he said. “But there are too many with mobile. Say you have a Motorola Razr: you’ve got no way to put security software on there at all as a consumer but the operator could do it.”

He said that McAfee’s latest consumer study into mobile security showed over half of all consumers wanted this approach and nearly 60 per cent thought that it should be the network operator’s responsibility anyway.

While some smartphone platforms would be able to install and run anti-malware software he said that was a tiny percentage of the market.

“F-Secure can take smartphones, we’ll take 90 per cent,” he said.

While Mr. Volzke was prognosticating a month ago in Barcelona, F-Secure was working the deal with CSL in Hong Kong. I guess his 90% just got knocked down a bit. He’s right in pointing out that consumers would rather have their provider take care of the problem, but he’s wrong that only a “tiny percentage” of smartphones can run security software. Symbian and Microsoft are the dominant smartphone platforms, both allow users to install and configure software on their devices.

Smartphones still have a long way to go before they surpass mobile phones, so much of this discussion is still academic. But security is already an immediate concern, whatever the platform. Businesses, in particular, require a basic level of security assurance before allowing remote access into company resources. Bundling may work in the consumer market, but businesses will be drawn to solutions that can integrate with an existing security infrastructure. That bodes well for companies that sell an installable and configurable solution, such as F-Secure.

Bundling via the provider is an effective way to get more customers and ultimately sell more licenses. But it also draws the vendor into the competition between a market’s mobile operators. Instead of selling to consumers the vendor must negotiate terms with a mobile operator and hope for the best.

It’s great if you can work a deal with China Mobile (no one has), but not so great if, like McAfee, you work a deal with China Unicom (no one cares).