Microsoft has told workers in China to ditch Android and use iPhones – here’s why
Microsoft said it will buy employees iPhones to ensure they use verification or authentication apps when accessing corporate networks
Microsoft employees in China have been told they must ditch Android smartphones in favor of Apple iPhones over security concerns.
To be clear, Microsoft isn't suggesting that smartphones running Google's Android mobile operating system are inherently insecure. Instead, the swap to iPhones stems from China banning the Google Play store, limiting Microsoft employees' ability to download key verification apps.
Apple's App Store, however, is still available.
According to a memo seen by Bloomberg, Microsoft wants its staff to make use of its Identity Pass app and Authenticator password manager when accessing corporate networks, requiring access to an app marketplace.
The report said the move will impact hundreds of Microsoft employees in mainland China, though Microsoft will be supplying the new handsets.
Microsoft confirmed the move and motivation in a statement sent to journalists.
"Microsoft Authenticator and Identity Pass apps are officially available on the Apple and Google Play stores,” the firm said. “Due to the lack of availability of Google Mobile Services in this region, we look to offer employees a means of accessing these required apps, such as an iOS device."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
As other publications have speculated, it's certainly possible for Microsoft to side-load these apps or use local non-Google app markets, such as Tencent. But instead, Microsoft has chosen to simply buy iPhones.
Perhaps that's little surprise given Microsoft has closed its shops in the country, and is reportedly encouraging cloud and AI staff to relocate, amid worsening relations between the US and China.
Ilia Kolochenko, CEO at ImmuniWeb, said the move could also be due to lingering concerns about the safety of open source software products.
"I think this move may be at least partially triggered by the growing lack of Western confidence in open-sourced products, bolstered by the recent XZ Utils backdoor scandal," Kolochenko said.
Microsoft’s latest move to bolster security
The move fits in with Microsoft's wider efforts at securing its own operations under a plan known as the Secure Future Initiative (SFI).
First unveiled in November last year, with an update seen this May, SFI is in response to the "increasing scale and high stakes of cyber attacks," according to executive vice president Charlie Bell in a post in May.
SFI is essentially an effort by Microsoft to shore up security for itself and its customers under a secure by design, by default and by operations framework.
In May, Bell noted that was being expanded to include new priorities, among them protecting people and data using authentication and authorization tools, setting a target for all user accounts and applications to be protected via multi-factor authentication.
While Microsoft's shift from Android to iPhone in China is specifically to do with access to these verification apps, Android has long been a major target for hackers.
That's in part down to the open Android ecosystem — security risks can be introduced by the myriad hardware manufacturers, or by installing apps from third-party marketplaces, for example.
On the other hand, iOS has long been seen as more secure, partially down to Apple's more locked-down approach, not only manufacturing the phones itself but also constraining access to core code — though it's worth noting that no smartphone offers perfect security against hackers.
“In America, Apple has a better perception of security and privacy compared to Android, although it may not necessarily be true: a properly configured and hardened Android is much more secure than an outdated iOS device,” Kolochenko noted.
Regardless of the phone platform, apps are a key target for hackers, which may be one reason why Microsoft would prefer not to sideload its authentication apps or ask workers to use alternative marketplaces.