The burgeoning mobile device management (MDM) sector is living on borrowed time in its current state, and a reckoning will occur when Google decides that it is time to shore up Android, according to chief marketing officer at cloud security company Webroot David Duncan.

Duncan, a former cryptologist with the NSA, said the main question is whether Google will do what Microsoft did a decade ago, and move its operating system to a more secure model.

“When we think about the analogy of PC and mobile devices, Microsoft did very little for a long time,” said Duncan. “So companies like Symantec and McAfee really grew up to solve the problems and inherent weaknesses in that platform — there are a slew of security vendors right now in a category called MDM that are designed to solve the security weaknesses built into that platform.

“But one has to wonder how long Google is going to continue to allow this to occur, when do they have their ‘ah-ha!’ moment that says, ‘we need to provide a more secure infrastructure for our customers’? I think that is the key question.”

When that change is made, Duncan foresees major change for vendors in the mobile security space.

“I think we will see a lot of the MDM vendors will consolidate, crash, go out of business, they’ll cannibalise each other, and then they’ll have to come up with something different in terms of how they protect these devices,” he said.

Duncan also sees a need for the overhauling of permission systems found in many mobile ecosystems, and the lack of willingness from users to spend big on apps, which tempts developers to earn money by fetching personal data from users.

“When you look at most of the mobile apps, you accept the application and its privileges settings, and there is very little ability for you to customise those settings, so you either agree or disagree.

“App developers are trying to monetise their apps, because remember, most of these are being sold for $1.99 or they’re free, so the only way that they are going to make money is collecting and harvesting data, and selling it to a data house, who in turn is going to sell it to advertisers.

“If instead, users were willing to pay $4.99 for an app, and had more ability to understand privileges, and had the ability to deselect those, app writers wouldn’t be as motivated to just collect all this information and try and sell it.”

While Webroot has security programs available for Windows, Android, Mac, and iOS, the company does not have a security app for Windows Phone. Duncan said that once the company sees Windows Phone market share in the “single digits, low teens”, and a number of threats targeting the OS, it would then release a product.

“Using the PC as the analogy, when the Mac held a 6 to 8 percent market share, there wasn’t any malware for the Mac. When the Mac got into the mid-teens, suddenly there was malware for the Mac.

“There is a threshold there where the malware writers feel like they can monetise and make some good return on investment to go after that group of users, and that is the point where we have to go look at it seriously.”