Modernize Your PKI → Optimize Productivity → Reduce Risks    |Here’s how to replace Microsoft PKI with EJBCA

Shocked by an Android

Stunned is the word for it. There I was getting to know my new Samsung Galaxy Tab 2, a tablet running Android 4.0 (Ice Cream Sandwich). I configured the built-in Exchange ActiveSync client (using certificate-based authentication, but that’s a discussion for another day) and was browsing around the interface when I spotted an oddly familiar-looking icon. “Hmmm,” I said, “I wonder what that button does.”

So I pressed that button, and what did I see? A message saying “Refreshing IRM templates… .” Then, a moment later, there appeared before my eyes a dialog box in which I could select which of our custom rights policy templates I wanted to apply to this e-mail message (along with the built-in Outlook standard of “Do Not Forward”).

Yes, that’s right ladies and gentlemen, the Samsung Galaxy Pad 2 not only natively supports Active Directory Rights Management Services (AD RMS) in its Exchange ActiveSync client, it supports applying AD RMS to an e-mail message on the tablet. I hope the new Windows Tablet coming out this fall has similar AD RMS features.

I did a bit more testing to confirm that I could also read rights-protected e-mail messages on the tablet and that the rights were appropriately restricted for rights-protected messages. Here you can see two e-mail messages sent to the same group of users, including my user–one rights protected and the other not. You can see that the rights-protected e-mail message is missing the Reply All and Forward buttons that are available on the non-rights-protected e-mail message.

I checked with some other users of Android-based devices running Ice Cream Sandwich and did not find any others that natively support AD RMS. Android tablet vendors customize the OS to meet their own requirements, and the Exchange ActiveSync client is one of those bits that is heavily customized. It’s possible that all Samsung devices running Ice Cream Sandwich include this feature, but I don’t know.

So, readers, do you have an Android-based device running Ice Cream Sandwich? Give the native Exchange ActiveSync client on it a look-see and report back on whether you find AD RMS snuck in there.