According to a Gartner study, the share of Android devices sold worldwide was around 86 percent in 2017. However, companies account for only a small proportion of this, as, according to Egnyte, around 83 percent of all mobile activities performed by employees are carried out using Apple devices. Many companies continue to depend on Apple for their smartphones and tablets because security concerns about Android, Google’s operating system, remain considerable. Without good reason, as Android devices are now very well suited for corporate use. With its Android Enterprise initiative, Android is now offering new functions that ensure greater security and scope for personal customization.
While the initiative initially struggled to gain momentum, with the rebrand from Android for Work to Android Enterprise and a renewed focus, Google is now meeting the higher security requirements of businesses – both for company-owned devices as well as for those that employees bring with them (BYOD).
This blog post reveals what new functions Android Enterprise offers and how companies that have previously relied on Android can switch from “Device Administrator” to the new system. If they wish to remain effective, this should be done urgently.
Android vs iOS: How are updates dealt with?Fragmented environment: Android is an open system that gives device manufacturers and app developers a great deal of latitude. The number of devices and apps is therefore correspondingly high, meaning that new updates and apps need to be customized for a large number of devices. This often means a long wait for updates that are then only offered for a limited period.
Clear setup: iOS, on the other hand, is a closed system that is available for a limited number of devices. Updates can therefore be offered faster and for a longer period, and apps can be developed more easily, allowing security gaps to be closed a lot faster.
Google collaborates closely with device manufacturers to identify devices that meet the high demands of businesses.
_Manufacturers choose to submit their devices for validation. Devices that comply are awarded the ‘Android Enterprise Recommended’ seal of approval. This shows companies that they are especially suited for corporate use and provides useful guidance_ Markus Adolph Founder and Managing Partner EBF
The seal is available for knowledge work and rugged devices. The latter is a category that Google has added in order to provide guidance to manufacturers who use mobile devices to digitalize their production processes.
Certified devices of both categories must meet minimum requirements with regard to performance, integrability and security. For example, they have to support Android zero-touch enrollment, i.e. the automatic roll-out of devices, security updates have to be made available within 90 days of release, and it must be possible for them to be managed using an EMM. Rugged devices also have to be certified for ingress protection and rated for drop testing as they need to withstand harsh conditions and security updates have to be available for a period of five years following the launch of a device. Read more about all requirements here.
Knowledge work devices that have received such approval include: BlackBerry Motion, Google Pixel, Huawei Mate 10, and Sony Xperia XZ2. Rugged devices that have received such approval include: DolphinTM CN80, Sonim XP8 and Zebra Technologies TC75x. You can find a complete device list in this link.
Rolling out mobile devices causes considerable work for corporate IT departments, as all the devices need to be configured to meet the company’s specifications, or employees need to be instructed and supported to do this themselves.
Android zero-touch enrollment enables smartphones and tablets to be automatically connected to an Enterprise Mobility Management (EMM) system that manages and protects them the very first time they are set up. This eliminates the need for manual software downloads, installation and registration. Administrators purchase devices from an authorized reseller who provides access to the Android zero-touch enrollment platform, where they establish a connection to the EMM, define the settings and specify the serial number of the devices.
_The device connects to the EMM as soon as the user boots it, allowing users to use the devices in the way the company intends within a very short space of time_ Ronan Murphy Managing Director CWSI
The Managed Google Play Store is a managed version of Google’s Play Store that can be integrated into an EMM. Here, administrators have complete control over the apps that are offered and can disable the ability to install apps from unknown sources by default. The Managed Google Play Store ensures only applications approved by administrators may be installed into the managed environment.
_This prevents any personal application being downloaded alongside corporate and protects against data leakage_ Thierry Lammers CEO BLAUD
Until now, it has been difficult to control Android devices via an EMM because a control app was needed - the Device Policy Controller. Its development was complex and time-consuming. The Android Management API, which is currently still in the beta phase, will help to manage devices in the future and to implement all functions and updates of Android promptly. Device Policy Controllers will continue to be supported in future as they offer a level of customization and flexibility for EMM vendors the AMAPI solution does not.
Android devices can be used as payment terminals, digitals signs or informational kiosks. To control these devices, companies can use the kiosk mode, which makes it possible to lock an app to the screen. Before Android Pie, only one app could be locked to a device and a custom launcher was needed to switch between different apps.
The new kiosk mode enables IT admins to lock multiple apps to a device and to switch between them with the help of a dedicated launcher. And it also allows IT admins to limit access to device options, to block error messages when the kiosk mode is turned on and to customize the user interface (including the ability to hide the home button, the power button etc.).
Businesses that already deploy Android devices generally use “Device Administrator” to manage their devices. This will only be supported until Android Pie which has already been available on Google Pixel devices since August and from now on also on first Huawei devices. However, not all functions – such as the compulsory password – will still be available in the subsequent version (Android Q 10.0), announced for 2019, and important applications need significant adjustments.
_We therefore recommend that all companies should plan to migrate to Android Enterprise in good time as it will no longer be possible to manage them via an EMM as soon as Android Q 10.0 becomes available_ Philipp Klomp Founder & CEO Nomasis
Google has therefore significantly improved its offering for companies with its Android Enterprise initiative, gaining ground in terms of security.
Expert recommendationMigrate from Device Administrator to Android Enterprise preferably before the end of 2018 to continue to be able to use all functions and to make necessary adjustments in good time. I need migration support
_Android devices can be deployed in companies without any concerns, provided they are managed appropriately_ Ulrik Van Schepdael CEO Mobco
This development is good news for businesses, as they can now choose from a substantially larger number of mobile devices that are sometimes significantly cheaper. This means that the right device can be found for every requirement. And the “Android Enterprise Recommended” seal of approval provides excellent guidance.
Please contact us if you would like advice on the deployment of Android devices or assistance in switching from Device Administrator to Android Enterprise.