Today, many enterprises' IT departments prefer Apple iOS over Google Android because of Android's open platform,...
which can be more susceptible to malware and other attacks. But this doesn't mean the iOS 8 vs. Android 5.0 competition is over before it's even started.
IT may not love everything about iOS 8, but at least it provides a single, homogeneous mobile operating environment for IT to support, resulting in relatively few laggards who require special handing. In the meantime, Google has worked determinedly to quell IT's concerns over Android security and management issues. As a result, their Android 5.0 Lollipop has since made big inroads into enterprise mobility management. That should begin to shift IT's perception of the Android platform.
IT loves uniformity
One more thing Apple has in its corner is the large population of users who have upgraded to iOS 8, creating a more uniform management experience for IT. At least 77% of iPhones have already upgraded to iOS 8, creating a large, yet uniform population of Apple-manufactured devices to activate, provision, manage and monitor. By comparison, only 3.3% of Android smartphones and tablets now run Android 5.0, and the relative scarcity of devices capable of running the Lollipop operating system will continue to hinder uptake.
So what's causing the holdup? Samsung, HTC, Motorola, LG and other original equipment manufacturers (OEMs) typically make their own tweaks to Google's OS before making new firmware available, and it's not uncommon for OEMs to permanently strand some device models on an old OS version. That all means that IT isn't tasked with supporting a single version of Android, as with iOS; it's tasked instead with supporting dozens of smartphones that run variants of a particular Android OS.
Google's rollout of the Android for Work platform has improved this situation slightly by creating a managed-container environment for corporate apps that offers the same management features for all compatible devices. Still, Android for Work is only native to Android 5.0. Older devices stuck on one of the Android 4.0 to 4.4 versions are required to run Android for Work as an installed application. But even if a device does run Android 5.0, IT still has to contend with pesky OEM-specific hardware features; for example, some devices will run Android 5.0 but not Android for Work due to their lack of hardware encryption support.
Device control and automation
Apple, for its part, has been working to win IT over ever since it introduced native mobile device management (MDM) application program interface (API) options in iOS 4 -- giving IT over-the-air control over iPhones and iPads. These MDM APIs continue to grow in depth, breadth and maturity, and many third-party MDM products can both enroll and configure iOS 8 devices and their apps.
Similarly, the Apple Device Enrollment Program (DEP) provides fully-automated MDM enrollment and configuration of company-purchased iOS devices. The Apple DEP can also prevent users from removing pre-installed MDM controls. Apple devices under bring your own device (BYOD) still require user participation in the enrollment process, but many IT departments have a good grip on how to provide lifecycle management for iOS 8 devices.
Android 5.0 is essentially playing catch-up around MDM -- just now adding native MDM APIs that enable remote control of third-party MDM products through Google's Device Policy Client app. Third-party MDM services have long been available for Android devices, but Google did not provide enough Device Administration APIs for them to be all that effective.
With Android for Work, Google made it possible for a modest but growing set of third-party MDM products to bulk-enroll and configure work profiles. IT uses those work profiles to govern an encrypted container holding the organization's business apps, documents and other data. Unlike native iOS MDM, this Android for Work container is visually and virtually separated from everything else on the device, drawing a bright line between what IT can and cannot control.
Companies that prefer not to use third-party MDM can still manage iOS 8 and Android 5.0 devices using Microsoft's Exchange Active Sync (EAS) -- although IT should again look out for Android OEM particularities that could complicate management via EAS. Apple still supports the standalone Apple Configurator for administering workgroup iPhones or iPads while Google likewise maintains support for both Android Device Manager and Google for Work.
In addition, many Android OEMs provide their own management services, such as Samsung Knox. However, companies that want Android for Work must now buy into third-party MDM and complete an online Google enrollment process that involves modifying their company's website or domain name system settings to prove domain name ownership.
Managing apps on iOS and Android
As smartphones and tablets become more mainstream, IT faces the challenge of not just controlling and safeguarding mobile devices, but also harnessing their ability to streamline business processes. Mobile application management (MAM) plays a critical role in that, helping IT deploy, monitor and maintain company-required or recommended apps.
Apple added native MAM support to its mobile OS back in iOS 4, so it had a big head start over Google. With iOS APIs and a third-party MAM service, IT is able to safely deploy both public Apple App Store and enterprise apps. Apple's Volume Purchase Program is another handy resource, allowing IT departments to purchase and administer paid app licenses to managed devices. Meanwhile, IT can also use application profiles to provision apps, and iOS 8 even supports a per-app virtual private network (VPN), letting IT control which apps can connect to a corporate network.
Third-party Android MAM products already exist, but Android for Work introduced native MAM. As a result, IT must enable each application deployed into the Android for Work container; users cannot install their own unmanaged apps into that container. Additionally, Google Play for Work allows IT to create its own managed app store and identify Play Store apps to auto-install or suggest for users. Android for Work also includes secure productivity and privileged identity management apps, which help to monitor and protect superuser accounts. Finally, Android for Work lets IT configure app settings including rules that require or block corporate VPN use.
Ultimately, the iOS 8 vs. Android 5.0 comparison isn't as one-sided as in previous iterations of the OSes. Android 5.0 demonstrates that Google is moving in the right direction to address an enterprise's IT wants and needs, although it still lags behind iOS 8 in overall maturity. IT may continue to prefer iOS for now, but it just might be time to start thinking about Android as a serious contender for enterprise-class mobility.
Learn more about Android for Work
Dual persona can help with Android security
How the Apple DEP helps with MDM
MAM features in iOS 8 secure corporate data