bloomua - Fotolia


How Nougat sweetens Android for Work security features

IT admins that are hesitant to support Android devices may change their minds with Nougat, which makes several security improvements, especially in Android for Work.

Android 7.0 Nougat features significant security improvements that make it compelling for enterprise use.

IT admins may find that some of the changes to improve Android for Work security, in particular, are long overdue, including always-on VPN and activity monitoring. There are also changes to Nougat itself to tighten mobile security, such as Verified Boot and kernel hardening.

Android for Work security

Up until Nougat, most Android security features applied specifically to the device itself; as long as it was secure, Android for Work was secure. In Nougat, IT can apply security features to an Android for Work app instead of just the device, which makes for an easier, more secure experience.

One of the most important Android for Work security updates is found within the VPN. Prior to Nougat, users would have to make sure to switch on the VPN to ensure safe transmission of data, even when using their work profiles. That step is no longer necessary. As long as a business supports always-on VPN, users won't have to do anything to enable the added security benefit.

Nougat makes it easier for users to enable or disable work mode.

Another addition to Nougat and Android for Work allows IT admins to require a PIN, fingerprint or password when a user launches a work app. If the user fails, the Android for Work app won't launch.

Nougat also updates the following Android for Work features:

Enable/disable work mode. Nougat makes it easier for users to enable or disable work mode, which separates corporate data from a user's personal data. If users pull down the notification shade, they will see a new work mode. Tapping that icon either enables or disables work mode. When work mode is off, an icon will display in the status bar indicating that Android for Work apps cannot launch.

Suspend work apps. Nougat now allows IT to temporarily suspend an Android for Work app; this could come in handy if admins discover a security issue in an app. To prevent users from working with an unsecured app, admins can suspend that app until the issue is resolved. The suspended app will appear in the app drawer as a grayed-out icon and will be unable to launch.

Remote reboot. If admins need to put a new profile or app on a device, they now have the ability to do so remotely.

Activity monitoring. IT can now monitor numerous types of activity such as app launches, Android Debug Bridge commands and screen unlocks. That means, should something suspicious occur, admins now have the means to investigate the issue.

Device owner granting and reporting. IT can also remotely trigger and retrieve bug reports for apps when things go wrong. Also, both corporate profile and device owners can grant and remove third-party access to client certificates.

Location permissions. One of the other new Android for Work features is the ability to disable location services for work profiles while leaving them on for personal profiles, which adds another layer of security for a work profile.

Test your Android security know-how

Android is a popular mobile OS among consumers, but its well-known security gaps make many businesses pause. Test your knowledge of Android's data security with this quiz.

New in Nougat

The newest version of Android, which Google released to just Nexus devices in August, brings five major changes:

Verified Boot: A new, strictly enforced boot system prevents compromised devices from starting up. Verified Boot also supports error correction to prevent issues caused by nonmalicious data corruption. That means Android 7 devices will always boot and boot safely.

SELinux: Nougat updates the Security Enhanced Linux, or SELinux, stack with increased seccomp (secure computing mode) coverage that further locks down the application sandbox. The National Security Agency developed SELinux; since Linux powers the Android kernel, the security enhancements in Nougat reduces Android's attack surface. Seccomp provides application sandboxing to heighten kernel and application security.

Library load order randomization and improved Address Space Layout Randomization: A random loading order for libraries and addresses makes it much more difficult for some code reuse attacks to succeed.

Kernel hardening: In Nougat, portions of kernel memory are read-only, which creates additional memory protection for newer kernels and restricts the kernel from user space addresses, further reducing the platform attack surface.

APK signature scheme v2: Nougat introduces a new, whole-file signature scheme that improves the verification speed of the apps IT or the user installs on the device.

Android Nougat's improvements in security, performance and reliability translate well to Android for Work. Businesses that have been hesitant to migrate to Android for Work might want to take note.

Next Steps

Android for Work poised for the enterprise

Get to know Android for Work features

How Android Nougat boosts mobile security

Dig Deeper on Google Android operating system and devices