Modern Mobility

Mail, calendar, contacts: Is that all there is for enterprise mobile apps?



Understand Android for Work features and challenges

Google hasn't had a great track record when it comes to enterprise security and management capabilities on its Android OS, but Android for Work changes all that.

Android for Work is a revolutionary step toward easing Android enterprise management and curtailing fragmentation.

A mobile device management and data separation framework, Android for Work debuted in Android 5.0 Lollipop. As with Android in general, there are still challenges and exceptions to its many benefits.

Android had virtually no enterprise management features until Android 2.2 introduced the Device Administrator API in 2010. Using the API, enterprise mobility management (EMM) vendors could build agent applications to enforce basic policies, perform remote wipe and, in later versions of Android, require encryption. More advanced enterprise features were left up to individual device manufacturers, who could add their own Android management APIs. Samsung took the lead with its SAFE and Knox devices.

The resulting variety of management options created a fragmented marketplace. In some cases, such as with corporate-issued devices, companies can standardize on one particular device. But for companies that allow BYOD and have heterogeneous environments, fragmentation can cause management headaches.

How it works

Google announced Android for Work in 2014, and it arrived in stages with Android 5.0, 5.1, and 6.0.

Android for Work features what's known as a work profile on a device -- a segregated, managed environment. A work profile still allows EMM agent apps to have some basic control over the entire device -- usually limited to lock screen and encryption policies. EMM agents also have complete control over enterprise data within the work profile. They can install apps, user accounts and credentials, configure VPNs and change settings inside some apps.

To prevent data leakage, apps in the work profile can't communicate with users' personal apps, and corporate accounts and credentials that the EMM agent installs are only available in the work profile. Even though work apps and data are separated from personal apps, Google has done a lot to ensure a smooth user experience when going back and forth between the two. Personal and work app icons appear alongside each other on the device's home screen. Notifications all show up in one stream. And all recent apps appear in the task switcher view. Work applications and notifications feature a small badge icon that differentiates them.

Android for Work features also include device owner mode, which locks down devices that multiple users share or that function as kiosks, information displays or embedded devices.

To prevent data leakage, apps in the work profile can't communicate with users' personal apps.

For older devices that don't have Android for Work capabilities built into the operating system, Google offers the Android for Work App. It's similar to other specialized enterprise-oriented container apps: All the security and management features are built directly into the apps themselves, since they're not available in the operating system. Google offers an array of basic productivity apps that have similar built-in security and management and can securely communicate with the Android for Work App to prevent data leakage. Third-party apps must be specially modified to have these features.

To complement Android for Work features and provide additional support for enterprise mobility needs, Google also launched Play for Work. Play for Work is an offshoot of Google's main app store that organizations can use to purchase Android apps in bulk. It can also host and distribute in-house enterprise apps.

There's still work to do

Because Android for Work is part of Android itself, it should help reduce fragmentation by eliminating the need for device manufacturers to create their own proprietary management APIs.

Some Android devices don't receive regular operating system updates, however, and supporting Android for Work isn't mandatory. As a result, the hardware compatibility list for Android for Work is still limited. Most high-level devices from top manufacturers such as Samsung, HTC, Motorola and others support Android for Work, but many cheaper or less-popular devices don't.

Android for Work also requires EMM vendors to build their own agent apps, so features can vary between vendors. Some don't support the Android for Work App, for example.

Most importantly, Android for Work is just a software framework, and there are many variances in hardware configuration. Government certifications for regulated industries are often based on specific hardware requirements and devices, so those types of companies will still need to rely on specialized products, such as the Samsung Knox line.

Despite these caveats, Android for Work will bring better and more consistent capabilities where they were previously lacking. It's the biggest enterprise advancement Android has made.

This article originally appeared in the March issue of the Modern Mobility e-zine.

Article 3 of 8

Next Steps

Learn how Android for Work makes the OS more enterprise friendly.

Understand how dual persona improves Android security.

Find out whether you should root an Android device.

Dig Deeper on Enterprise mobile app strategy