Apple’s iPhone and iPad have long ruled the enterprise, with high market shares in every survey. Apple’s iOS devices were the first post-BlackBerry device to take enterprise security and management seriously, and Google was slow to follow suit in Android.
But in recent years, Android has become much more securable; last winter Android 5 Lollipop’s Android for Work capability was a particular turning point. (Android 6 Marshmallow, released last fall, had fairly minor enhancements.) Det new Android N, which debuted in developer preview last week and should start showing up in user devices in late 2016, pushes the enterprise focus even more. In fact, in some aspects, its version of Android for Work goes much further than Apple does in iOS 9.
Google has published descriptions of the new Android for Work APIs that Android N will support, and they give IT managers a good view of what mobile management tools vendors such as BlackBerry, MobileIron, Soti, and VMware will support in Android N.
More differentiated control over the work container
The biggest set of changes involves letting the Android for Work container — where enterprise apps and data reside — be managed separately from the rest of the device in several new areas.
For example, users can turn off location tracking for that work container, so their companies can’t track their personal location patterns. Users can turn off the work container, such when at home or on vacation, so work apps can’t interrupt them with notifications and won’t use their network bandwidth (because data syncing is turned off as well for those work apps). I sure wish my iPhone and iPad could disable my work notifications while I’m on vacation!
On the enterprise side, IT can set up separate password policies, as well as passwords, for the device and container, so if an employee’s device password is compromised, the work container is still protected by its separate (and perhaps more complex) password. IT can even set a challenge-response question in addition to the password for that work container. And IT can selectively suspend apps in the work container, so users can’t access them for whatever reason, such as when temporarily reassigned or on leave.
Greater security and management controls
Other Android N enhancements related to mobile security include the ability to force an always-on VPN connection and to better detect whether a device has been compromised, such as through installation of a hacked OS.
On the management front, Android N brings several new capabilities:
- Support for multiple certificates on the same Wi-Fi network
- The ability to lock down the lock screen’s image, such as to assure use of a corporate logo
- Remote reboot of a device
- Control over whether personal apps can access work contacts and to set up a separate work dialer that only dials work-related phone numbers
- Remote access to enterprise log and bug reports
Making Android work more like Windows
“Android is moving to a more traditional, Windows-like experience,” says Imran Ansari, a product manager at mobile management provider Soti.
An example in Android N is the newfound support for multiple windows, both to run multiple apps and to run multiple windows in the same app. Samsung has had a similar capability for a while on some of its devices, though it’s been problematic. And Apple’s iOS 9 supports a basic form of multiwindowing on the iPad.
The multiwindowing feature in the first developer release of Android N is nearly as primitive as that in iOS 9 because apps are restricted to split-screen views unless specifically designed to have resizable, floating windows — and no such apps yet exist. (To use iOS 9’s split-screen mode, iOS apps also had to be designed to do so.)
The differences between iOS 9 and Android N are that iOS 9 supports only two apps in its split screen and doesn’t allow for resizable, floating windows. In the first developer version of Android N, you can view existing, unmodified apps in split-screen mode, but working in an app’s window causes it to resume using the full screen, hiding the others.
For enterprises, this multiwindow capability is key because it lets people multitask in a more familiar way, as well as allowing users to see several panes of data on one screen.
Ansari says not all enterprises will want multiwindow capabilities enabled, especially for smartphones and tablets used as kiosks or dedicated-function devices (such as a retail payment terminal). Although Google hasn’t announced any API to disable multiwindowing, he suspects the company will before Android N’s final release. If not, companies such as Soti will look to offer their own ways to provide a control.
For many organizations, a big desire is for multiple user accounts, similar to what is offered by Windows and OS X — but not iOS. Although the forthcoming iOS 9.3 is supposed to add some user-account controls, it appears restricted to educational users.
Last year’s Android Marshmallow brought support for multiple user accounts (well, actually multiple user profiles), but not in the way enterprises ultimately want. So far, Android N doesn’t change that.
For example, in Android, additional accounts are children of the parent account, not truly separate accounts. “I think they’re moving to that multiuser framework in Android N, but it’s still very much device-level management. Chrome OS more strongly supports a true multiuser account,” Ansari says.
There’s also the issue — which also exists in iOS — that Android ties user accounts to Google accounts, which is problematic for many enterprise uses, including for devices used as kiosks or by multiple employees, such as shift workers. Mobile management tools can help manage these accounts, but the underlying tie-in remains.