Tag Archives: Android enterprise

OEMConfig supports enterprise device features

Android’s flexibility helps device manufacturers build diverse form factors with useful features to address a variety of business needs. But consistently delivering hardware options to organizations can be difficult because enterprise mobility management (EMM) providers often struggle to quickly support management for all these capabilities.   

To solve this problem, we’re launching OEMConfig, a new Android standard that enables device makers to create custom device features that can be immediately and universally supported by EMMs. Instead of integrating enterprise APIs from each OEM to support their custom features such as control of barcode scanners or enabling extra security features, EMMs can easily use an OEM-built application that configures all of the unique capabilities of a device. 

OEMConfig utilizes a feature in Android Enterprise called managed configurations, which allows developers to provide built-in support for the configuration of apps. With OEMConfig, EMMs can support all of a device manufacturer’s diverse set of controls without any incremental development work on their end.

Earlier this year, Samsung declared early support for a preview version of OEMConfig, publishing a Knox Service Plugin (KSP) app that enabled EMMs to support Knox Platform for Enterprise features. Since then, we’ve built out the final pieces of architecture to make it even more useful for customers and EMM partners. These include:

  • An enhanced schema with four-level nesting, to present complex policies to IT admins in a structured format

  • An update broadcast to instantly inform OEMs when policies have changed

  • A feedback channel to confirm the result of policies applied on the device

OEMConfig will continue to unlock more enterprise capabilities for business customers in a consistent manner, helping organizations move faster and go further in achieving their business goals. We’re excited to see what our customers will be able to do when they harness all the flexibility and innovation our ecosystem provides. 

More information for OEMConfig can be found here.

Next steps for enterprises transitioning to modern Android management solutions

Android Enterprise is the modern solution for managing devices that employees use for work, so that they can have flexibility while remaining productive. Android Q will be an important milestone for organizations transitioning from Device Admin-based management to Android Enterprise’s advanced management features, such as separation of work and personal data through the work profile, quicker enrollment, and tools like managed Google Play.

What’s changing in Android Q

When the final release of Android Q is available, the following APIs that were marked as deprecated in Android Pie will be removed entirely: password enforcement, disable camera and disable keyguard. 

The exact impact will vary for devices depending upon which Android API level the Device Policy Controller (DPC) targets. Here are some details:

  • On devices targeting Android Q, both admins and users won’t be able to use the features tied to the removed APIs.

  • On devices targeting Android 9 Pie, affected APIs will show in the device logs, although users won’t see any specific notifications.

  • On devices that run Oreo or below, there will be no impact. 

How to prepare

We have several resources to help organizations make this transition as smooth as possible. The Android Enterprise Migration Bluebook is a guide for IT managers who want detailed steps and best practices for moving from a legacy Device Admin deployment to Android Enterprise. This walkthrough video also outlines many of these key concepts for this transition. We also recommend reaching out to your organization’s EMM provider for additional guidance on migration.

Enterprise app management made simpler with managed Google Play iframe

Managed Google Play lets enterprise organizations distribute and administer apps for their teams to use at work. By using managed Google Play, IT departments can help to reduce the security risks that come from sideloading applications. Admins can give their teams full access to the Android app ecosystem or curate just the right apps for getting the job done.

Managed Google Play iframe makes app distribution even easier, as IT admins can do so without leaving the Enterprise Mobility Management (EMM) console. The iframe has tools for publishing private and web apps, as well as curating public applications into collections. Admins can then configure apps and securely distribute them to their teams.

Google Play work apps

The managed Google Play iframe showing the Search apps page.

To help users find the apps they need, IT admins can now group whitelisted Android apps into “collections” that users can access from the managed Google Play store on their device. For example, admins can create a collection for frequently used apps or one for apps in a category related to expenses. They can then change the order in which those collections appear and the order of the apps bundled in those collections.

Admins can now publish a private Android app directly from an EMM Admin console. Simply upload the APK and give the app a title. It will then appear in the managed Play store —  within minutes as opposed to the hours previously required by using the Google Play Console.

Admins can also distribute web applications to their managed Google Play store—these run in a standalone mode in Chrome and provide similar functionality to a dedicated Android app. The UI can be customized to fill the entire screen or show the device’s navigation bars.

Managed Play web apps

Admins can publish a web app for their teams and customize display elements.

Enterprise mobility developers can visit the Google Developers documentation to add the iframe to the console and get specifics on implementing app management, distribution, permissions, and other essential features. 

We recommend that customers contact their EMM provider to determine their support for the managed Google Play iframe. To get started with device management, explore the Android Enterprise Solutions Directory.

Banks find that investing in Android pays off

Banks around the world have been turning to Android to help them with a mobile-first approach for their organizations, backed by multi-layered security and privacy protections. Many banks and financial institutions are now deploying or trialling Android Enterprise solutions, which provide choice via a range of fully-managed devices as well as enabling BYOD programs.

Enhancing productivity with flexible, personal solutions

With Android, financial teams can adopt efficient working environments, both internally and externally as they work to deliver enhanced customer experiences. Ben Groeneveld, Director of Enterprise Mobility, Chat and Collaboration at the Standard Chartered Bank, explains how Android has helped employees work more productively by securely accessing corporate information on their mobile devices: “Android has enabled us to scale our mobility strategy so that employees can use their own devices knowing their privacy is protected, thanks to the Android work profile. We're able to rely on platform-level native security that meets regulatory obligations, and our colleagues can work more flexibly, knowing that their personal apps and data have been kept separate and private.”

Yorkshire Building Society (YBS) is the third largest building society (similar to a credit union) in the U.K., and has created a flexible work environment for employees with Android. YBS initially deployed Android-powered kiosk devices to the larger retail branches and customer-facing mortgage brokers, but expanded its deployment to a set of standardized handsets that extended services beyond email and calendar to intranet access and third-party corporate applications. Andrew Ellison, YBS IT Desktop End User Computing Delivery Manager, says a secure and stable digital environment was critical, with Android Enterprise providing the perfect mix of device management and delivering secure corporate applications and services to teams while giving them a personal experience: “The robust, secure, and flexible management offered by Android was a key differentiator, as it means we’ve been able to give people the tools to work more flexibly, helping us achieve efficiencies with a flexible working policy.”

Delivering on industry security requirements

Android’s multi-layered security protections, validated by Gartner, gives banks the information they need to deploy Android across their organization. CaixaBank, the number one retail bank in Spain, has deployed over 22,000 Android devices to its employees as part of its plan to put technology at the service of employees and customers. According to Pere Nebot, Chief Information Officer at the bank, “Android helps our employees offer the best customer experience while complying with the highest security requirements established in the banking industry. The deployment is adding additional productivity capabilities and functionalities to our workforce, allowing our employees to offer a full range of services from any location.”

Companies in tightly-regulated sectors like banking set an incredibly high bar for any technology solution or platform they deploy. With the Android Enterprise Recommended program, banks can select devices that meet these elevated enterprise requirements. For HSBC, the program provides a guide for its mobility strategy. John Burton, Head of Product Management for Client Services, says, “We’re only going to consider supporting Android Enterprise Recommended devices within our ecosystem. For us, that means we can set a baseline for the manageability of the device, the way it's enrolled, level of security patching it gets and the consistency of the device.”

Android offers layered security defenses and a breadth of device solutions that meet the rigorous needs of financial service institutions. Employee-friendly options like the work profile and the device curation of Android Enterprise Recommended ease the burden on IT departments when it comes to management and device testing.

For guidance on getting started with Android, discover how the Android Enterprise Recommended program can help your organization find the right devices and services, validated for the elevated needs of enterprise use.

Research details Android growth in the enterprise

Mobility is key to building a connected workforce that can tackle today’s complex business challenges. According to recently-published IDC research, mobile platforms need to offer hardware choice, multi-layered security, and comprehensive management capabilities to enable digital transformation.

This infographic from IDC illustrates how Android meets these attributes, and demonstrates why Android has strong and growing adoption in the enterprise.

Security incidents are less frequent in Android-majority enterprises compared to iOS-majority deployments. IDC Infographic
"Android Taking Off in the Enterprise"

Among the key IDC findings:

  • 74 percent of U.S.-based IT decision makers believe Android Enterprise Recommended devices are more secure and enterprise-grade than iOS devices. A recently released Gartner reportdetails Android security performance.

  • 77 percent of U.S.-based multinational firms prefer Android devices.

  • Android-majority deployments have a higher satisfaction rate than a mixed or iOS-only fleet.

  • Android-majority enterprises experience eight percent fewer mobile phishing incidents, and five percent fewer issues integrating mobile devices with back end systems.

For more insights, explore the IDC findings to discover how Android powers mobile, connected teams and can help your company transition to a digital workforce.

The Pixel 3a joins the Android Enterprise Recommended lineup

Android Enterprise Recommended continues to shape how organizations choose devices for their teams. According to a recent HMD smartphone purchase survey, 56 percent of IT decision makers have decided to only choose Android Enterprise Recommended devices for their business. Android Enterprise Recommended helps businesses select devices with confidence from a breadth of options, so they can find a quality device at a price that’s right for the organization.

Today, the Pixel 3a joins the Android Enterprise Recommended lineup. Announced at Google I/O last week, the new, more affordable Pixel has enterprise-grade security, with monthly security updates and the Titan M chip. A consistent Google user experience backed by machine learning and artificial intelligence helps your team work productively. Recently, a 2019 Gartner research report that evaluated mobile security determined that the Pixel 3 device family has the strongest performance for built-in security when compared to other mobile devices.

The Pixel 3a joins a group of devices in Android Enterprise Recommended that provide businesses with options of enterprise-grade performance and support for zero-touch enrollment at a budget-friendly price. The Nokia 7.1, Moto G7 and Sharp AQUOS Sense are among the many knowledge worker devices within the Android Enterprise Recommended portfolio that run Android 9 Pie, and offer strong productivity power and battery life at a cost below $400.

Since launching in 2018, Android Enterprise Recommended now offers devices from over 20 OEMs, with knowledge worker, rugged devices and tablets in our portfolio. We also help companies secure and manage their devices with Android Enterprise Recommended EMM and Managed Service Provider partners. Learn more about the vast selection of devices available from our Android Enterprise Solutions Directory.

Enhanced security and IT tools for enterprises in Android Q

With each version of Android, we’ve focused on improving the work experience for people and providing more control, security and flexibility for IT and business owners. Android Q, the newest release in beta, offers up more features that deliver on this promise and continue to push the boundaries of enterprise mobility.

Here’s a look at some of the features available in beta.

Improved work experience

In Android Q, we’ve tackled some of the top feature requests that give people more functionality when using the work profile, our platform level separation for work apps and data. People will be able to see work events in their personal calendar and other apps in the personal profile, with a simple transition to the work calendar for more details or event editing. IT admins, meanwhile, can set limits on work event sharing by policy.

Cross profile calendar sync

Employees can also use their favorite keyboard or input method for their personal profile, while IT can require a different method for the work profile. This gives employees more freedom for personalized usage and allows IT to apply more security to the work profile.

We’re also providing companies with more flexibility in deploying work profiles on corporate-owned devices. IT admins can now use zero-touch enrollment, QR codes or NFC tags to provision a work profile directly during the setup wizard.

More IT control

Previously, IT admins could freeze device updates for up to 90 days to help with testing and scheduling updates. In Android Q, admins now have the ability to manually install system updates locally from a file. That allows organizations to stagger rollouts to preserve network bandwidth or take advantage of times when devices are idle.

Apps can soon send feedback to IT admins, such as providing the status of managed configurations, or giving impromptu device error reports. This functionality will be available in the coming weeks and will be supported on devices going back to Android 5.0.

The same app feedback channel bolsters our OEM Config offering. With OEM Config, device manufacturers can include bundled apps that call custom privileged APIs, allowing admins to set OEM policies via managed configurations, without any extra integration work from enterprise mobility management (EMM) providers. For example, Samsung uses our updated OEM config offering to improve the availability of their Knox Platform for Enterprise.  Improvements to OEM Config include the feedback channel, an enhanced configurations schema and an update broadcast which informs an app immediately when new configurations are available, even when the app is not open.

IT admins can also now also configure certificate-based WiFi networks during setup by including the credentials in the enrollment QR code or NFC tag. This will simplify setup and streamline connectivity for work devices.

Enhanced security

Android Q brings a host of updates for organizations looking to secure their mobile fleet. IT admins can take advantage of new delegation capabilities that enable offloading of certain tasks to specific apps outside of the device policy controller. For example, IT admins can appoint their preferred app to handle network activity logging or the selection of certificates.

On devices with a work profile, IT admins can now block the installation of apps from unknown sources across the entire device, adding additional protections against potential malware in the personal profile. And with the deprecation of Device Admin APIs in Android Q, we’re enabling apps that require a lock-screen to check the quality of screen lock credentials and direct a user to set a stronger passcode.

These are just some of the new Android Q features available in beta that will benefit enterprise customers. Take a look at a fuller list of features at the Android developers website and try out the beta today.




Android Enterprise security assessed by Gartner

Data and device security are among the most important aspects to any enterprise mobility initiative. With Android, we’ve invested in a wide range of protections, both on-device defenses and corporate-managed tools, to help companies keep their devices and data safe.

Gartner’s 2019 Mobile OSs and Device Security: A Comparison of Platforms report (subscription required) is a comprehensive assessment of mobile security controls and enterprise management features. The report helps security and risk management technical professionals through analysis of and recommendations for security controls of popular mobile device operating systems.

In the report, which was published on Monday, Gartner evaluates a number of operating systems and device implementations including Android, Chrome OS and the Google Pixel 2 and Pixel 3. Android 9 received strong ratings in 26 of 30 categories, including 12 of the 13 categories in the corp-managed section.

Check out the video below for more details.

Gartner's assessment of Android security

Gartner senior director analyst Patrick Hevesi provides an overview of the 2019 Mobile OSs and Device Security: A Comparison of Platforms report

 You can also see a breakdown of all of the categories in the table below :

Gartner security ratings for Android 9 and Pixel 3


For more information, visit the Android Enterprise security page, where you can learn about security features like built-in anti-malware through Google Play Protect and workplace isolation with the Android work profile. Also learn more by reading the Android Security & Privacy 2018 Year in Review report.

Sharing what’s new and coming next with Android Enterprise

We’ve built Android to help power the connected workforce of the future. With a growing lineup of Android Enterprise Recommended devices and services, leadership in mobile security and flexible platform tools, Android gives organizations plenty of options. At Google Cloud Next ’19, we shared more about how Android can benefit your organization, and offered a preview of some of the features we’re working on for Android Q.

If you weren’t able to attend the event, or would just like a refresher on any of the sessions, here’s an overview of the ones that are now available on YouTube:

My engineering team’s work on Android Q has focused on an improved end user experience, more controls for IT, and enhanced security tools. For example, we've addressed many top feature requests, such as an API for consolidating personal and work calendars and separate input methods for work and personal apps.

As 2019 rolls on, we’re looking forward to continuing Android’s momentum and impact on organizations of all sizes.

New research shows how Android helps companies build a digital workforce

IDC reports that by 2022, 75 percent of CIOs who don’t transition their organization to flexible IT product teams that use technology to solve problems in new ways will fall behind the competition. According to IDC, mobility is the key to building a connected workforce that’s agile, particularly when the organization is going through rapid change.  


In new research sponsored by Google, IDC asserts that teams can thrive with platforms that feature a diversity of hardware, offer strong security, and support IT management that balances with user experience. This series of whitepapers, videos and blog posts detail the critical role that mobility plays in achieving these core pillars and the strengths that Android offers as a strategic platform of choice for enterprise.


Phil Hochmuth, Program Director of IDC Mobility, said that for businesses to transform how their workers do their jobs with mobility, they must address key challenges around mobile computing risk, device capabilities, and form-factor selection, as well as the underlying provisioning and management of mobile end-user technology. IDC sees Android as a strategic platform that addresses each pillar to consider when choosing a mobile platform: Overall security, solution breath, and IT management capabilities balanced with user experience.

Android security extends from the hardware to the application stack, ensuring corporate data is kept secure. Our broad set of OEM partners offers a wide range of both price points as well as form factors that can enable every worker. And Android IT management capabilities span from the Work Profile, which separates personal data from corporate data access on a BYOD or personally enabled device, to locked down modes that control the device experience to a set of IT approved applications. Combined with innovative tools that bring machine learning, immersive experiences, and both native and web apps to users, Android is well suited to powering an organization’s digital transformation efforts.

Explore the IDC findings to discover how Android powers a mobile, connected workforce and can help your company take the next steps toward transitioning to a digital workforce.