Tag Archives: Android enterprise

Migrating to modern Android management solutions

A modern enterprise mobility solution requires a flexible and secure platform with advanced management capabilities. It’s what we’ve delivered with Android Enterprise, and today we’re offering additional resources for organizations that are moving off of legacy deployment methods. The Android Enterprise Migration Handbook is a guide for IT managers who want detailed steps and best practices for switching away from legacy APIs.

Why choose Android Enterprise?

Customers and partners like the flexible device management choices found in Android Enterprise. The clear separation of work and personal profiles on the same device is powerful—IT manages corporate applications and data, preserving employee privacy while  protecting the security and privacy of essential company information. Additionally, rapid deployment methods—like zero-touch enrollment, QR codes, a DPC Identifier or configuration through NFC—simplify the process of getting your team up and running.

Learn more about migrating to Android Enterprise

Transition updates

Device Admin-based management solutions rely on a number of complex workarounds, such as side loading applications and using personal Gmail accounts. These solutions are limited and are not as suited to the needs of modern enterprise use cases.

As part of the transition away from Device Admin, APIs for password enforcement, disable camera and disable keyguard features have been marked as deprecated in Android 9 Pie. These APIs will no longer be available in the 2019 Android release. We recommend that customers migrate to management deployments using the Android Enterprise framework through an EMM provider.

Modern management and security

Compared to Device Admin, Android Enterprise provides extensive management controls and solutions for personal devices, work only, personally-enabled and dedicated device scenarios. This extends to enrollment, offering a variety of options to get a team up and running.

The modern Android security APIs are part of a more vigorous security structure, with more privacy for users and protection for user data. The work profile and managed device APIs create a better experience for both IT admins and employees.

Helping your organization make the move

We recommend that organizations consider a move to work profile and managed device APIs to better serve their mobility needs. Our Android Enterprise Migration Handbook will serve as a helpful document for organizations that want additional direction.

Mobility transitions can be a large and important undertaking. We encourage reaching out to your EMM partner for additional guidance on migration.

Android Enterprise Recommended validates top management solutions

Enterprise Mobility Management (EMM) providers play a vital role in enabling and managing the business features and services in Android — helping customers deploy devices and applications consistently at scale. Today, we’re launching the Android Enterprise Recommended program for Enterprise Mobility Management to help customers find the best equipped EMMs to successfully deploy Android.

Since we’ve collaborated closely with EMM partners over the years, we understand what it takes to demonstrate excellence in this area. With this program, we’re recognizing partners who provide the most comprehensive technical solutions and have knowledgeable teams focused on modern Android security and management. 

We’re pleased to welcome BlackBerry, Google Cloud, I3 Systems, IBM, Microsoft, MobileIron, Softbank, SOTI, and VMware to the program. These partners have validated solutions or will be launching their offerings throughout 2019, and we’ll add more approved partners over time. More details about our partners can be found here.

Customers can expect Android Enterprise Recommended EMMs to demonstrate the following qualities (and the full list of guidelines can be found on our site):

  • Experience across multiple Android Enterprise management sets  

  • Proven ability to deliver advanced security and management features

  • A consistent deployment experience, with admin consoles that simplify set-up of Android Enterprise

  • Documentation and guides that provide best practices for Android Enterprise set-up and configuration

  • Google-trained personnel across field sales, technical pre-sales and deployment support

  • Commitment to staying current on the latest Android product features and training requirements

Similar to last year’s launch of the Android Enterprise Recommendedprogram for devices, where we validated knowledge worker and rugged devices against an elevated set of requirements, we’re taking a similar approach to EMMs. By raising the bar of excellence, we’re helping customers select which partners are best equipped to help them fully leverage the robust security and management capabilities in the Android platform.  

There’s so much more companies can achieve through mobility. With the Android Enterprise Recommended program, Google and the Android ecosystem are stepping up to help customers enjoy a more powerful, versatile and best-in-class enterprise mobility experience.

Building a connected workforce in the new year

A new year has arrived, and with it fresh opportunities to transform your business.

Android can help power a more productive workforce and enhance customer experiences. As we look ahead to the rest of 2019, here are a few ways Android can help power a connected workforce, capable of meeting the evolving needs of digital enterprise.

Raising the bar with Android Enterprise Recommended

Last year we launched Android Enterprise Recommended, which makes it simpler for organizations to select, deploy and manage enterprise devices and services.

The program establishes best practices and common requirements for devices and services, backed by a thorough testing process conducted by Google. Devices in the program meet an elevated set of specifications for hardware, deployment, security updates, and user experience.

In September, we expanded the program to a new category of rugged devices for more demanding environments, which helps organizations in purchasing and deploying trusted Android hardware.

Enterprises are increasingly relying on Android as their go-to platform for rugged mobile deployments, with Android on pace to become the largest rugged OS by shipments in 2019, according to IDC.

Fueling global growth

Strengthening development tools has been central to helping companies grow with Android. We recently streamlined app publishing tools to help enterprises more quickly get the right apps to their employees. And the Android Management API, which came out of beta last year, brings a complete suite of management features for nearly any use case.

Additionally, companies are using Android to build great solutions for their customers and enhance team collaboration. Whether it’s Uber deploying Android devices to grow internationally or Pitney Bowes improving office shipping and mailing to expand their business, there are plenty of ways that Android helps companies meet their goals.

In 2019, we’re eager to see how companies will use the power of Android to move their business forward.

Security intelligence, backed by Google

While a new year is typically filled with optimism, it’s likely that fresh security challenges will be lurking. That’s why strong platform security is built into each Android device, backed by multiple layers of protection.

In 2018, Android 9 Pie delivered fresh helpings of security smarts. The Android platform uses industry-leading tools like exploit mitigation and sandboxing techniques to prevent bugs from being exploited. And Google Play Protect, the world’s largest threat detection system, is always working to protect devices, data, and applications.

The work profile is another powerful security tool, keeping company data in a separate, secure container on the device. Administrators can manage and secure a separate corporate profile and data, while the user gets full control over the rest of the device. And on Pixel and Android One devices, Digital Wellbeing can help sustain an employee’s new year's resolution for a better work-life balance.

Looking ahead to 2019

We’re continuing to invest in Android, and businesses are using the platform to build next-generation experiences for their workforce and customers. In the new year, we’ll continue to work with our hardware, software, services, and mobility management partners, who are building build custom app and device solutions for employees and customers. Our goal is to enable companies to connect every worker from boardrooms, out in the field, to the factory floor.

Android Enterprise Recommended is a centerpiece of these efforts, and we’re looking forward to extending its impact in the new year.

How Android can help you switch off and enjoy the holidays

The holiday season is in full swing, meaning you’re probably juggling a mix of gift shopping, festive gatherings and office parties. After another busy year, the holiday break brings an opportunity to rest and recharge without too many digital distractions. You want to keep your phone handy for taking photos and keeping in touch, but wouldn’t it be nice to properly switch off from work and reduce interruptions?

Here are a few tips on how your Android device can help you focus on being in the present and spending time with family and friends.

Disconnect this holiday season with Digital Wellbeing

In August, we released the beta of our Digital Wellbeing features to Pixel users running Android 9 Pie. In November, our Digital Wellbeing features came out of Beta and are now live on Pixel phones and several Android One devices, like the Motorola One, Xiaomi Mi A2 and Nokia 7 Plus. We’re working with partners to bring Digital Wellbeing and Android 9 Pie to even more devices soon.

digital wellbeing

In Settings, check out the Dashboard in Digital Wellbeing to help you understand how you spend time on your phone and set time limits on specific apps—or use Wind Down to help you get to sleep at night by transitioning your display to a grayscale screen. And on Pixel 3, when you don’t want to be bothered by rings or notifications, just flip your phone to Shhh—an easy gesture that turns on Do Not Disturb and minimizes distractions. It’s the perfect way to enjoy your holiday dinner, distraction-free.

Turn off work with one tap

Another useful tool for disconnecting during the holidays is the work profile. This Android feature, available on personally enabled work devices as part of a managed device program, lets you temporarily turn off corporate applications so you won’t get alerts or be tempted to check your email just one more time during your holiday.
work profile

On devices that run Android 9 Pie, work apps are neatly organized into their own tab in the All Apps menu, meaning they can easily stay out of sight (and hopefully out of mind). There’s a handy toggle at the bottom of the screen, enabling you to put work mode on snooze. When it’s time to get back to work, just turn it back on. If you’re on an earlier version of Android, from Android 6.0, you can turn off the work profile by going to the notification drawer and finding the option in your settings menu.

work profile android

Apps for work are bundled together and can be turned off with the flick of a switch.

We hope you can switch off from work, enjoy the break and recharge for 2019.

New tools to automate enterprise app distribution with managed Google Play

Managed Google Play provides a simple, standard way for enterprises to deliver applications to their organizations. It offers a secure and familiar interface to share both internal and third-party apps with managed Android devices.

Automating the app distribution process is an efficient method for quickly getting apps out to your team, and today we’re highlighting how Google tools can now make that simpler and faster with the addition of fastlane support via the Custom App Publishing API.

App automation with fastlane

As part of the Firebase mobile development platform, fastlane offers a set of developer tools that help automate app builds and releases. Now, fastlane supports managed Google Play by integrating with the Custom App Publishing API.

The open source fastlane platform offers a suite of app automation tools that can automate screenshots, manage beta deployments, as well as sign and push apps to the Play store. It helps save time, as it can configure and run releases without building custom release tools.

Give it a try if you’re looking to automate multiple aspects of your workflow. The documentation for fastlane provides specific details for developers.

Quicker custom app publishing

The Google Play Custom App Publishing API is another key tool for enterprise mobility management (EMM) providers, third-party developers, and other organizations that want to enable their enterprise customers to publish private apps directly from their end-user interface.

The key benefit is the ability to automate the creation of apps, without any code, which enables enterprise customers to publish and distribute private apps to employees even faster.

Getting started

It’s now easier to deploy and manage your private enterprise apps with managed Google Play, which provides access to the world’s largest app ecosystem. With fastlane, you can quickly deploy your applications without the need to code the solution. However, if you prefer to write your own software and integrate your own tools, you can use the Custom App Publishing API.

For more technical information, see our blog post on our Android Developer publication that details how developers can take advantage of these tools.

Zero-touch enrollment’s new features deliver for partners and customers

Last year we launched zero-touch enrollment, a deployment method to help make Android rollouts—especially those at large scale—more seamless and secure.  Since then, the program has grown and customers and partners are already seeing the benefits.

Better rollouts for customers and partners

Zero-touch continues to help businesses quickly and securely deploy Android devices, easing many pain points IT admins face when rolling out device fleets.

NAV, the Norwegian Labour and Welfare Administration, has successfully used zero-touch enrollment to deploy over 10,000 Android devices across their organization. Bengt Nielsen, who leads NAV’s IT Infrastructure and Platform Services team, explained that the large scale deployment of Android devices was a key component of the organization’s digital transformation strategy. NAV wanted employees to work in a more agile way, freeing them to work out in the community rather than always at their desk.

Zero-touch enrollment ensured that devices were configured and ready for use out of the box, making the deployment quick and easy for IT and employees, according to Bengt. He said, “Compared to previous manual enrollments, the zero-touch experience was like night and day—the enrollment process was almost flawless, employees found it straightforward and, most importantly, it saved the organization thousands of hours of work time.”  

NAV’s deployment partner ATEA explained the impact that zero-touch enrollment has had on customer rollouts. Kim Tovgaard, Enterprise Sales Executive at ATEA, commented, “Android zero-touch enrollment means we can offer customers a wider range of hardware in our deployment concept for automated purchase and enrollment of mobile devices, and help businesses save time and money.”

Expanding the zero-touch partner list

The support for zero-touch is continually growing, with new partners regularly added and validated. One of our zero-touch resellers, Tech Data, has recently launched a fully integrated service across their 20,000 European Android resellers, enabling them to offer zero-touch enrollment to all their customers.

“The API integration and set up was straightforward,” says Luc Van Huystee, Vice President, Mobility Solutions, Europe, at Tech Data, “enabling us to integrate this with our systems to allow every organization to carry out quick and easy bulk provisioning of company-owned Android devices straight after purchasing them.”

Over 30 zero-touch partners have joined the program globally in the second half of 2018, including major mobile operators such as Bouygues Telecom, Chunghwa Telecom, NTT DoCoMo, Telia, and Vodafone (Netherlands, Spain and Ireland). The full list of our partners can be found on this site.

New product features recently launched

We continue to add new features to zero-touch enrollment for both resellers and customers. Resellers can now appoint vendors to act on their behalf, while maintaining overall visibility and control. This will enable multi-national carriers to oversee the actions of their local operators and also support carriers who delegate their B2B sales to dealers.

Multi-language support is available within the zero-touch portal, with support for 13 languages. Additionally, zero-touch now supports WiFi-only devices, meaning that devices such as tablets and dedicated devices are also able to take advantage of the seamless enrollment that zero-touch offers. The current list of supported models is available here, with further manufacturers coming soon.
Learn more about how zero-touch enrollment can help make enterprise deployment easier and more secure.

Gartner’s analysis on the progress of Android security

With mobile security always being a hot topic, it is imperative to evaluate the relative strengths of different platforms and how they stack up against a set of predefined security requirements. Gartner’s “Mobile OSs and Device Security: A Comparison of Platforms” is a comprehensive report that assesses how today’s mobile OS and device platforms are supporting the increasing needs to effectively secure company data based on Gartner’s recommended security criteria for enterprise IT and users.

Gartner analyst Patrick Hevesi reviewed the security capabilities of Android, iOS, and Windows 10. The report also analyzed specific hardware implementations with Samsung Knox devices, Microsoft Surface Pro, and the Google Pixel family. The report details 28 distinct categories of security capabilities, diving into topics like core OS security features and device security controls.

In the video below you can hear about some of the results of the report, how Android security has evolved over the years and how Android is working to protect billions of users.

Gartner security report

Take a look at the video and see what’s unique about Android security, and why transparency and openness around the platform is critical for security conscious enterprises. These principles underscore how Android is a top choice for mobile security.

The Android Management API is ready for work, with new use cases and more features

Managing enterprise devices shouldn’t be complicated. Back in 2017 we introduced the Android Management API so developers could spend less time developing complex management applications and get back to building new services for their customers.

During the last year, we’ve worked closely with partners like Microsoft to bring dedicated device capabilities powered by the Android Management API into production with customers of all sizes and use cases. Now we’re pleased to introduce work profile and fully managed device support to the Android Management API, bringing the Android Management API out of beta by offering a complete suite of management features for nearly any use case.

Even more features, still just as simple

Whether you’re a full-featured EMM, an all-in-one solution provider that needs to lock down a device, or an IT professional looking to deploy a custom management solution, it’s never been easier to help your users be productive on Android.

Developers of all kinds use the Android Management API to enroll and apply policy to Android devices using only a server-side API, managing entire device fleets with just a couple REST API calls. Without the need to develop or QA a custom Android management app, the Android Management API helps developers get to market faster and deliver more of Android’s latest features to customers.

Different solutions for all types of developers

Since launching support for dedicated devices last year, we've been inspired by what our partners have built: from Taxi meters to customer satisfaction kiosks, in-house management solutions to Microsoft Intune’s new dedicated device solution, our partners are modernizing their industries and growing new ones with the power and flexibility of Android.

Now with work profile and fully managed device support, the Android Management API makes it easier to deploy Android Enterprise across a full suite of use cases. With enrollment link provisioning, users can set up a work profile in seconds, with no Play store download required. Or they can simply scan a QR code at the device welcome screen to set up a fully managed device for corporate-owned device fleets.

Android Management API

In fact, the Android Management API supports everything you need to become an Android Enterprise partner and get your work profile, fully managed device, and dedicated device solution listed in our directory.

Get started today

The Android Management API is the easiest way to start managing Android devices. Get a device provisioned in minutes with our new interactive Colab, and go to g.co/dev/androidmanagement to learn more.

Android 9 Pie: Improving productivity, security, and digital wellbeing for the enterprise

Today we’re serving up Android 9 Pie, freshly baked for the enterprise.

The newest release of Android delivers AI-powered productivity tools, security enhancements, new features to promote digital wellbeing, and support for a range of use cases.

Android 9 pie work profile

Apps in the work profile are bundled together, with a toggle available for switching off when it’s time to step away from work.

In Android 9, work apps have their own tab in the All Apps menu, making them easier to find and distinctly separate from personal apps. Android 9 also brings support for in-app switching between apps that exist in both the work and personal profiles.

The work profile also complements Android’s focus on digital wellbeing. While our phones are a big part of our work lives, it’s important to be able to disconnect. A new toggle feature lets users turn off work apps and notifications quickly and easily.

Android 9 also includes new digital wellbeing tools like the Dashboard and Do Not Disturb, which helps users monitor device usage and turn off all visual interruptions respectively. These tools are available today in beta on Pixel devices. You can learn more about the beta program here.

AI baked in

To help your team get things done faster, Android 9 introduces App Actions, an AI-powered feature that displays suggested actions based on a user’s context. These appear in the Android launcher, Smart Text Selection, the Google Search app, Google Assistant, and the Play Store.

For example, if an employee is working, they might see a suggestion to share a Drive folder. 

drive actions android pie

App Actions suggest specific tasks throughout the day.

Over time, users will see prompts to take specific actions from both personal and work apps as the phone learns about how they use the device. It’s one more way that Android works behind the scenes to make the phone more responsive to individual needs.

New recipes for dedicated devices

Many Android devices in organizations are dedicated to a single purpose, such as ruggedized tablets, point-of-sale terminals, digital signage, or informational kiosks.

In Android 9, admins have full flexibility to show or hide elements of the Android user-interface including the status bar and navigation buttons. Enterprise mobility management providers can set a custom home screen, and populate it with the apps of their choice.

Android 9 Pie kiosk mode

Admins can use a custom launcher and select multiple apps for a focused experience on single-use devices.

By doing this, admins can enable switching between a set of apps. So, for example, a restaurant worker could take an order on their tablet, then switch back to the menu or to a payment app to process the transaction.

Additionally, Android 9 supports multiple people using a shared device. Devices can be configured as a kiosk, with a user’s data erased at the end of every session or set up for multiple employees. An employee working the day-shift can hand off their device to their colleague working late with data preserved between sessions but fully separated at all times.

Tasty slices of security and privacy

Android 9 enables industry-leading hardware security capabilities by leveraging a phone’s tamper-resistant hardware,similar to the “secure elements” built into credit and smart cards. Android 9 is also the first major operating system to support secure transactions via Protected Confirmation APIs as well as enabling app developers to leverage the tamper-resistant hardware (Strongbox) which raises the bar when it comes to protecting sensitive app data. We also continue to harden the Android platform through additional compiler-based mitigations, to make bugs harder to exploit and prevent certain types of bugs from becoming vulnerabilities.

Android 9 protects all data that enters or leaves a device with Transport Layer Security (TLS) by default. It’s also the first mobile operating system to support DNS-over-TLS for private browsing. Additionally, IT administrators can require different PINs and timeout rules for personal and work profiles and set policies to further prevent data sharing across profiles. New APIs will be available that work with keys and certificates to securely identify devices accessing corporate resources. 

Served up to a range of devices

This is just a taste of the goodness in Android 9. For more details on all the new work features and APIs in Android 9, see our developer page.

Android 9 is available starting today on Google Pixel phones and will be available later this fall on a range of devices, including Android Enterprise Recommended devices and those featured in the beta program.

The Android Security 2017 Year in Review has good news for enterprises

Device security is of paramount importance to enterprises. It’s why the Android Security team (and many other teams at Google) continuously work to improve protections across more than 2 billion active Android devices.

To ensure customers, partners, and Android users are up to date on our ongoing work, we recently published the fourth annual Android Security Year in Review. This document details improvements to Google’s security offerings in Android, updated platform features, and key metrics that inform our initiatives.

While the report provides a broad view of the breadth of the security work across the ecosystem, there are important highlights for our enterprise users.

Enterprise-grade security in Android

In 2017 we launched Google Play Protect, Android’s built-in device, data, and apps security scanning technology. Google Play Protect protects users from potentially harmful apps (PHAs) in real-time and uses cloud-based services for analyzing device and app data to identify possible security concerns.

Every day, Google Play Protect automatically reviews more than 50 billion apps, other potential sources of PHAs, and checks devices, warning users about potential harm. These automatic reviews enabled us to remove nearly 39 million PHAs last year.

PGA install rates
The installation of potentially harmful apps (PHAs) from outside the Google Play store saw a significant drop in 2016.

Enterprises can leverage Google Play Protect with managed Google Play, a curated Google Play Store for enterprise customers. By using managed Google Play, an organization can ensure that team members are selecting prescribed apps for work that are secured through Google Play Protect. Last year, the number of 30-day active devices running managed Google Play increased by 2,000 percent.

We also introduced a bundle of new security features in Android Oreo, making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, and hardening the kernel.

In its second year, the Android Security Rewards program paid researchers $1.28 million in 2017 for work identifying potential vulnerabilities in Android. We also introduced the Google Play Security Rewards Program for developers that discover and disclose select critical vulnerabilities in apps hosted on Play.

Additionally we launched zero-touch enrollment, a fast and secure method for simplified provisioning of corporate-distributed devices. Our focus on security starts from the moment a device is powered on, through deployment, and during daily interaction with apps and services.

Looking ahead

Our efforts continue into 2018. We recently launched the Android Enterprise Recommended program for OEMs, which addresses the pain point that many organizations face when choosing devices for large deployments. Our program features a curated selection of devices that meet common requirements for security (including which devices are getting regular security patches), and supported features, all validated by Google.

For a more detailed look at all of the Android security improvements during the last year, see the dedicated Security Blog or read the full security report at g.co/AndroidSecurityReport2017.