With every major Android release, we want to strike the right balance between improving security and manageability and making the platform more usable and private for employees.
With Android 12, now in developer preview, we’re introducing a number of features that not only bolster security, but also provide more simplicity and utility for IT and more privacy and productivity for employees.
Simplifying password complexity
For users on work profile devices, we’re introducing a more straightforward, modern approach to password restrictions. Instead of granular requirements that often result in easily forgotten passwords, we’re establishing pre-set complexity levels of high, medium or low that will be used to access the device.
With Android hardware-backed brute force protections in place since 2016, IT doesn’t have to employ super-complex restrictions, which can still be guessed by computers. By utilizing the new complexity levels along with other Android security protections, including SafetyNet Attestation API and Google Play Protect, IT teams can be assured devices are safe and easy to use for employees.
Easily set up a work security challenge
Admins can still utilize a more granular password, if they prefer, through the work security challenge to manage access to business apps in the work profile. The work security challenge enables an IT-approved password for access to data in the work profile, separate from a simplified password for the device.
We’ve improved the device setup process to prompt employees if their provided password doesn’t meet complexity requirements set by their admin.
Users who receive a prompt can simply choose to increase the strength of their device password or set up a work security challenge to access apps in the work profile. If approved by IT, employees can also switch back to one password for both work and personal if they change their mind.
For company-owned devices, admins will be able to choose whether they use the new password complexity levels or continue using the more granular restrictions.
Certificate management on unmanaged devices
Certificate management is a critical tool that allows enterprises to enable authentication for employee access to remote services. Today, the process can be seamlessly handled on managed devices through an Enterprise Mobility Management’s (EMM) device policy client, which can programmatically generate keys, install certificates from the Android KeyChain service and present them for authentication.
In Android 12, we’re streamlining credential management for unmanaged devices by making the process available to apps beside the device policy client. With this expanded credential management, more companies can extend secure access to employees regardless of their location, a key requirement in the COVID-19 era. Additionally, employees can avoid the cumbersome, manual process of installing certificates themselves.
Enrollment-specific IDs for personal devices
For employee-owned managed devices, we’re creating a new enterprise-specific device identifier that may help enhance privacy in the event an employee leaves their current employer. Instead of relying on hardware identifiers such as IMEI or serial numbers, personal devices will get a new identifier derived programmatically during enrollment.
Enrollment-specific IDs allow IT admins to identify the device if it’s re-enrolled at the same organization, even if the device is factory reset. But these IDs limit IT’s ability to track the device if the employee leaves the company.
Today’s initial preview covers some of the features you’ll see in the next release of Android with more to come as we get close to launch. Learn about the enterprise features in the Android 12 Developer Preview at the Android developers website. To give Android 12 a try, you can download it to a Pixel device today.