Tag Archives: Android for Work

How BioDot’s global team works better together using Android and Chrome

Editor's note: Today we hear from Dan Tisone, VP of Global IT at BioDot, a low volume dispensing manufacturer specializing in biotech applications. Learn how BioDot’s 60 employees use Android and Chrome devices to work closely together and build better products.

I’ve led IT at BioDot since my father, a former research and development engineer at Nokia Bell Labs, founded the company in 1994. Since then, I’ve seen workplace technology evolve from clunky desktops and servers to the fast, cloud-based devices we use today.

Our transition to Google started with Gmail in 2009. Through Gmail we discovered Google Apps like Drive, Hangouts and Docs. Google Apps are affordable and easy to use, so when we needed to purchase computers and smartphones for our employees the following year, we chose Google Chrome and Android products. Today, we have 42 Android smartphones, as well as a few dozen Chromebooks and Chromeboxes.

As an international business headquartered in Southern California with satellite offices in Asia and Europe, our sales team travels a great deal, and tends to use their smartphones more than laptops, whether they’re at the airport, in between meetings or in a taxi. They use Google Docs to review contracts and Google Slides to create new business presentations from their Android phones while traveling. They can even update Pipedrive, our CRM platform, through the mobile app.

I install work apps on each device using Google Mobile Device Management so employees can access required work apps and install any other pre-approved apps from the Play for Work Store. I can securely manage all devices with this central console, too. If an employee accidentally installs an app or downloads malware, I receive an alert and can fix the problem immediately.

Setting up Chromebooks is simple, too. It used to take me hours to deploy our old laptops. Each Chromebook takes minutes to set up — no time-consuming installations required. As BioDot’s sole IT staff member, it can be difficult to quickly deploy new devices while ensuring the security of every company device around the world. Chrome makes this easier.

Cloud-based Android devices also foster a collaborative work environment. For example, when the manufacturing team is assembling a new medical dispenser in the factory, they mark up the schematic diagram in red pen to show which parts don’t work. They used to snail-mail this marked up diagram to our engineers, who are hundreds or thousands of miles away in an office. Now, the manufacturing team snaps a picture of the schematic with their Android phone and uploads it to Google Drive, so engineers can see their revisions immediately. This saves our teams a few days’ delay, so they can iterate faster, and ultimately build better products in a shorter timeframe.

Google Apps also allows us to be more productive and efficient. Instead of taking a one-day trip to meet with a prospect for the first time, sales executives are starting to use Google Hangouts. This saves our company around $1,000 for each trip. When you think about the hundreds of trips salespeople take throughout the year, these savings go a long way — especially for a small company.

Switching to Google Apps, and subsequently Chrome and Android devices helps BioDot run faster and more smoothly. Employees, from tech-savvy millennials to employees who were new to smartphones, now rely on Android and Chrome devices to work together and complete tasks, whether they’re in the office, on the road or at one of our manufacturing facilities.

Android security to the N-th degree

Editor's note: Today we share highlights and a few remaining questions from our last security discussion as we ramp up for our next security talk focused on what’s new for work in Android N. Don’t miss that Hangout on Air on August 16 at 9:30am PT. To help guide that discussion, leave whatever questions you’ll have for us then in comments on this post or vote with a “+1” for questions from others you’d like answers to. Join that discussion by registering here.

In April we shared our Android Security 2015 Year in Review report and took a deeper dive into Android security with a live Hangout on Air to discuss the trends and hard data; you can still view the recorded session.

Some interesting highlights from the report include data showing that Android runs more than 400 million automatic security scans per day on devices and this helped limit the number of potentially harmful apps (PHAs) installed to less than 0.15% of devices that only get apps from Google Play. Note that devices that install apps from outside of Google Play are around 10 times more likely to have a PHA. As a follow up, we’re taking some time today to answer a few of the remaining questions from our live Hangout in April.

Will you have a plan to release a security patch via an app, such as WebView, in Play Store instead of a security patch by the manufacturer?

We do think it's possible for more of the framework to be updated by Google directly — there’s some architectural work that we're doing to make this possible in a future release.

Are all Android versions encrypted?

Android has provided full disk encryption since Android 3.0. Users can enable it by going into settings and turning it on. For newer devices, encryption may be turned on by default. And starting with Android M, all new devices that meet a performance requirement (being capable of encrypting over 50MB/S using AES, or the Advanced Encryption Standard) must be encrypted by default. These requirements are described in more detail in the Android Compatibility Definition Documentation (CDD).

Android N is introducing a new feature "Direct Boot" and a file based encryption mechanism that improves usability while maintaining encryption of user data.

Given that Android is making advancements towards the phones being used in enterprise [Android for Work], what are the security improvements that have been made specifically to make the phones more secure for enterprise? What are the security improvements that the team is working on that we will likely see in the near future?

Most of the security improvements that we make in Android have the dual purpose of protecting both enterprise and consumers, but there are some features that are more specific to enterprises. "Profiles," for example, were introduced to make it easy to separate work data from personal data. We've also added APIs so that application developers (including Mobile Device Management vendors or MDMs) can remotely query the state of the device — some more recent examples include the security patch level and adding an API in Google Play Services called SafetyNet.attest that allows an enterprise to confirm that a device is a compatible device.

Verify Apps. As far as I recall it was provided 4 years ago and improved in 2013 with background scanning. What's new now?

We're constantly making improvements to how we identify and protect users from potentially harmful apps. The 2015 year in review describes a number of changes, including the introduction of a technology we call the Anomaly Correlation Engine, advancements in Machine Learning, improvements to our System Integrity Checker, more effective user interface on security warnings and much more.

During next month’s Hangout on Air, we’ll answer your Android security questions and share information on what’s new for work in Android N.

To help kickstart some question ideas, here are just a few of the many new and improved work Android N security features that we’ll discuss:
  • Always on VPN for secure data transmission
  • Passcode enforcement options on individual work apps
  • More granular policies and app permission management
  • QR code provisioning to save time and money on device deployments

So, if like many, you’re wondering if Android could be the right mobile solution for your business, register for our Android N Hangout on Air taking place on August 16 at 9:30am PT.

8 ways to make your Android for Work apps even more secure

The Android ecosystem has grown to 1.4 billion devices worldwide and more than one million Play Store apps, with many of those titles focused on consumer usage. At the same time, mobile productivity has grown in importance and businesses are spending more on applications for their work devices. Gartner says businesses spent $143B in 2015 on application software on all platforms.

That presents developers with a large opportunity for work apps that advance collaboration, workflow, data analysis or taking measurements in the field. Android developer tools help developers answer this call for innovation while meeting the important business need of protecting work data.

Here are a few tips and techniques for developers striving to build safe, secure Android apps for work environments.

Integrate with Android for Work

Encrypt your data

  • Use HTTPS in lieu of HTTP whenever possible for encrypted, in-app web communications; don’t expect your app users to rely solely on VPN or other encrypted connections.
  • If you encrypt any data in your app, don’t put the key within the app. Use a KeyStore so the keys are bound to the device hardware and not directly accessible from your app.

Use Android’s built-in and expanded protections

  • Rather than using the MODE_WORLD_WRITEABLE or MODE_WORLD_READABLE modes (which don’t limit data access to specific applications) consider using content providers, which implement data read / write permissions to other apps.
  • Call Google Play service APIs to improve app security and check device compatibility. Specifically, the ProviderInstaller class has methods to verify if device’s security provider is current and SafetyNetAPI.attest can let you know if the device’s security model is intact; if not your app can throw an exception or work around the issue.
  • Check security warnings provided by the Google Play Store when uploading your app; this is part of the Android Security Improvement program and can highlight potential security risks in your app before you publish it.
  • Consider implementing single sign-on (SSO), which makes it more convenient for end users to safely access business apps and data. This also enables a consistent session expiration to harden app security. See this section of our recorded session from Google I/O on this topic a demonstration of SSO.

Following these tips is easy and makes your Android apps more secure and more attractive to businesses so you can take advantage of the growing support for Android devices in enterprises and small businesses alike.

For more information or other ways to build secure Android apps, see our growing list of security tips and take advantage of the tools Android offers you.

Empower your workforce with Android apps on Chrome devices

Chromebooks already offer businesses of all sizes a secure platform to get work done. Companies are choosing Chromebooks because they’re easy to maintain, can be centrally managed by IT and have multiple layers of security to protect sensitive data.

Today we’re announcing support for Android apps on Chromebooks — with little to no extra effort on the part of developers — making Chromebooks an even better choice for work.
That means your employees can have access to the broad ecosystem of Android apps in Google Play for Work on their Chromebooks, managed centrally with access controls. So in addition to the speed, simplicity and security of getting work done quickly in web apps, your workforce can run previously unavailable mobile apps on Chrome devices with complete file integration, notifications, offline support and touch input on supported hardware.

More productivity possibilities

Early first-runs with many Android workplace apps including Concur, TripIt and DocuSign, as well as many other productivity apps, look very encouraging. While the 2 million businesses already using Google Apps for Work can view and edit Microsoft Word documents, some may prefer to use Microsoft’s Office software. That’s possible on a Chromebook by installing the Android version of Microsoft Word, for example. And those who supplement Google Hangout meetings with Skype can do so on a Chromebook by using Skype for Android.

Also, this gives users full access to apps that were built for the mobile world. For example, while the web version of Slack already works in the Chrome browser, the Android version of Slack is designed from the ground up for mobile use with support for push notifications, do not disturb rules and quick switching between teams.

If your workforce prefers an Android app to the web version of that software or wants to use an app with offline support, they now have the choice on a Chromebook.

We’re encouraging Android developers of all kinds to see how the application experience adds value for Chromebook users and brings them new opportunities: Now building one app extends from Android phones and tablets up to Chromebooks.

You’re still in control

One of the key benefits of deploying Chrome devices in your workplace is that you can centrally manage them with ease through more than 200 administrative policies. Administrators can manage these Android apps now from that same Chrome admin console.

We’ve added new policies to allow or restrict Android application installations, and you can even allow particular Android apps for certain users and not others.

We’re making the feature available in early June on specific Chrome devices — the Asus Chromebook Flip, Acer Chromebook R11 and Chromebook Pixel (2015 edition) — for developers to try out. Later this year, we’ll add support for many more Chrome devices, detailed here. And if you’re developing in-house Android apps for your business, you can learn more about how to optimize your Android app for Chrome devices here.

Google I/O: What’s new for enterprise developers

Applications have long been the lifeblood of the enterprise. This has never been more true than in today’s market. And Google has never been more committed to the enterprise. We’re excited to expose our APIs to enterprise developers who can now incorporate advanced technologies such as image recognition, speech recognition, location and maps, email and calendaring into their applications.

Google I/O is a great opportunity to share what excites about the massive digital transformation happening at companies around the globe. We’re thrilled about the speed of innovation with all of our enterprise products, particularly Google Cloud Platform, Google Apps, Maps, Android and Chromebooks. We’re laser focused on creating what developers need to build successfully in the cloud.

At Google, we continue to push new innovations that enable developers to turn great ideas into world class applications. We can also help you get your apps in the hands of your customers through marketplaces like Google Play, Chrome Web Store, Google Apps Marketplace and Cloud Launcher, which serve billions of Android and Chrome users and millions of businesses.
Today’s announcements at I/O further build out our developer toolkit, with new features to help developers build what’s next for the enterprise.
  • New APIs for Sheets & Slides: With the new Sheets API, we're giving developers a new level of access to some of the most popular features in Sheets. Create new spreadsheets, populate them with data and formulas, insert charts and pivot tables, and pull results right into your apps. Developers can use Sheets in a powerful workflow to push data from their app into Sheets, allowing users to collaborate on that data, before the updated data is pulled back into the original app. The Slides API enables developers to push data from other applications into Slides in order to create custom, polished presentations quickly.
  • API Partner Ecosystem: A number of partners, including Salesforce, SAP Anywhere, Conga, Prosperworks, Anaplan, Sage, Trello, and Asana are already connecting their services through these new APIs, and we look forward to seeing even more developers follow suit.
  • Enhancements to the Classroom API: We’re giving developers programmatic access to our most powerful features within Google Classroom. The Classroom API lets school reporting systems sync coursework and grades from Classroom and quickly connect teachers and students to their learning content.
Whether you’re using Google Cloud Platform, integrating with our Machine Learning APIs or building on top of our Google Apps suite, we’re committed to delivering the tools and technologies that help businesses improve productivity, securely connect information across platforms and power new workflows. Earlier this month we announced a BigQuery integration with Google Drive that allows customers to run queries, gather insights and then share that data with teams in a familiar and easy to understand template, no matter where they are. We also recently added two new security certifications, ISO27017 for cloud security and ISO27018 for privacy. And customers like Land O Lakes are taking advantage of our cloud and APIs to revolutionize their fields — in this case, modern farming.

Ever since I began my career in technology, I’ve been working to advance the way the enterprise runs. I worked on some of the first relational databases for Sybase and Tandem and then, at VMware, helped to create an entirely new industry centered around virtualization. Fast forward to today, and I can say that I’ve never been more excited about the potential for the cloud to transform businesses. There was a period in time where the energy was around consumer applications, but we can now see that people are realizing just how much innovation can be done in the enterprise, and it’s enticing more and more developers. While we’re excited about the innovations that we’re bringing to market, we’re even more excited about how you will take advantage of these new advancements. As the momentum continues in the enterprise, we can’t wait to see what you build next.

Building better mobile apps for work

Posted by Matt Goodridge - Google Play for Work Product Manager

Last year, we introduced Android for Work, a program designed to pair the strength of the Android platform with support from the rich ecosystem of OEMs (device manufacturers like Samsung), EMMs (Enterprise Mobility Managers) and carriers with the goal of transforming the workplace. This means that developers get the support they need to develop apps that configure to meet business needs without customization.

With Android for Work, developers have been able to build apps for business and make them available via Google Play for Work to all types of industries. No matter the place or use case, Android for Work has helped lead businesses to foster employee productivity and creativity through increased mobility.

Today we are announcing the Android for Work DevHub, a place for developers to keep up with Android in the workplace and engage fellow business app developers in an open forum. Android for Work DevHub members will receive access to Google Play for Work and Android for Work product betas and developer events and will have the opportunity to learn from Google experts on topics like how to:

  • leverage tools and resources provided by the AppConfig Community, which established a standard that provides Android developers a simple way set up app configurations,
  • improve app security by integrating with Android for Work APIs,
  • get an app featured on Google Play for Work,
  • and more…

Among the early members of the Android for Work DevHub is Keeper, a mobile-first company committed to securing corporate credentials and sensitive information. Darren Guccione, Keeper’s CEO and co-founder, said: “Having our team be able to talk with Google experts as a part of the Android for Work DevHub has been very helpful in optimizing Keeper, as an essential product, for the workplace.” In addition to Keeper, select developers across an array of industries are already represented in the Android for Work DevHub, and—starting today—any business developer can apply to become a member, too.

To learn more about Android for Work, join us at Google I/O Thursday, May 19th at 2pm on Stage 10 Cassiopeia. I’ll be joined live on stage with James Kelly, product manager in Android for Work and Rich Hyndman, and Android developer advocate, to walk through the latest developments in Android for Work that will help you make awesome apps for businesses and to meet the Android for Work team in-person at our shop to see the Android for Work retail experience.

Stay on task with today’s updates in Google Keep

(Cross-posted on the Google Docs Blog.)

How many times have you found yourself with a great idea, but no easy way to jot it down for later? Or maybe you’ve got lots of notes scattered around, without no central spot to find them. Having a single place to capture what’s on your mind and save your ideas and to-do lists is what Google Keep is all about, and today's updates give you a few new ways to collect and manage the information that's important to you.

Keep is ready when you are

The next time you’re on a website that you want to remember or reference later on, use the new Keep Chrome extension to add it—or any part of it—to a note in Keep. Just click the Keep badge to add a site’s link to a note, or select some text or an image and create a new note from the right-click menu.

Same goes for Android—you can now create a note while you’re browsing or tapping away in other apps—without having to open Keep. Just open the “Share via” window and choose Keep to create a new note.

Organize your thoughts with #Labels
One of your top asks has been for a way to organize and categorize notes, and now it’s as easy as using a #hashtag. This should help you keep track of to-do lists for a #trip or a collect your favorite #recipes, for example.

You’ll also notice that some of the menus have been moved around to group similar options together, as pictured below.
So whether you’re researching a project at work, putting together details for your Science Fair submission, or collecting inspiration for your upcoming home renovation, give these updates a try on the web, or with the Keep app on Android and for iPhone & iPad.

Android Security 2015 Annual Report

(Cross-posted on the Google Security Blog.)

Editor's note: For more details on our Android security efforts and results and what this level of security offers for the workplace, please sign-up to join our Hangout on Air with Adrian today at 10am PST. The session will be recorded and available to view on-demand afterwards as well.

Today, for the second year in a row, we’re releasing our Android Security Annual report. This detailed summary includes: a look at how Google services protect the Android ecosystem, an overview of new security protections introduced in 2015, and our work with Android partners and the security research community at large. The full report is here, and an overview is below.

One important goal of releasing this report is to drive an informed conversation about Android security. We hope to accomplish this by providing more information about what we are doing, and what we see happening in the ecosystem. We strongly believe that rigorous, data-driven discussion about security will help guide our efforts to make the Android ecosystem safer.

Enhancing Google's services to protect Android users

In the last year, we’ve significantly improved our machine learning and event correlation to detect potentially harmful behavior.

  • We protected users from malware and other Potentially Harmful Apps (PHAs), checking over 6 billion installed applications per day.
  • We protected users from network-based and on-device threats by scanning 400 million devices per day.
  • And we protected hundreds of millions of Chrome users on Android from unsafe websites with Safe Browsing.

We continued to make it even more difficult to get PHAs into Google Play. Last year’s enhancements reduced the probability of installing a PHA from Google Play by over 40% compared to 2014. Within Google Play, install attempts of most categories of PHAs declined including:

  • Data Collection: decreased over 40% to 0.08% of installs
  • Spyware: decreased 60% to 0.02% of installs
  • Hostile Downloader: decreased 50% to 0.01% of installs

Overall, PHAs were installed on fewer than 0.15% of devices that only get apps from Google Play. About 0.5% of devices that install apps from both Play and other sources had a PHA installed during 2015, similar to the data in last year’s report.

It’s critical that we also protect users that install apps from sources other than Google Play. Our Verify Apps service protects these users and we improved the effectiveness of the PHA warnings provided by Verify Apps by over 50%. In 2015, we saw an increase in the number of PHA install attempts outside of Google Play, and we disrupted several coordinated efforts to install PHAs onto user devices from outside of Google Play.

New security features in the Android platform

Last year, we launched Android 6.0 Marshmallow, introducing a variety of new security protections and controls:

  • Full disk encryption is now a requirement for all new Marshmallow devices with adequate hardware capabilities and is also extended to allow encryption of data on SD cards.
  • Updated app permissions enable you to manage the data they share with specific apps with more granularity and precision.
  • New verified boot ensures your phone is healthy from the bootloader all the way up to the operating system.
  • Android security patch level enables you to check and make sure your device has the most recent security updates.
  • And much more, including support for fingerprint scanners, and SELinux enhancements.
  • Deeper engagement with the Android ecosystem

We’re working to foster Android security research and making investments to strengthen protections across the ecosystem now and in the long run.

In June, Android joined Google’s Vulnerability Rewards Program, which pays security researchers when they find and report bugs to us. We fixed over 100 vulnerabilities reported this way and paid researchers more than $200,000 for their findings.

In August, we launched our monthly public security update program to the Android Open Source Project, as well as a security update lifecycle for Nexus devices. We intend the update lifecycle for Nexus devices to be a model for all Android manufacturers going forward and have been actively working with ecosystem partners to facilitate similar programs. Since then, manufacturers have provided monthly security updates for hundreds of unique Android device models and hundreds of millions of users have installed monthly security updates to their devices. Despite this progress, many Android devices are still not receiving monthly updates—we are increasing our efforts to help partners update more devices in a timely manner.

Greater transparency, well-informed discussions about security, and ongoing innovation will help keep users safe. We'll continue our ongoing efforts to improve Android’s protections, and we look forward to engaging with the ecosystem and security community in 2016 and beyond.

How does Google protect your Android devices and data? Be in the know next week and every month going forward

Since launching Android in 2008, we’ve done quite a bit to strengthen security for all of our users and to make Android a trusted platform at work for companies such as SAP and Guardian Life Insurance. I’m leading the team that takes care of keeping all of these Android users secure, both at home and at work.

We’ll share more details in our Android Security 2015 Year in Review that we’re publishing next week, such as how many devices are protected daily through our Verify Apps scanning service and how fingerprint sensors are positively impacting Android lock screen adoption.

I’ll also be hosting a Hangout on Air on April 5th to share the detailed results of our Android Security 2015 Year in Review. To register for the live Hangout and learn more about our latest Android for Work security efforts, sign up here, and tune in at 10am PST on Tuesday, April 5th 2016.

And to help explain how important Android security is to us and our continued efforts to enhance it, I’ll be publishing a monthly series of Android security-themed blog posts detailing a range of topics and efforts we’re taking to secure Android devices for work:

  • Strengthening SELinux to enforce greater control over system processes at the kernel level
  • Adding Android’s Verify Boot function, ensuring a device’s state hasn’t changed since last boot
  • Expanding full disk encryption support on new Android devices
  • Including a new Fingerprint API in Android 6.0 Marshmallow for secure identity confirmation
  • Working with partners on monthly security updates
  • Separating work and personal data through Android for Work device profiles

Stay tuned in the coming months to learn more about how Google protects your Android devices and data, as well as why Android is a smart, safe choice for businesses of all sizes.

The new generation of work-ready Android devices is here

It was awesome to see Samsung unboxing the new Galaxy S7 at Mobile World Congress in Barcelona today. This device combines Samsung’s exceptional handset design with the flexibility of Android Marshmallow — including enterprise features built-in with Android for Work — plus extended Samsung Knox security features to further protect both personal and work data.

Android Marshmallow: designed for today’s mobile workplace

Android Marshmallow has been designed to meet the needs of today’s mobile business users with an enhanced experience for work and personal profiles, improved connectivity, extended storage options, smarter battery management, faster Now on Tap access to what you need most and greater device choice.

New device management APIs and remote capabilities accelerate fleet deployment, streamline management and provide greater visibility of activities like data usage for IT administrators.

Where Lollipop helped organizations to confidently embrace a bring your own device (BYOD) policy for the workforce, Marshmallow enables corporate owned single use (COSU) devices — those that serve a single purpose, such as point of sale, vending machines, reception kiosks and inflight entertainment. Historically these deployments require a highly customized OS, but M turns Android into a powerful platform for custom app developers with control for device administrators to meet all of these needs out of the box.

Developers are able to create richer applications in less time thanks to runtime and performance enhancements, including an optimized compiler, reduced memory overhead, just-in-time debugging and overall faster application performance.

Android’s sandboxes, verified boot and SD card encryption secure against theft, loss and malicious software for devices, applications, user privacy and both workplace and private data.

Extended security with Samsung Knox

Always-on, real-time protection
Business users and organizations are further protected by boot up and runtime security features tied to the integrity of both hardware and software. If an S7 is tampered with or gets rooted, Knox can disable access to the entire device.

Secure Boot and Trusted Boot prevent a compromised device from accessing enterprise data, apps and networks by disabling access upon detection of an attack.

In the event of an advanced attack targeting of the operating system or sensitive system data — even after a successful uncompromised boot — KNOX constantly protects the Android kernel with Real-Time Kernel Protection (RKP).
Growing network of carriers providing updates
Samsung’s new Enterprise Device Program continues to grow, serving customers in over 100 countries and with carriers now sending customers critical updates that include both core Android and specific Samsung patches to maximize device security.
Defense-grade protection for all users
Sensitive Data Protection (SDP) is designed for use in high-security installations, such as military and government applications. Recognising that other users should be able to benefit from the same level of advanced protection, Samsung invites all developers to use the SDP SDK to protect sensitive data.

To learn more about the Samsung GS7 and the security features of Android and Samsung Knox check out Samsung’s website, here.