Android 5.0 Lollipop embraces the enterprise

1 of 7
  • Android: No longer ignoring the enterprise

    Android: No longer ignoring the enterprise

    It didn't take Apple long to recognize that the enterprise wanted to use their mobile devices, but that they needed some help to do it right. Apple did so, even if they've only recently begun to brag about it.

    Google took longer. Prior to the new version 5.0 (Lollipop), Android included precious little specifically to assist enterprises in their needs. Lollipop is a clear change in direction, addressing many of the most important enterprise needs.

    Finally, Google has included EMM/MDM APIs to allow a standard approach to the management and security of Android mobile devices. No longer will EMM vendors like MobileIron have to make different versions for the devices of different OEMs. (Of course they will need to continue to do so for as long as they support pre-Lollipop Android devices.)

    Google has also moved to harden the base operating system, strengthen data security by default, improve the security update process and authentication and much more. There are thousands of new APIs, many of which help enterprises.

    Of course there are Lollipop features, such as Material Design, which is intended to make user interfaces more consistent, and Battery Saver, which benefit enterprises as much as anyone, but they are not enterprise-specific.

    (Image courtesy MobileIon)

    Caption by: Larry Seltzer

  • EMM/MDM built into Android 5.0 Lollipop

    EMM/MDM built into Android 5.0 Lollipop

    By far the biggest change is the inclusion of Samsung's KNOX technology, contributed to the Android Open Source Project . EMM (Enterprise Mobility Management, the modern superset of MDM or Mobile Device Management) was a marked weakness in Android with respect to the enterprise. Prior to Lollipop, Google included next to nothing in the base operating system, forcing each OEM to develop their own APIs for EMM products, like MobileIron and Citrix, to use. Now it's part of the base operating system and Google calls it Android Work.

    Perhaps the most important capability Android Work adds is a container model, through which users can have conceptually separate personal and work environments on the device. Google calls this Managed Profiles. Apps and data in one are inaccessible to the other. This is old news on some other platforms, particularly BlackBerry, but it will now be standard on all Lollipop devices and manageable by third-party EMM/MDM systems.

    See Jack Madden's blog for some informed perspective on it.

    (Image courtesy Samsung)

    Caption by: Larry Seltzer

  • SELinux pushes the sandbox down into the OS

    SELinux pushes the sandbox down into the OS

    Android is built on Linux. Lollipop is built on SELinux, a more strenuously secure variant. Access control over processes and files is much more sophisticated and fine-grained than on conventional Linux or traditional UNIX permissions. Processes running in user mode cannot change the permissions. This greatly reduces the potential for privilege escalation attacks.

    Malicious software should have a much harder time taking hold of a Lollipop system and doing anything useful with it.

    (Image courtesy SELinuxProject.org)

    Caption by: Larry Seltzer

  • Device encryption on by default

    Device encryption on by default

    Governments got plenty mad at Apple when it announced that iOS 8 would use strong encryption on user storage by default, but it didn't take long for Google to make the same promise for Android 5.0 Lollipop. Both thumbed their noses at national security types who appealed to the companies to leave in a back door for the government to use in order to violate the customer's privacy.

    New Lollipop devices will come with encryption turned on automatically. Users upgrading devices to Lollipop will need to initiate the encryption themselves (see the image on this page), which they have been able to do for some time.

    So enterprises have been able to encrypt devices already, but Lollipop will increase the encrypted percentage of them nonetheless.

    (Image courtesy CNet)

    Caption by: Larry Seltzer

  • Urgent operating system updates through Google Play

    Urgent operating system updates through Google Play

    Apple rightly mocks Android for having so many users running out-of-date versions of the operating system. Google has always relied on the carriers to deliver operating system updates and the carriers have... well, they suck at it. So Google is taking some of the responsibility out of their hands.

    Google Play Services can now deliver urgent security updates to devices as soon as they're resolved. Google Play Services 5.0 uses a "Dynamic Security Provider" to do this.

    One of the most serious and legitimate concerns enterprises have for Android is that so many of the devices, even fairly new ones, get stuck on known-vulnerable versions of the operating system. It's not clear whether carriers will still be needed to deliver major version updates, but the ability to rush out critical updates without waiting for the carrier is a big security plus for Lollipop.

    (Image courtesy MobileIron)

    Caption by: Larry Seltzer

  • Smart Lock and Factory Reset Protection

    Smart Lock and Factory Reset Protection

    Smart Lock makes having a locked device easier. When paired with an Android Wear, Android Auto, or other NFC or Bluetooth device, and both are close enough to each other, the phone or tablet will be unlocked, saving the user from having to enter a code repeatedly. As MobileIron says in their Lollipop paper, it creates new enterprise use cases for devices unlocked by physical electronic keys rather than passcodes.

    Smart Lock also improves on Android's Face Unlock feature. Instead of checking the user's face statically at login time, it analyzes the user's face on an ongoing basis. As soon as the device doesn't see the user, it locks.

    Finally catching up with iOS and Windows Phone, Lollipop no longer allows a thief to factory-reset a stolen device. This is called Factory Reset Protection or the Kill Switch, and also allows the real owner to remotely wipe the device. A stolen phone that can't be wiped can't be sold.

    (Image courtesy Google)

    Caption by: Larry Seltzer

  • Organizational device user and task locking/kiosk mode

    Organizational device user and task locking/kiosk mode

    Also known as "screen pinning," this allows a user or organization to lock an Android device to a single app, i.e., a kiosk. The enterprise could therefore assign or loan out devices to users with a single function. The Home and Back buttons don't work.

    This is not just an enterprise feature of course. As BlueFletch Mobile points out, apart from use in an actual kiosk, it could be useful for a test-taking application, customer help kiosks at retail stores, or electronic menus at fast-food restaurants. But the app must be authorized by what Google calls an organizational device owner application, which means an EMM/MDM client, so it's not going to work on pure consumer devices.

    (Image courtesy Object Partners)

    Caption by: Larry Seltzer

1 of 7

With version 5.0, Android makes the work of enterprise admins much easier. Security is stronger and more standardized. Android fragmentation is crumbling.

Read More Read Less

Android: No longer ignoring the enterprise

It didn't take Apple long to recognize that the enterprise wanted to use their mobile devices, but that they needed some help to do it right. Apple did so, even if they've only recently begun to brag about it.

Google took longer. Prior to the new version 5.0 (Lollipop), Android included precious little specifically to assist enterprises in their needs. Lollipop is a clear change in direction, addressing many of the most important enterprise needs.

Finally, Google has included EMM/MDM APIs to allow a standard approach to the management and security of Android mobile devices. No longer will EMM vendors like MobileIron have to make different versions for the devices of different OEMs. (Of course they will need to continue to do so for as long as they support pre-Lollipop Android devices.)

Google has also moved to harden the base operating system, strengthen data security by default, improve the security update process and authentication and much more. There are thousands of new APIs, many of which help enterprises.

Of course there are Lollipop features, such as Material Design, which is intended to make user interfaces more consistent, and Battery Saver, which benefit enterprises as much as anyone, but they are not enterprise-specific.

(Image courtesy MobileIon)

Caption by: Larry Seltzer

1 of 7

Related Topics:

Security Enterprise Software Security TV Data Management CXO Data Centers

Related Galleries

    • 1 of 3

  • Certo AntiSpy iPhone Spyware Detection

    Certo AntiSpy is not an app. Instead, it is a utility that you download and install on a Windows or Mac, and you use that to scan a backup of your iOS or iPadOS for subtle signs of intrusion. ...