Search
  • Videos
  • Windows 10
  • 5G
  • CES
  • Best VPNs
  • Cloud
  • Security
  • more
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • CES
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Android 5.0 Lollipop embraces the enterprise

1 of 7 NEXT PREV
  • Android: No longer ignoring the enterprise

    Android: No longer ignoring the enterprise

    It didn't take Apple long to recognize that the enterprise wanted to use their mobile devices, but that they needed some help to do it right. Apple did so, even if they've only recently begun to brag about it.

    Google took longer. Prior to the new version 5.0 (Lollipop), Android included precious little specifically to assist enterprises in their needs. Lollipop is a clear change in direction, addressing many of the most important enterprise needs.

    Finally, Google has included EMM/MDM APIs to allow a standard approach to the management and security of Android mobile devices. No longer will EMM vendors like MobileIron have to make different versions for the devices of different OEMs. (Of course they will need to continue to do so for as long as they support pre-Lollipop Android devices.)

    Google has also moved to harden the base operating system, strengthen data security by default, improve the security update process and authentication and much more. There are thousands of new APIs, many of which help enterprises.

    Of course there are Lollipop features, such as Material Design, which is intended to make user interfaces more consistent, and Battery Saver, which benefit enterprises as much as anyone, but they are not enterprise-specific.

    (Image courtesy MobileIon)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • EMM/MDM built into Android 5.0 Lollipop

    EMM/MDM built into Android 5.0 Lollipop

    By far the biggest change is the inclusion of Samsung's KNOX technology, contributed to the Android Open Source Project . EMM (Enterprise Mobility Management, the modern superset of MDM or Mobile Device Management) was a marked weakness in Android with respect to the enterprise. Prior to Lollipop, Google included next to nothing in the base operating system, forcing each OEM to develop their own APIs for EMM products, like MobileIron and Citrix, to use. Now it's part of the base operating system and Google calls it Android Work.

    Perhaps the most important capability Android Work adds is a container model, through which users can have conceptually separate personal and work environments on the device. Google calls this Managed Profiles. Apps and data in one are inaccessible to the other. This is old news on some other platforms, particularly BlackBerry, but it will now be standard on all Lollipop devices and manageable by third-party EMM/MDM systems.

    See Jack Madden's blog for some informed perspective on it.

    (Image courtesy Samsung)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • SELinux pushes the sandbox down into the OS

    SELinux pushes the sandbox down into the OS

    Android is built on Linux. Lollipop is built on SELinux, a more strenuously secure variant. Access control over processes and files is much more sophisticated and fine-grained than on conventional Linux or traditional UNIX permissions. Processes running in user mode cannot change the permissions. This greatly reduces the potential for privilege escalation attacks.

    Malicious software should have a much harder time taking hold of a Lollipop system and doing anything useful with it.

    (Image courtesy SELinuxProject.org)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • Device encryption on by default

    Device encryption on by default

    Governments got plenty mad at Apple when it announced that iOS 8 would use strong encryption on user storage by default, but it didn't take long for Google to make the same promise for Android 5.0 Lollipop. Both thumbed their noses at national security types who appealed to the companies to leave in a back door for the government to use in order to violate the customer's privacy.

    New Lollipop devices will come with encryption turned on automatically. Users upgrading devices to Lollipop will need to initiate the encryption themselves (see the image on this page), which they have been able to do for some time.

    So enterprises have been able to encrypt devices already, but Lollipop will increase the encrypted percentage of them nonetheless.

    (Image courtesy CNet)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • Urgent operating system updates through Google Play

    Urgent operating system updates through Google Play

    Apple rightly mocks Android for having so many users running out-of-date versions of the operating system. Google has always relied on the carriers to deliver operating system updates and the carriers have... well, they suck at it. So Google is taking some of the responsibility out of their hands.

    Google Play Services can now deliver urgent security updates to devices as soon as they're resolved. Google Play Services 5.0 uses a "Dynamic Security Provider" to do this.

    One of the most serious and legitimate concerns enterprises have for Android is that so many of the devices, even fairly new ones, get stuck on known-vulnerable versions of the operating system. It's not clear whether carriers will still be needed to deliver major version updates, but the ability to rush out critical updates without waiting for the carrier is a big security plus for Lollipop.

    (Image courtesy MobileIron)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • Smart Lock and Factory Reset Protection

    Smart Lock and Factory Reset Protection

    Smart Lock makes having a locked device easier. When paired with an Android Wear, Android Auto, or other NFC or Bluetooth device, and both are close enough to each other, the phone or tablet will be unlocked, saving the user from having to enter a code repeatedly. As MobileIron says in their Lollipop paper, it creates new enterprise use cases for devices unlocked by physical electronic keys rather than passcodes.

    Smart Lock also improves on Android's Face Unlock feature. Instead of checking the user's face statically at login time, it analyzes the user's face on an ongoing basis. As soon as the device doesn't see the user, it locks.

    Finally catching up with iOS and Windows Phone, Lollipop no longer allows a thief to factory-reset a stolen device. This is called Factory Reset Protection or the Kill Switch, and also allows the real owner to remotely wipe the device. A stolen phone that can't be wiped can't be sold.

    (Image courtesy Google)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

  • Organizational device user and task locking/kiosk mode

    Organizational device user and task locking/kiosk mode

    Also known as "screen pinning," this allows a user or organization to lock an Android device to a single app, i.e., a kiosk. The enterprise could therefore assign or loan out devices to users with a single function. The Home and Back buttons don't work.

    This is not just an enterprise feature of course. As BlueFletch Mobile points out, apart from use in an actual kiosk, it could be useful for a test-taking application, customer help kiosks at retail stores, or electronic menus at fast-food restaurants. But the app must be authorized by what Google calls an organizational device owner application, which means an EMM/MDM client, so it's not going to work on pure consumer devices.

    (Image courtesy Object Partners)

    Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

    Caption by: Larry Seltzer

1 of 7 NEXT PREV
Larry Seltzer

By Larry Seltzer for Zero Day | November 24, 2014 -- 13:15 GMT (05:15 PST) | Topic: Security

  • Android: No longer ignoring the enterprise
  • EMM/MDM built into Android 5.0 Lollipop
  • SELinux pushes the sandbox down into the OS
  • Device encryption on by default
  • Urgent operating system updates through Google Play
  • Smart Lock and Factory Reset Protection
  • Organizational device user and task locking/kiosk mode

With version 5.0, Android makes the work of enterprise admins much easier. Security is stronger and more standardized. Android fragmentation is crumbling.

Read More Read Less

Android: No longer ignoring the enterprise

It didn't take Apple long to recognize that the enterprise wanted to use their mobile devices, but that they needed some help to do it right. Apple did so, even if they've only recently begun to brag about it.

Google took longer. Prior to the new version 5.0 (Lollipop), Android included precious little specifically to assist enterprises in their needs. Lollipop is a clear change in direction, addressing many of the most important enterprise needs.

Finally, Google has included EMM/MDM APIs to allow a standard approach to the management and security of Android mobile devices. No longer will EMM vendors like MobileIron have to make different versions for the devices of different OEMs. (Of course they will need to continue to do so for as long as they support pre-Lollipop Android devices.)

Google has also moved to harden the base operating system, strengthen data security by default, improve the security update process and authentication and much more. There are thousands of new APIs, many of which help enterprises.

Of course there are Lollipop features, such as Material Design, which is intended to make user interfaces more consistent, and Battery Saver, which benefit enterprises as much as anyone, but they are not enterprise-specific.

(Image courtesy MobileIon)

Published: November 24, 2014 -- 13:15 GMT (05:15 PST)

Caption by: Larry Seltzer

1 of 7 NEXT PREV

Related Topics:

Security Enterprise Software Security TV Data Management CXO Data Centers
Larry Seltzer

By Larry Seltzer for Zero Day | November 24, 2014 -- 13:15 GMT (05:15 PST) | Topic: Security

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • iVerify: Added security for iPhone and iPad users

    I'm usually wary of security apps, but iVerify by Trail of Bits is different. It comes highly recommended and offers a lot of features in a small download. ...

  • iStorage datAshur BT hardware encrypted flash drive

    FIPS 140-2 Level 3 compliant storage drive with wireless unlock feature and remote management. IP57 rated for dust and water resistance.

  • Netgear BR200 small-business router

    The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be ...

  • YubiKey 5C NFC: The world’s first security key to feature dual USB-C and NFC connections

    The YubiKey 5C NFC can be used across a broad range of platforms -- iOS, Android, Windows, macOS and Linux -- and on any mobile device, laptop, or desktop computer that supports USB-C ...

  • Apricorn Aegis Secure Key 3NXC

    The new Aegis Secure Key 3NXC builds on Apricorn's Secure Key 3z and Aegis Secure Key 3NX, taking the same proven form-factor and physical keypad, and adding something that users have ...

  • YubiKey 5Ci Clear Limited Edition

    Transparency in security.

  • Certo AntiSpy iPhone Spyware Detection

    Certo AntiSpy is not an app. Instead, it is a utility that you download and install on a Windows or Mac, and you use that to scan a backup of your iOS or iPadOS for subtle signs of intrusion. ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums