Last week, with Evolution of Android management for Enterprise use, I tried to present how Android has evolved over the years to present itself as a more mature platform for enterprise uses-cases, to help you understand the relevance of Android Enterprise and why to move to Android Enterprise for the better.
Though Android has really evolved as a modern and mature mobile OS platform, we still see misconceptions prevailing regarding the use of Androids in enterprise landscapes.
I believe that myths are in general very dangerous as they can erroneously shape our thoughts on something to a negative perspective. As such, this blog post today focuses to uncover the 9 most common myths regarding the use of Android in Enterprise.
Getting Started: 9 myths regarding the use of Android in Enterprise use-cases
This is not meant to be an Apple vs Android article trying to establish one as better over the other. Apple’s iPhones and iPads are undeniably the most preferred choice of devices for enterprise use. However, Android has also evolved over time to offers its own share of flexibility that fits well with every business needs and presents itself as a viable go-to platform for enterprises.
The purpose of this article is to only clarify the common misconceptions that people have regarding the use of Android for enterprise use-cases.
Myth #1: Android is insecure
Android features robust security built-in to protect sensitive data and is built with measures to keep enterprise devices and data safe from every threat. Android provides multiple layers of security to prevent intrusions and recover quickly so you can be confident your work data is safe.
As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce Mandatory Access Control (MAC) over all processes, even processes running with root/superuser privileges.
SELinux, as we know, operates on the principle of default denial: Anything not explicitly allowed is denied.
Android utilizes Kernel Address Space Layout Randomization (KASLR) which works by randomizing the location where kernel code is loaded on each boot, making code reuse attacks more difficult to carry out, especially remotely.
An Android app must be able to run anywhere in the memory space that it gets placed upon execution due to ASLR. This is also a reason that an app will load into a different memory space every time it loads.
Kernel hardening reduces vulnerabilities from being widely or easily exploitable.
Since Android 8, the Hardware Abstraction Layers (HAL) has been separated from the process and now sits in between the process and drivers and only communicates to 1 driver in isolation. This ensures that even if a process is compromised, the HAL would not be able to provide wide Kernel access.
Example: A vulnerability in an audio driver that allows your music to sound great, is less likely to exploit other systems like the networking or video systems.
- Hardware backed security. Android devices use a Trusted Execution Environment (TEE) to run privileged or security-sensitive operations such as PIN verification and Verified Boot.
- Verified Boot ensures the device and OS integrity at boot up. During boot, each stage cryptographically verifies the integrity and authenticity of the next stage before executing it.
- Hardware-backed KeyStore. The availability of a trusted execution environment in a system on a chip (SoC) offers an opportunity for Android devices to provide hardware-backed, strong security services to the Android OS, to platform services, and even to third-party apps.
- Encryption is on by default to protect system and user data.
- App isolation ensures each app when executed runs in a contained environment called app sandbox to restrict attempts to access unwanted system resources and/or private information in another app.
- Google releases monthly security updates, separate from OS updates.
With all these, we can safely say that Android leads in security and is constantly evolving to protect against the latest threats. Multiple layers of security are built-in via the hardware, OS, Google Play Protect, and management APIs. Google Play Protect ensures devices are free from Potentially Harmful Apps 99.99% of the time.
And all this is not just for saying. The 2019 Gartner report Mobile OSs and Device Security: A Comparison of Platforms shows Android scored 26 out of 30 getting the highest score for security controls amongst all the other mobile OS platforms.
Myth #2: Android lags and is not as fluid as iOS
This is more like a perception that has been flagging Android since long back. Today, let’s try understand the real reason behind this notion.
When we compare any two products, there needs to be a baseline upon which the comparison would be made. iOS devices are undeniably premium devices. Every iPhone that is launched is an Apple flagship device. Thus if you have to compare the UX experience of Android with that of iOS, it should be with devices falling within the same category – a flagship Android vs an iPhone. But if you compare iOS with an Android that is running on a low-end budget device, you know what to expect. This is not a real and fair comparison.
It is true that Android in its initial days were riddled with recurring stutters and lags. But those days are long gone.
With Android 5.0 Lollipop, Google switched to ART (Android Runtime) from Dalvik and since then, the Android OS has gone through various evolutionary changes and device chipsets have also become manifolds more powerful.
Low-end Android devices tends to feel sluggish and starts lagging with heavy multi-tasking, but it needs to be kept in mind that such devices were not meant to exhibit performance. Entry level low-end android devices comes with slower processors and less amount of RAM. Add to it a heavily skinned bloated Android OS that the OEM slaps in the chassis, and you have your answer of why such devices tends to lag and stutter.
Pure vanilla Android (or as we call it Stock Android) is pretty lean and gives the best performance on top-notch hardware as can be seen on Google Pixel devices. Stock Android also gives good enough performance even on mid-range devices (yes they do exist courtesy Android One program).
To sum it up, I can say that Android devices are as quick as it’s competing alternatives, provided you draw the correct baseline for the comparison.
Myth #3: Android has limited options
The market is flooded with Android handsets from different OEMs. You can get Android devices of any shape, size, and form to meet your needs.
Have budget constraints? Android gives you the flexibility to choose from low cost basic models to mid-range to high-end premium devices, usually termed as OEM Flagships. You can choose device models across different price range within an OEM or across different OEMs.
Whatever be your budget and use-case, you can be pretty much assured that Android has got you covered.
With over 400 OEMs producing Android devices, Android has the most diverse ecosystem of devices in the world.
If you’re in the market for Android phones, the breadth of options can be overwhelming. But the choice is one of the greatest things about Google’s mobile OS. Android provides a similar user experience across many makes and models of phones while letting you prioritize the features that matter most to you.
Myth #4: Android devices does not feel premium
This one is also more of a perception and is something that is mostly in our head, similar to Myth #2
It can be stated that the “premium feel” is more subjective than objective.
Sometimes we compare Android to Apple and mistakenly generalize it to the overall comparison. All iPhones are always released as flagships, they have to have the premium build quality. But on the other hand for Android, OEMs have to cater to a wide variety of price ranges for the mass market and as such not all devices and models are premium built. The entry-level devices or even the mid-range devices (which sometimes try to mimic high-end features) are not meant to be premium. The price gap should always be taken into account when comparing the phones.
OEMs mostly tends to preserve their latest innovations and new features to debut with their Flagship device of the year. They pride themselves in their designs and the feel of their flagship devices. These high-end premium devices are the trend setters in the Android market which are then carried over to the other budget categories. As an example, features like fast charging, punch hole front camera, and many others were all first introduced with flagships and then later carried over to mid-end and low-end devices.
Flagship Android devices come with state of the art premium build quality coupled with the latest powerful chipsets, offering the best display, most advanced camera technology, and cutting edge features available in the market.
Myth #5: Android is fragmented
Well, this is actually not a myth, but truth.
However, there is a reason behind this and the purpose of this post is to explain the same.
Though Android as a platform receives major version updates from Google, these updates generally takes a very long time to reach (if at all) to the end-users, unless you are using a Pixel (or Nexus device). This is because, for most of the Android devices out in the market, there are a lot of middleman (SoC vendor, OEMs) involved in delivering the update to the device.
The steps involved are as below
- AOSP Release – Google publishes the source code of the new Android release.
- Hardware Compatibility – SoC vendors (Qualcomm, Samsung, MediaTek, etc.) modify the source code so Android can boot on their chips, and all hardware on the chip functions as expected.
- OEM Modifications – This modified source is then taken by OEMs and they further modify the source to include their own software.
- QA Testing – OEMs undergo testing phases of the software internally. The OEMs also involves Carrier partners to check and test the new build for their acceptance.
- General Release – the update is eventually made available to end users over several weeks through OTA updates
Because of the complexity involved in the process, we see many OEMs restricting devices with at max 2 major version updates, if at all. Some OEM devices not even receive the next major version update, staying on the version with which it was released for its lifecycle.
All these caused the fragmentation of the Android OS in the market. If you check the current Android OS market share, you would be seeing figures like this below.
Apart from making Android a platform fit for enterprise use, fragmentation was the other biggest challenge for Google to solve.
However, to address this same problem, we do see big efforts from Google in the form of Project Treble with Android Oreo (8), which helped to modularize Android by separating the Android OS framework from the device-specific low-level components, so as OEMs can adopt new versions much quickly and provide version updates to their devices at a faster rate.
And now Google is working on Project Mainline which builds on the efforts of Project Treble.
Where Project Treble helped OEMs to become less dependent on SoC vendors for OS updates, Project Mainline helps Google to become less dependent on OEMs to deliver security updates to core OS components, through Google Play.
Though we might not see a dramatic improvement regarding Android fragmentation right away, Google is surely making strides to make it right.
Myth #6: Android apps are of inferior quality compared to iOS apps
This is also something that is highly subjective. In reality, there is nothing as inferior or superior when it comes to the quality of apps or app ecosystem. This is among one of those classis points of the long going duel between Android and iOS on which is the best platform.
Though the UX experience might be slightly different due to the underlying platform, the apps of most popular services offer the same functionalities in both platforms.
However, it is true that sometimes new app features are first introduced in the iOS apps and then ported to their Android counterpart to bring parity, but this depends on the company strategy and development cycle.
When it comes to the general believe that Android apps are not as optimized as their iOS counterpart, you have to understand, that the fact that Android runs on a range of devices with several chipset configurations definitely adds to the difficulties of Android app developers since they need to ensure that the their app runs in all these devices with different configurations and screen DPIs.
With over 400 OEMs building Android devices of all shapes and forms, compatibility is very important because it ensures an app written for Android will run on every device and behave predictably for a consistent user experience. Google, on its part, has taken huge strides to make the job easier for developers, by providing the Android compatibility guidelines and testing tool which is free, open source and available for download.
OEMs build their devices according to the Compatibility Definition Document (CDD) which provides guidelines, requirements, and recommendations that assure compatibility with the latest release of Android. The CDD specifies the software and hardware requirements of a compatible Android device and gets updated for every Android version, and it defines the features that need to be implemented, all the way down to recommendations on the user interface.
The devices then has to pass the Compatibility Test Suite (CTS) to ensure correct implementation. The Compatibility Test Suite (CTS) verifies the device compatibility across hundreds of different areas. Its intent is to reveal incompatibilities early on, and ensure that the software remains compatible throughout the development process. It assures applications built for Android are compatible with Android devices and provide the best possible experience for their users.
This process ensures app developers that their app will run properly on any android compatible device.
And when it comes to the sheer number of applications available for the Android platform, Google Play, the official app store for Android, gives you access to the world’s largest app ecosystem. However, Google does not compromise on quality over quantity.
Google Play Protect, Google’s built-in malware protection for Android, the most widely deployed mobile threat protection service in the world, backed by the strength of Google’s machine learning algorithms, is always improving in real-time, to protect your device from malicious apps. Google Play Protect actively scans billions of app in the Play Store every day which ensures that 99.99% of apps are safe. Still, if any malicious app does find its way to your device, Google Play Protect with its always-on protection actively scans your device to get rid of Potentially Harmful Apps (PHA).
Thinking about the enterprise scenario? Managed Google Play gives you an enterprise app platform based on Google Play that’s free to Android Enterprise customers and available for you to integrate into your EMM solution. It combines the familiar user experience and app store features of Google Play with a set of management capabilities designed specifically for enterprises.
- IT Admin can whitelist (approve) apps, purchase, and distribute apps using Managed Google Play to enterprise devices.
- Supports silent app installs on the endpoints.
- Supports deployment of in-house LOB apps without requiring to enable app installs from an unknown source on the device
- Built-in app scanning and security delivered by Google Play Protect
Myth #7: Android isn’t a serious option for Enterprise adoption
This was the scene during the initial days of Android till Android KitKat, when Google only provided the now deprecated Device Admin APIs for managing android devices in the enterprise landscape, which failed terribly to keep up with the evolving requirements of the ever-growing mobile workforce.
Google changed it all with the release of Android Lollipop which saw the debut of Android Enterprise, also known as Android for Work as it was called on release.
Android Enterprise, Google’s modern mobile management framework enables the use of Android devices and apps in the workplace.
Android Enterprise gives a robust set of APIs to manage Android features, and being made mandatory for all GMS certified devices since Android Marshmallow, it ensures consistent UX experience and manageability across the device ecosystem irrespective of the OEMs.
Though optional, OEMs can further choose submit their devices for Android Enterprise Recommended validation which validates a device meets the highest standards for the best enterprise experience. Android Enterprise Recommended devices makes it simple for businesses and enterprises to confidently select and deploy Android devices.
Add to it the flexibility and range of options to choose from, Android presents itself as the go-to mobile OS platform which fits well with any business requirement, from rugged devices for your inventory/stockroom to devices for your frontline workers, terminal/KIOSK devices, devices for your mid-level employees to even devices for your C-level executives – Android has a device to fit your needs.
Myth #8: Android provides limited management options for Enterprise use
Android Enterprise offers a management option to suit any ownership or business needs.
Below are all the Android Enterprise supported management modes.
- Work profile on personal devices,
- Fully managed devices enforced with strict policies
- Dedicated devices for single‑use scenarios
- Fully managed devices with a work profile to enable personal use in corporate devices
Have a few non-GMS Android devices in your device line-up? Need to manage Android devices in a region where GMS is not available?
You have two options:
- You can fallback to legacy Device Admin to manage non-GMS devices or regions where GMS services is unavailable (like China), provided devices you are intending to manage run a supported Android version (preferably till Android 8)
- If your EMM supports app protection without device enrollment (like Microsoft Intune with its app protection policies), you can choose to use this, since the ultimate end-goal is to protect corporate data.
Myth #9: Android devices are difficult to deploy
Android with Android Enterprise provides you with multiple deployment methods to choose from to suit your needs.
For personal devices (BYOD), it starts with end-user downloading and installing the EMM specific DPC app on the device from the Play Store and then using the app which provisions the work profile on the device, guiding the end-user through a standardized flow.
For corporate devices (COD), Android Enterprise gives you the options of using any of the methods as presented below.
- Admin/User driven flows
- QR Code setup
- DPC Identifier (Hashtag Id)
- Fully-automated device driven provisioning
- Zero-Touch enrollment [Available only with devices purchased directly from Google reseller)
Note: All Android Enterprise corporate enrollment scenarios need to be triggered by the initial out-of-box setup. Existing devices in use require a factory reset for provisioning.
Managed Google Play allows IT Admins to silently deploy applications (both public and in-house apps) to the corporate devices (and within Work Profile on BYOD devices) without requiring the end-user to sign-in with a Google account. (Due to the use of Managed Google Play accounts which are obfuscated. More on this in my next blog!)
That was all for today. Hope you would find this post useful.
Subscribe to get notified of new posts and be a member of the How To Managed Devices (HTMD) community.
Use the HTMD Forum to post your queries related to Intune/SCCM and get expert advice and answers from the HTMD community.