Last week, with Evolution of Android Management for Enterprise use, I tried to present how Android has evolved over the years to present itself as a more mature platform for enterprise use-cases to help you understand the relevance of Android Enterprise and why to move to Android Enterprise for the better.
Android Enterprise devices are smartphones and tablets that run on Google’s Android operating system and are configured for corporate use. They support advanced enterprise features for effective mobile device management and security.
Though Android has evolved as a modern and mature mobile OS platform, we still see misconceptions about using Androids in enterprise landscapes.
Myths are generally very dangerous as they can erroneously shape our thoughts on something to a negative perspective. As such, this blog post today focuses on uncovering the nine most common myths regarding the use of Android in Enterprise.
- Android Enterprise: An Ultimate Use-case Guide For The Different Management Modes Available With Intune [3]
- Intune End Of Support For Android Device Administrator
- Prepare Android Virtual Device For Intune Deployment Testing
Getting Started: 9 Myths Regarding the Use of Android in Enterprise Use-Cases
This is not meant to be an Apple vs Android article trying to establish one as better than the other. Apple’s iPhones and iPads are the most preferred choice for enterprise use.
However, Android has also evolved to offer its share of flexibility that fits every business’s need and presents itself as a viable go-to platform for enterprises.
This article aims to clarify people’s common misconceptions regarding using Android for enterprise use cases.
Myth #1: Android is Insecure
Android features robust security built-in to protect sensitive data and is built with measures to keep enterprise devices and data safe from every threat. Android provides multiple layers of security to prevent intrusions and recover quickly so you can be confident your work data is secure.
As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce Mandatory Access Control (MAC) over all processes, even processes running with root/superuser privileges.
SELinux, as we know, operates on the principle of default denial: Anything not explicitly allowed is denied.
Android utilizes Kernel Address Space Layout Randomization (KASLR), which randomly determines the location where kernel code is loaded on each Boot. This makes code reuse attacks more difficult to carry out, especially remotely.
Due to ASLR, an Android app must be able to run anywhere in the memory space it is placed upon execution. This is also why an app will load into a different memory space every time it loads.
Kernel hardening reduces vulnerabilities from being widely or easily exploitable.
Since Android 8, the Hardware Abstraction Layers (HAL) have been separated from the process. They now sit between the process and drivers and only communicate with one driver in isolation. This ensures that the HAL cannot provide broad Kernel access even if a process is compromised.
Example: A vulnerability in an audio driver that allows your music to sound great, is less likely to exploit other systems like the networking or video systems.
- Hardware-backed security. Android devices use a Trusted Execution Environment (TEE) to run privileged or security-sensitive operations such as PIN verification and Verified Boot.
- Verified Boot ensures the integrity of the device and OS when booting up. During Boot, each stage cryptographically verifies the integrity and authenticity of the next stage before executing it.
- Hardware-backed KeyStore. The availability of a trusted execution environment in a system on a chip (SoC) allows Android devices to provide hardware-backed, vital security services to the Android OS, platform services, and even third-party apps.
- Encryption is done by default to protect system and user data.
- App isolation ensures that each app, when executed, runs in a contained environment called an app sandbox to restrict attempts to access unwanted system resources and/or private information in another app.
- Google releases monthly security updates, separate from OS updates.
With all these, we can safely say that Android leads in security and constantly evolves to protect against the latest threats. Multiple layers of security are built-in via the hardware, OS, Google Play Protect, and management APIs. Google Play Protect ensures devices are accessible from Potentially Harmful Apps 99.99% of the time.
And all this is not just for saying. The 2019 Gartner report Mobile OSs and Device Security: A Comparison of Platforms shows that Android scored 26 out of 30, getting the highest score for security controls among all the other mobile OS platforms.
Myth #2: Android Lags and is not as Fluid as iOS
This is more like a perception that has been flagging Android for a long. Today, let’s try to understand the real reason behind this notion.
When we compare any two products, there needs to be a baseline. iOS devices are undeniably premium devices. Every iPhone that is launched is an Apple flagship device. Thus, if you compare Android’s UX experience with iOS, it should be with devices falling within the same category – a flagship Android vs. an iPhone. But you know what to expect if you compare iOS with an Android running on a low-end budget device. This is not an actual and fair comparison.
Android’s initial days were indeed riddled with recurring stutters and lags. But those days are long gone.
With Android 5.0 Lollipop, Google switched to ART (Android Runtime) from Dalvik. Since then, the Android OS has undergone various evolutionary changes, and device chipsets have become more powerful manifolds.
Low-end Android devices tend to feel sluggish and start lagging with heavy multitasking, but it needs to be kept in mind that such devices were not meant to exhibit performance. Entry-level, low-end Android devices come with slower processors and less RAM. Add a heavily skinned, bloated Android OS that the OEM slaps in the chassis, and you have your answer to why such devices tend to lag and stutter.
Pure vanilla Android (or, as we call it, Stock Android) is pretty lean and gives the best performance on top-notch hardware, as can be seen on Google Pixel devices. Stock Android also performs well even on mid-range devices (yes, they exist because of the Android One program).
To sum it up, I can say that Android devices are as quick as it’s competing for alternatives, provided you draw the correct baseline for the comparison.
Myth #3: Android has Limited Options
The market is flooded with Android handsets from different OEMs. You can get Android devices of any shape, size, and form to meet your needs.
Have budget constraints? Android lets you choose from low-cost, basic models to mid-range to high-end premium devices, usually OEM Flagships. You can select device models across different price ranges within an OEM or across different OEMs.
Whatever your budget and use case, you can be assured that Android has covered you.
With over 400 OEMs producing Android devices, Android has the world’s most diverse ecosystem of devices.
If you’re in the market for Android phones, the breadth of options can be overwhelming. However, choice is one of the most incredible things about Google’s mobile OS. Android provides a similar user experience across many phone makes and models while letting you prioritize the features that matter most to you.
Myth #4: Android Devices Do Not Feel Premium
This one is also more of a perception and is something that is mostly in our head, similar to Myth #2
It can be stated that the “premium feel” is more subjective than objective.
Sometimes, we compare Android to Apple and mistakenly generalize it to the overall comparison. All iPhones are continually released as flagships. They have to have premium build quality. On the other hand, for Android, OEMs have to cater to a wide variety of price ranges for the mass market, and as such, not all devices and models are built premium. The entry-level or mid-range devices (which sometimes try to mimic high-end features) are not meant to be premium. The price gap should always be taken into account when comparing the phones.
OEMs mostly tend to preserve their latest innovations and new features to debut with their Flagship device of the year. They pride themselves on their designs and the feel of their flagship devices. These high-end premium devices are the trendsetters in the Android market and are carried over to the other budget categories. As an example, features like fast charging, punch hole front camera, and many others were all first introduced with flagships and later carried over to mid-end and low-end devices.
Flagship Android devices have state-of-the-art premium build quality coupled with the latest powerful chipsets. They offer the best display, most advanced camera technology, and cutting-edge features available in the market.
Myth #5: Android is Fragmented
Well, this is not a myth, but the truth.
However, there is a reason behind this, and the purpose of this post is to explain it.
Though Android as a platform receives major version updates from Google, these updates generally take a very long time to reach (if at all) the end-users unless you are using a Pixel (or Nexus device). This is because, for most Android devices out in the market, many middlemen (SoC vendors and OEMs) are involved in delivering the update to the device.
The steps involved are as follows:
- AOSP Release: Google publishes the source code of the new Android release.
- Hardware Compatibility: SoC vendors (Qualcomm, Samsung, MediaTek, etc.) modify the source code so Android can boot on their chips, and all hardware on the chip functions as expected.
- OEM Modifications: OEMs take this modified source and change the source to include their software.
- QA Testing: OEMs undergo internal software testing phases. They also involve carrier partners to check and test the new build and ensure its acceptance.
- General Release: OTA updates make the update available to end-users over several weeks.
Because of the complexity involved in the process, many OEMs restrict devices to a maximum of 2 major version updates, if at all. Some OEM devices do not even receive the next major version update, staying on the version with which they were released for their lifecycle.
These caused the fragmentation of the Android OS market. If you check the current market share, you will see figures like the one below.
Apart from making Android a platform fit for enterprise use, fragmentation was the other most significant challenge for Google to solve.
However, to address this same problem, Google has made extensive efforts in the form of Project Treble with Android Oreo (8). This helped modularize Android by separating the Android OS framework from the device-specific low-level components. OEMs can adopt new versions much more quickly and provide version updates to their devices faster.
Now, Google is working on Project Mainline, which builds on the efforts of Project Treble.
Project Treble helped OEMs to become less dependent on SoC vendors for OS updates. In contrast, Project Mainline helped Google to become less dependent on OEMs to deliver security updates to core OS components through Google Play.
Though we might not immediately see a dramatic improvement in Android fragmentation, Google is undoubtedly making strides to correct it.
Myth #6: Android Apps are of Inferior Quality Compared to iOS Apps
This is also highly subjective. In reality, there is nothing as inferior or superior regarding the quality of apps or the app ecosystem. This is among the classic points of the long-going duel between Android and iOS, which is the best platform.
Though the UX experience might be slightly different depending on the underlying platform, the apps of the most popular services offer the same functionalities.
However, it is true that sometimes new app features are first introduced in the iOS apps and then ported to their Android counterpart to bring parity, but this depends on the company strategy and development cycle.
When it comes to the general belief that Android apps are not as optimized as their iOS counterpart, you have to understand that the fact that Android runs on a range of devices with several chipset configurations adds to the difficulties of Android app developers since they need to ensure that their app runs in all these devices with different configurations and screen DPIs.
With over 400 OEMs building Android devices of all shapes and forms, compatibility is essential because it ensures an app written for Android will run on every device and behave predictably for a consistent user experience. On its part, Google has taken huge strides to make the job easier for developers by providing Android compatibility guidelines and testing tools that are free, open-source, and available for download.
OEMs build their devices according to the Compatibility Definition Document (CDD), which provides guidelines, requirements, and recommendations that ensure compatibility with the latest Android release. The CDD specifies the software and hardware requirements of a compatible Android device and is updated for every Android version. It defines the features that need to be implemented, down to recommendations on the user interface.
The devices must then pass the Compatibility Test Suite (CTS) to ensure correct implementation. The Compatibility Test Suite (CTS) verifies the device compatibility across hundreds of areas. It intends to reveal incompatibilities early on and ensure the software remains compatible throughout development. It assures applications built for Android are compatible with Android devices and provide the best possible experience for their users.
This process ensures app developers that their app will run appropriately on any Android-compatible device.
And regarding the sheer number of applications available for the Android platform, Google Play, the official app store for Android, gives you access to the world’s largest app ecosystem. However, Google does not compromise on quality over quantity.
Google Play Protect, Google’s built-in malware protection for Android, the most widely deployed mobile threat protection service in the world, backed by the strength of Google’s machine learning algorithms, is continuously improving in real time to protect your device from malicious apps. Google Play Protect scans billions of apps in the Play Store daily, ensuring that 99.99% of apps are safe. Still, if any malicious app finds its way to your device, Google Play Protect, with its always-on protection, actively scans your device to get rid of potentially harmful apps (PHA).
Are you thinking about the enterprise scenario? Managed Google Play gives you an enterprise app platform based on Google Play that’s free to Android Enterprise customers and available for you to integrate into your EMM solution. It combines Google Play’s familiar user experience and app store features with management capabilities designed specifically for enterprises.
The benefits
- IT Admins can allow (approve) apps, purchase them and distribute them to enterprise devices using Managed Google Play.
- Supports silent app installs on the endpoints.
- Supports deployment of in-house LOB apps without requiring enable app installs from an unknown source on the device
- Built-in app scanning and security delivered by Google Play Protect
Myth #7: Android isn’t a Serious Option for Enterprise Adoption
This was the scene during the initial days of Android till Android KitKat, when Google only provided the now deprecated Device Admin APIs for managing Android devices in the enterprise landscape, which failed terribly to keep up with the evolving requirements of the ever-growing mobile workforce.
Google changed it all with the release of Android Lollipop, which saw the debut of Android Enterprise, also known as Android for Work, as it was called on release.
Android Enterprise, Google’s modern mobile management framework, enables using Android devices and apps in the workplace.
Android Enterprise provides a robust set of APIs for managing Android features. It is being made mandatory for all GMS-certified devices since Android Marshmallow ensures a consistent UX experience and manageability across the device ecosystem, regardless of the OEMs.
Though optional, OEMs can further choose to submit their devices for Android Enterprise Recommended validation, validating a device that meets the highest standards for the best enterprise experience. Android Enterprise Recommended devices make it simple for businesses and enterprises to select and deploy Android devices confidently.
In addition to its flexibility and range of options, Android is the go-to mobile OS platform that fits any business requirement well. From rugged devices for your inventory/stockroom to devices for your frontline workers, terminal/KIOSK devices, devices for your mid-level employees, and even devices for your C-level executives, Android has a device to fit your needs.
Myth #8: Android Provides Limited Management Options for Enterprise Use
Android Enterprise offers a management option to suit any ownership or business needs.
Below are all the Android Enterprise-supported management modes.
- Work profile on personal devices,
- Fully managed devices enforced with strict policies
- Dedicated devices for single‑use scenarios
- Fully managed devices with a work profile to enable personal use in corporate devices
Have a few non-GMS Android devices in your device line-up? Need to manage Android devices in a region where GMS is not available?
You have two options:
- You can fall back to legacy Device Admin to manage non-GMS devices or regions where GMS services are unavailable (like China), provided devices you are intending to manage run a supported Android version (preferably till Android 8)
- If your EMM supports app protection without device enrollment (like Microsoft Intune’s app protection policies), you can use it since the ultimate goal is protecting corporate data.
Myth #9: Android Devices are Difficult to Deploy
Android with Android Enterprise provides multiple deployment methods to suit your needs.
For personal devices (BYOD), the end-user downloads and installs the EMM-specific DPC app from the Play Store and then uses the app to provision the work profile on the device, guiding the end-user through a standardized flow.
For corporate devices (COD), Android Enterprise allows you to use any of the methods presented below.
- Admin/User-driven flows
- QR Code setup
- DPC Identifier (Hashtag Id)
- NFC
- A fully automated device-driven provisioning
- Zero-Touch enrollment [Available only with devices purchased directly from Google reseller)
Note: The initial out-of-the-box setup must trigger all Android Enterprise corporate enrollment scenarios. Existing devices require a factory reset for provisioning.
Managed Google Play allows IT Admins to silently deploy applications (both public and in-house apps) to the corporate devices (and within Work Profile on BYOD devices) without requiring the end-user to sign in with a Google account. (Due to using Managed Google Play accounts, which are obfuscated. More on this in my next blog!)
The End
That was all for today. I hope you will find this post helpful.
Please check out my other posts on Intune. This blog site also features excellent posts by other writers on Intune and Config Manager.
Subscribe to get notified of new posts and join the How To Managed Devices (HTMD) community.
Use the HTMD Forum to post your queries related to Intune/SCCM and get expert advice and answers from the HTMD community.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Joymalya Basu Roy is an experienced IT service professional with almost five years of experience working with Microsft Intune. He is currently working as a Senior Consultant – Architect at Atos India. He is an ex-MSFT, where he worked as a Premiere Support Engineer for Microsoft Intune. He was also associated with Wipro and TCS in the early stages of his career. He was awarded the Microsoft MVP award for Enterprise Mobility in 2021. You can find all his latest posts on his blog site, MDM Tech Space, at https://joymalya.com