According to IDC, Google Android is expected to capture 86.7 percent of the worldwide operating system market by the end of 2019, continuing to show growth from the already eye-popping 85.1 percent reported last year.

The popularity of Android lends itself to not only consumer usage, but also its massive adoption in the enterprise. Now more than ever, the secure and convenient management of devices running this operating system is of global importance.

With this trend mind, let’s explore the evolution of Android management from the early days of Gingerbread to Lollipop to today, right at the doorstep of Q — while discussing what steps need to be taken by IT and security leaders to ensure a successful rollout of the latest management techniques for Android.

Join IBM and Google for a webinar on August 29th at 2pm ET

Do Androids Dream of Endpoint Management?

The first thing to note about managing Android is that historically, it was (and still is) a highly customizable operating system for manufacturers due to Google providing Android as an open source operating system —  allowing manufacturers could build atop the platform. Although an organization with a unified endpoint management (UEM) tool can manage all of its devices in one console through traditional Device Administrator API’s (introduced in Android 2.2) — from Samsung, to Motorola, to LG, to OnePlus, to Google’s own Pixel and beyond — each different piece of hardware came with its own take on the Android OS and introduced its own set of considerations.

As enterprises began adopting Android, each manufacturer created custom application programming interfaces (APIs) for their platform that could be managed, creating a less-than-cohesive overall user experience — especially for companies that had adopted a bring-your-own-device (BYOD) policy or provided employees multiple flavors of corporate Android devices.

This all changed in 2014, when Google decided it was time to consolidate Android management. With the release of Android 5.0 Lollipop, manufacturers were given the option — originally called Android for Work, now Android Enterprise — to include additional APIs from Google that would provide a level of uniformity across devices.

Some manufacturers did not immediately integrate this new functionality. In 2016, Android made its enterprise-ready capabilities a standard addition to OS versions, beginning with 6.0 Marshmallow. Android’s breadth of enterprise-grade functionality included and still includes:

  • A self-contained work profile (Profile Owner) to isolate corporate applications from personal and BYOD devices;
  • A company-owned managed device (Device Owner) mode that can be set up exclusively for work use, only allowing for corporate applications and content;
  • A fully managed device with a work profile mode, also known as corporate-owned personally-enabled (COPE), intended for company-owned devices that are used for both work and personal purposes (available from Android 8.0+);
  • A dedicated device mode, also known as corporate-owned, single-use (COSU), to lock down devices to a limited set of apps for dedicated kiosk purposes;
  • Enterprise-only app approval and distribution mechanism to managed devices and managed profiles through Managed Google Play;
  • Out-of-the-box, zero-touch enrollment for any device running Android 8.0 and above; and
  • Automatic, mandatory device-level encryption.

The Future of Android Device Management

Android has aligned its platform to modern-day security best practices, so why haven’t all organizations adopted the cutting-edge configuration? Most organizations that adopt Android give users the flexibility of the container-like work profile, but transitioning into Profile Owner (PO) mode has typically been a time-consuming endeavor.

Historically, UEM platforms, while able to support all types of Android management, could not easily migrate an already-enrolled device from traditional Device Admin management and enroll into modern Android Enterprise management. The process included unenrolling then re-enrolling with a code specific to the management platform — all done one device at a time, unless previously provisioned by a carrier or managed service provider.

Many organizations simply do not know the shortcuts that now exist to move hundreds or thousands of devices to the new format. And with Google recently announcing the deprecation of several APIs in the legacy Device Admin mode upon release of Android Q, now’s the time to get in the know.

The goal of an effective UEM platform must be to strike a balance between security and productivity. Android strikes that balance with its work profile, challenging management vendors to follow suit and provide a secure, convenient way for a business to quickly provision large fleets of devices in PO mode — out of the box and with minimal admin involvement.

An Android Enterprise Recommended solution, IBM MaaS360 with Watson, announced a new migration tool aimed at smoothly transitioning Android devices in Device Admin mode to PO mode to get ahead of Android Q. Check out the migration tool for yourself in the MaaS360 Knowledge Center and join IBM and Google on August 29 at 2 p.m. to learn from the experts about Android Q and how MaaS360 addresses modern Android management.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]