According to IDC, Google Android is expected to capture 86.7 percent of the worldwide operating system market by the end of 2019, continuing to show growth from the already eye-popping 85.1 percent reported last year.

The popularity of Android lends itself to not only consumer usage, but also its massive adoption in the enterprise. Now more than ever, the secure and convenient management of devices running this operating system is of global importance.

With this trend mind, let’s explore the evolution of Android management from the early days of Gingerbread to Lollipop to today, right at the doorstep of Q — while discussing what steps need to be taken by IT and security leaders to ensure a successful rollout of the latest management techniques for Android.

Join IBM and Google for a webinar on August 29th at 2pm ET

Do Androids Dream of Endpoint Management?

The first thing to note about managing Android is that historically, it was (and still is) a highly customizable operating system for manufacturers due to Google providing Android as an open source operating system —  allowing manufacturers could build atop the platform. Although an organization with a unified endpoint management (UEM) tool can manage all of its devices in one console through traditional Device Administrator API’s (introduced in Android 2.2) — from Samsung, to Motorola, to LG, to OnePlus, to Google’s own Pixel and beyond — each different piece of hardware came with its own take on the Android OS and introduced its own set of considerations.

As enterprises began adopting Android, each manufacturer created custom application programming interfaces (APIs) for their platform that could be managed, creating a less-than-cohesive overall user experience — especially for companies that had adopted a bring-your-own-device (BYOD) policy or provided employees multiple flavors of corporate Android devices.

This all changed in 2014, when Google decided it was time to consolidate Android management. With the release of Android 5.0 Lollipop, manufacturers were given the option — originally called Android for Work, now Android Enterprise — to include additional APIs from Google that would provide a level of uniformity across devices.

Some manufacturers did not immediately integrate this new functionality. In 2016, Android made its enterprise-ready capabilities a standard addition to OS versions, beginning with 6.0 Marshmallow. Android’s breadth of enterprise-grade functionality included and still includes:

  • A self-contained work profile (Profile Owner) to isolate corporate applications from personal and BYOD devices;
  • A company-owned managed device (Device Owner) mode that can be set up exclusively for work use, only allowing for corporate applications and content;
  • A fully managed device with a work profile mode, also known as corporate-owned personally-enabled (COPE), intended for company-owned devices that are used for both work and personal purposes (available from Android 8.0+);
  • A dedicated device mode, also known as corporate-owned, single-use (COSU), to lock down devices to a limited set of apps for dedicated kiosk purposes;
  • Enterprise-only app approval and distribution mechanism to managed devices and managed profiles through Managed Google Play;
  • Out-of-the-box, zero-touch enrollment for any device running Android 8.0 and above; and
  • Automatic, mandatory device-level encryption.

The Future of Android Device Management

Android has aligned its platform to modern-day security best practices, so why haven’t all organizations adopted the cutting-edge configuration? Most organizations that adopt Android give users the flexibility of the container-like work profile, but transitioning into Profile Owner (PO) mode has typically been a time-consuming endeavor.

Historically, UEM platforms, while able to support all types of Android management, could not easily migrate an already-enrolled device from traditional Device Admin management and enroll into modern Android Enterprise management. The process included unenrolling then re-enrolling with a code specific to the management platform — all done one device at a time, unless previously provisioned by a carrier or managed service provider.

Many organizations simply do not know the shortcuts that now exist to move hundreds or thousands of devices to the new format. And with Google recently announcing the deprecation of several APIs in the legacy Device Admin mode upon release of Android Q, now’s the time to get in the know.

The goal of an effective UEM platform must be to strike a balance between security and productivity. Android strikes that balance with its work profile, challenging management vendors to follow suit and provide a secure, convenient way for a business to quickly provision large fleets of devices in PO mode — out of the box and with minimal admin involvement.

An Android Enterprise Recommended solution, IBM MaaS360 with Watson, announced a new migration tool aimed at smoothly transitioning Android devices in Device Admin mode to PO mode to get ahead of Android Q. Check out the migration tool for yourself in the MaaS360 Knowledge Center and join IBM and Google on August 29 at 2 p.m. to learn from the experts about Android Q and how MaaS360 addresses modern Android management.

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…