Android: EMM (R)Evolution?!

I was invited to attend the Google Android Enterprise Summit in London and Google has announced some new features for Android Enterprise. The next version of Android will come this autumn and I’ve already translated some new features. However, some of the features will be available just over two months after the release of the operating system. Also the innovations of Android Enterprise in version P and partly in Q I have written down for you, but I would like to go into more detail.

Zero Touch / Android Enterprise recommended

Zero-Touch continues to grow strongly and at the time of the Summit, 31 devices from 9 different vendors were listed in the Android Enterprise Recommended Program. Because the Android Enrollment is part of the Recommended Program. If you want to use the enrollment program you have to buy the equipment from a verified dealer. At the moment there are not many, but there is also a strong growth here. (Manual)

Updates

Thanks to the Enterprise Recommended Program, private and business customers enjoy regular security updates. Google will force all OEMs to regular supply of updates. From Android Oreo, Project Treble is required. If OEMs are updating their devices, these updates have also to be running on AOSP (Android Open Source Project). In addition, admins may defer updates for up to 90 days globally or in groups, e.g. to test your own applications.

Security

Google scans more than 50 billion apps every day and Android Oreo has changed even more:

  • Each driver, service and app are self-contained and addressed individually
  • There is no rollback to an older Android version possible
  • It uses file-base encryption
  • Discontinuation of device administrator

Device Administrator: the EMM client is activated as a device administrator on the device and thus has full device access. But the implementation is unreliable and also gives other apps this far-reaching access. Therefore, from Android Q, this option is no longer supported. EMM providers have to take action here, as Android Q devices can only be activated with the Android Enterprise APIs. Admins should pay attention to which devices they purchase.

Android Enterprise API / OEMConfig

So far, device manufacturers have written their own APIs for their devices to provide specialized features / services. EMM vendors had to implement them in their products. This will now change with OEMConfig. It is nothing but a small application, which is created and pre-installed by the manufacturer. Via AppConfig you can then extend the Android Enterprise API by adding the app only to the EMM and distributing it. Thus there is a tag-0 support for new functions.
In addition, all Android Enterprise APIs are cut down. There is then only one in the future Android version: AndroidManageAPI.

EMM Server Migration

Android will support migration of the EMM system without re-activation in the future. Thus, one can pull devices without failure directly from one to the other EMM, as long as the EMM providers support this as well.

Single Use / Kiosk Mode

Android P makes a kiosk mode very easy. Basically, the new LockTask mode is an Android Enterprise Activation, which offers only one fixed app or multiple apps to the user.

Further device classes

In addition to smartphones, single-use devices, shared devices, kiosks, embedded and PoS systems, displays and VR headsets will be supported directly via Android Enterprise.

Conclusion

The stage is set, the proportion of Android devices in companies will continue to increase and at the latest in two years with Android Q. By using a single API and global container, implementation and usage is very easy.