Google beefs up Android Enterprise security and makes it easier to manage
Google LLC is updating its Android Enterprise program with a number of new features and capabilities today.
Among them, it’s adding a superior way for identity providers to integrate authentication services an a new application programming interface for speedier updates. And it’s launching its first vulnerability reward program to improve the security of its Pixel smartphones.
Android Enterprise is a program for businesses that makes it easier and safer for them to enable their employees to use Android devices at work. The program provides APIs and other tools developers can use to integrate support for Android into enterprise mobility solutions.
In a blog post announcing today’s updates, Android Enterprise Senior Product Manager Rajeev Pathak said companies are increasingly interested in the idea of “zero-trust” security, which is a model that assumes every single user and device is potentially a risk. As such, all users are required to verify themselves continuously.
Pathak said Google has developed numerous APIs and tools to support zero trust on Android and is now focused on “supercharging the role of identity providers.” To do that, he said, Google is partnering with identity firms such as Okta Inc., Ping Identity Corp. and ForgeRock Inc. to shift from the older WebView standard for authentication to a newer protocol known as “Custom Tabs.”
“While WebView is a flexible and powerful component for rendering web content, Custom Tabs are more modern and full-featured, allowing identity providers to gather device trust signals, improve employee security and enable single-sign-on across apps and the web,” he explained.
Meanwhile, the new Android Management API is all about helping businesses get the newest Android updates faster and more easily. It’s aimed at companies that use Android Enterprise alongside an Enterprise Mobility Management platform, ensuring fast delivery of new enterprise features with best practices and Android Enterprise program recommendations enabled by default. In addition, companies can use the Android Management API Extensibility framework to adjust the API’s capabilities on the fly using on-device signals to trigger immediate policy changes.
“With this update, we’re publicly recommending Android Management API to customers and partners as our preferred method of management,” Pathak said. “More than 60 EMMs — including Microsoft, Citrix and Google Workspace — have already launched solutions based on Android Management API. Solutions from other EMMs like Ivanti, SOTI, IBM, Samsung and SoftBank are launching soon.”
Pathak also talked about some of the upcoming security features in Android 12 that will soon be available to Android Enterprise users, such as improved password complexity controls that make it easier to protect corporate data, plus the ability to disable USB signaling on company-owned data. Those updates, he said, ensure Android meets the most rigorous deployment standards. But in the name of scrutiny and transparency, Google is encouraging anyone who thinks an Android Enterprise device can be hacked to do so and share the method, in return for a handsome cash reward.
The new Android Enterprise Vulnerability Rewards Program is offering a prize of up to $250,000 in cash for anyone who can discover a full exploit on a Pixel device running Android Enterprise, Pathak said.
The last update today pertains to Android Work Profile, which is a feature in Android Enterprise that allows users to have separate profiles on their device for work and personal use. The Work Profile is currently only available on managed devices, but will soon be extended to unmanaged users.
“This will eventually allow anyone using Android for business purposes to separate work and personal apps in one interface and pause all work-related apps in one click,” Pathak said. “This will be available to Google Workspace users first starting next year, with plans to expand to more identity providers soon after.”
Analyst Holger Mueller of Constellation Research Inc. told SiliconANGLE that Google has a still fairly nascent, two-pronged, consumer and enterprise strategy for Android.
“On the enterprise side there’s still lots of room for more capabilities and innovation, and that’s what Google is focused on now,” he said. “The new partnerships with other ecosystem players around identity and authentication will be most welcome by enterprises. The Android Management API is an interesting approach too, as it’s one that puts enterprises in the driving seat. So it’s the right approach.”
Images: Firmbee/Pixabay and Google
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.