Just last week, the Android P developer preview dropped, and the EMM world is starting to digest all the new Android enterprise APIs. Also, there are two more recent Android enterprise programs to explore: the Android Management API and the Android Management Experience demo environment. Let’s take a look!
EMM APIs in Android P
I’m not going to re-publish the full list, for that, head to the preview site. If you want to compare it to what’s available currently, head to the Android EMM Developers site, or check out the EMM features that came with Android 5.0, 6.0, 7.0, and 8.0. Here are the general themes:
First, the work and personal experience is getting more refinements. There’s a new launcher UI (Jason Bayton has already made a demo video) and there will be “animated illustrations” to help users understand EMM features. Android P is also smoothing out the user experience for apps that are used in both the work profile and on the personal side. Per Google, “For example, an email app can provide a UI that lets the user switch between the personal profile and the work profile to access two email accounts.”
On the corporate side, there are refinements for shared and kiosk devices. Shared devices will support an “ephemeral user” for public devices or shift workers, and now you can lock any app into kiosk mode, suppress error messages, and more.
There are plenty of general feature, too. You can postpone over-the-air updates; there are more restrictions, like preventing users from enabling airplane mode; and more APIs for hardware-based keys and certificates. Again, see the list for much more.
Many of the general Android P updates will affect the enterprise, too. For example, this version will place tighter controls around idle app access to sensors. Android P will also warn users when apps that target much older Android versions are installed, plus it will restrict access to private APIs. So if you have some app built in 2011 in your environment (yes, legacy Android and iOS apps are a thing) then it’s time for an update.
As always, the question is when and on which devices you will actually be able to use these features. Android P won’t be out until sometime in the fall, so if you’re sourcing some new enterprise-owned devices, think late 2018/early 2019. But for BYOD? Unless Project Treble really speeds things along, or your users all really like buying new phones (or all use Pixels), count on early 2020.
However, there is a bright spot, as we’re finally at the point where most BYOD Android devices should support at least some form of Android enterprise. This is backed up by recent numbers from MobileIron, who revealed that 82% of the Android devices under their management run 6.0 or higher.
Android Management API
The Android Management API is a Google service that acts as middleware for managing Android devices and includes a corresponding pre-built agent app. It was announced last October, and is currently in beta. The initial version only supports corporate-owned, single use devices (i.e. kiosks, digital signage, etc.) but they plan to expand to all Android enterprise scenarios.
The API is intended to be both vendor and enterprise-facing, and the idea is that it takes away a lot of complexity. I don’t think the likes of AirWatch and MobileIron will give up their own agents any time soon, but as the API expands in scope I can see it being useful for medium and small security and management vendors. In addition, it seems like it would be good for specialized use cases that don’t call for a full EMM vendor.
Android Management Experience demo
When I was poking around with the Android Management API, I stumbled on a link to the Android Management Experience, another recent effort. This demo environment lets you instantly enroll a device in either Profile Owner or Device Owner mode and apply a few basic policies. All you need is a Google account, an Android device, and as long as it takes to download the agent and enroll via QR code.
I know that there’s some concern that Samsung isn’t yet part of the Recommended program or using zero touch. Plus, as mentioned previously, there’s the two-year lag until we can expect most BYOD devices in an organization to support any given Android version. However, you really have to hand it to the Android enterprise team—they’ve been on a tear lately.