It’s been almost two weeks since Google announced that the next version of Android will have a new set of enterprise mobility management frameworks called Android Work, intended for devices that get used for both work and personal functions. (Here's my initial post from the day after the announcement.) Since this is such an important announcement, more questions are bound to come up—what will Android Work actually be like? Will it be good enough to solve our fragmentation issues? And what happens to all those other “specialty” Android solutions?
First off, how extensive will the new work/personal features be, and how well will they work?
One of the key points of Android Work is that it’s based on Knox, the powerful, full-featured set of management APIs that Samsung uses in its own Android devices. Great news, right? Not so fast. We’re not sure how much of Knox will make it into Android Work. The press release from Samsung said “part” of Knox is being contributed to Android. Which part? They wouldn't say. There are two ways of looking at this: Besides all the Knox Android management APIs, Samsung also has Knox EMM (which is basically like any other 3rd-party EMM product) and the Knox Marketplace. So “part” could mean that Samsung is not contributing the EMM platform and the app marketplace, and they’re just contributing the Android management APIs, which would make sense. But on the other hand, “part” could mean that not all of the Knox Android management APIs will make it into Android Work, leaving the potential for some degree of fragmentation to continue to exist.
However, regardless of how much of Knox makes it into Android Work, we know for sure that Android Work is promising a lot—just look at what we know already from the Google I/O keynote, the Developer Preview API Overview, and this short Android Work video:
- The separate work and personal management and security features will be enabled by something called a work profile. Everything will be presented in a unified view on the home screen, in the recent apps list, and in the notification view, thus avoiding the oft-maligned approach of having two completely separate environments. (Other questions remain, though—what about a converged work/personal email inbox, or other individual that get used for both?)
(Screen capture via YouTube video.)
Besides work profiles, the video describes several other concepts:
- A profile owner is a special type of Device Administration API/app used to provision work profiles (and thus work apps and settings). Google is calling this the BYOD model, though obviously it would work well for COPE devices as well.
- A device owner is another special type of Device Administration API/app, except in this case it can be used to control the entire device. It can only be used on new, un-provisioned devices and not random personal devices, so think of this as an option for corporate-deployed devices (kiosks, embedded devices, point of sale, education, etc.). It will have features to “meet the highest requirements for remote administration and security”
- Device Policy Client apps will be used to provision and administer work profiles. Users can log in with corporate credentials and receive settings and apps determined by administrators. This is similar to the way current Device Administration MDM agent apps work.
- Google Play for Android Work will enable blacklisting and whitelisting apps in the work profile, pushing apps, bulk app purchasing, and distribution for in-house apps.
- All of these features will be available to third-party EMM providers.
For reference, other things that have been mentioned by Google include:
- Task locking to mute notifications and lock an app in fullscreen mode. This could be used for kiosks or for testing and education.
- For older devices some Android Work functionality available as an app.
- There will be a certification program that will include all of the Android device manufacturers that you’ve ever heard of and ensure that devices meet Android Work requirements and are kept up to date.
Another look at fragmentation
Are all of these new features enough to make Android’s MDM fragmentation problems go away? As I alluded to earlier, there are still a lot of details that Google isn’t talking about yet. But at the very least, we can see that Android Work will undoubtedly make life easier. The minimum floor of management features will be raised, so for many companies there’s a good chance that these problems could indeed go away.
We definitely still have to deal with slow Android OS updates for existing devices. Android Work won’t be available on all devices anytime soon, but at least a new baseline is being established for the future. 12 to 24 months after the release of Android Work, the the landscape could look quite different, especially for the knowledge worker devices that are the most difficult for corporate IT.
One more note—while Android devices themselves will have more consistent and powerful management APIs, Android still leaves more up to individual EMM vendors than iOS. In iOS, configuration profiles providing a standard way to interact with MDM APIs. But for Android, each MDM vendor is building their own proprietary MDM agent app, leaving more room for interpretation.
What about all the alternative Android management frameworks?
What happens to all of those other OS-level Android management frameworks? All the manufacturer-specific management APIs and mobile hypervisors and dual persona solutions?
Perhaps some manufacturers will quietly get out of the business of creating their own management APIs. If EMM isn’t their core business, then this is a no-brainer. And some of the experimental side project dual-persona devices could disappear, too. Other vendors will want to continue to find ways to build value on top of Android Work. That’s a perfectly valid option, too, it’s just that it will be more of a specialty product now.
To put everything in perspective, remember that OS-level frameworks like Android Work are only one way of approaching work/personal separation—there’s also a wide range of approaches that work at the app-level without any MDM API dependencies.
Regardless of your approach to enterprise mobility, Google’s effort with Android Work will bring the enterprise tools that had been missing.