Looking for an enterprise mobility management overhaul in Android 4.3? Keep looking.

Yesterday Google announced several new products, including a new version of the Nexus 7 tablet, something called Chromecast, and the next version of Android, Android 4.3 (JellyBean).

Yesterday Google announced several new products, including a new version of the Nexus 7 tablet, something called Chromecast, and the next version of Android, Android 4.3 (JellyBean). You can find anything you want to know about the Nexus 7 and Chromecast on tech blogs all over the internet; here I'm just going to take a look at Android 4.3 in the context of enterprise mobility management.

Managing Android in the enterprise is difficult, but with every new version there’s always a hope that the EMM capabilities will be overhauled. Unfortunately, that didn’t happen this time around. Still, Android 4.3 brought a whole slew of changes, and some of them are indeed related to the enterprise. Here’s a quick rundown from developer.android.com:

First, there’s restricted profiles. Android 4.2 introduced multi-user support, though it only works for tablets and not phones, and I’ve never actually heard of any EMM vendors trying to use it to separate work and personal environments or anything like that. The restrict profile feature introduced with Android 4.3 is similar in concept, but works a little bit differently. From developer.android.com: “Each restricted profile offers an isolated and secure space with its own local storage, home screens, widgets, and settings. Unlike with users, profiles are created from the tablet owner’s environment, based on the owner’s installed apps and system accounts. The owner controls which installed apps are enabled in the new profile, and access to the owner’s accounts is disabled by default.”

Next, it will now be possible for apps to configure the device’s WiFi connection for WPA2-Enterprise networks. The final group of improvements is more important for the down-in-the weeds app development and app security set.

EMM vendors will be able to take advantage of these improvements, but they’re not likely to have a big impact on how an IT administrator approaches managing Android on a day-to-day basis.

What about in the future?

What about Android 5.0 Key Lime Pie, the rumored next version of Android? Will we get our major EMM overhaul then? After all, iOS 7 is bringing a huge set of EMM improvements, so doesn’t Android have to respond? The answer is no, not necessarily; and even if it did happen, the fact is that fragmentation would still make managing Android a headache.

The reason for all of this is that when Android was created, the idea was that mobile device manufactures would add in EMM capabilities on their own. The core version of Android did eventually gain a few basic management features, but still today the capabilities differ from one manufacturer to another, and many manufacturers don’t update their devices to the latest operating system. (For a more in-depth look at this topic, check out my article Why is it so difficult to manage Android? Here’s a history of MDM features from 2008-2013.)

All this means that for now managing Android means either having different policies for different devices, or finding a way (likely using mobile app management) to work with the lowest common denominator.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is interesting.. maybe even surprising given everything that Apple's added into iOS7 for enterprises. Can you boil down what the most important features or changes that you'd like to see in Android? What are customers missing that Google could build in? Just more stuff like Samsung SAFE / KNOX?


If you look at the list of MDM APIs available for iOS and compare it to the list of available for Android, there's no comparison. Specifically, setting up email, all the app-level controls that iOS 7 will have, the clear line between what MDM can and can't do, etc,or really anything that's in iOS MDM (images.apple.com/.../iOS_6_MDM_Sep12.pdf) that's can't be done with the Android Devices Administrator API and other core Android APIs. (developer.android.com/.../device-admin.html)

It just goes to show that we can't think of iOS and Android; if you want to take advantage of device capabilities you need to think Apple, Samsung, other Android OEMs, etc..  Or just rely less on the device and do more management at the app level.


There's another Android 4.3 feature called App Ops that seems to allow a user to apply a permissions settings to each App.  Wondering if this would be useful for MDM or MAM deployments.



Wow, I definitely missed that in the rush to get ready for BriForum. This is great news for users. The question will be if the App Ops feature has an API that could be exposed to MDM apps—if that was the case, there'd certainly be something there, at least in some limited cases.