A few days ago I was at a TechTarget event, talking about the difficulties of managing mobile devices in today’s diverse and fragmented landscape, when one of the attendees asked if we’d ever get anything consistent again like back in the BlackBerry days. Unfortunately, when it comes to mobile device management, it’s pretty unlikely that will ever happen. However, one place where you can have consistency is in the mobile apps you deploy to your users. Let’s take a closer look.
Fragmentation and BYOD create a huge headache
We know this story well: Today, not only do we have to deal with managing several different mobile OSes, we also have to deal with the fact that just in Android alone, devices from different manufacturers will have different management APIs. (We can refer to these features with the way-too-long acronym OEM MDM APIs. For more on Android management, see Why is it so difficult to manage Android? Here’s a history of MDM features from 2008-2013.)
It’s getting worse all the time, too. Samsung SAFE has some of the most prominent OEM MDM APIs, but there are also special management APIs for devices from HTC and Motorola, and even the Kindle Fire has its own set of management APIs. There’s also a crop of phones specially designed to address work and personal separation: VMware Horizon Mobile is out; Cellrox, General Dynamics, and Red Bend are also working on mobile virtualization; there’s Samsung KNOX; and just last week LG announced its own solution called LG Gate.
Finally, there are also plenty of devices out there that don’t have any OEM MDM APIs, and only have the very basic management features that are built into the plain, unmodified version of Android.
BYOD: compounding fragmentation
All of these OEM MDM APIs and specialized dual persona devices are great if you’re planning giving phones to your users. Many of them are are also good at dealing with users’ personal apps while keeping corporate data safe.
However, these won’t help you deal with BYOD. (Well, unless your users happen to pick the specific phone that has the specific set of APIs that you’ve settled on. But you probably won’t ever hear anybody say, “Hey, all of our users just decided to buy this one particular Android phone, perfect! Fragmentation over!”)
Instead, true organic BYOD is diverse, and it doesn’t go away—even if you do give everybody a corporate phone. No matter what, you’ll have to deal with users that want to work from all manner of extraneous iPads, Android tablets, Kindles, cheap tablets from Walmart, and phones from different manufacturers.
All this means that when it comes to mobile device management, you’ll either have to deal with diverse management capabilities, or just manage to the lowest common denominator. Ugh! There are some MDM vendors out there that are doing a great job at supporting as many different OEM MDM APIs as possible, but at the end of the day, MDM capabilities are still limited by whatever APIs are provided by the device.
Corporate-deployed apps to the rescue
So how do you get any consistency without just lowering your standards?
One way is by deploying apps that have built-in management features. Even though you can’t be in control of what devices users expect to work from, corporate-deployed apps are a point where you can take control.
What management features are at stake? Theoretically the sky's the limit when it comes to building features into your apps, but you can get a good idea by looking at some of the things that many advanced third-party mobile app management products can do that more basic Android devices cannot. This includes configuring VPNs, WiFi, and Exchange accounts; controlling inter-app data sharing; remotely disabling individual apps; providing app-level passwords, SSO, and authentication; using advanced types of encryption; and so on. Some OEM MDM APIs and specialized devices can offer these features natively, but again we can't always depend on these features being present. This is also an example of why third-party mobile app management techniques will continue to be important even as more devices with built-in mobile app management features are coming to the market.
Of course, you’ll still have to deal with the difficulty of making apps that run on different OSes behave the same way. Email in particular is can be hard to handle, since many users will want to use the email clients that are built in to their phones, and to to manage that you’ll need to deal with MDM.
But overall, whether you’re building your own apps from the ground up, using app wrapping to bake-in management features, or purchasing apps from other developers, you can take these apps as an opportunity to include features that you can’t always count on having in the diverse devices that you’ll almost certainly have to deal with.