Why is it so difficult to manage Android? Here’s a history of MDM features from 2008-2013.

To follow up on yesterday's history of Apple iOS management features, today I'm going to do the same thing with Android. A warning, though: there's just not just not as much here.

To follow up on yesterday’s history of Apple iOS management features, today I’m going to do the same thing with Android. A warning, though: there’s just not just not as much here. I’ll explain why and then dig into the history.

Why is Android difficult to manage?

The mean reason people say that Android is difficult to manage is because of fragmentation. But what does "fragmentation" really mean, and why is Android this way?

When Android was first created, it was meant to be a mobile phone OS that handset manufacturers and carriers could easily customize to suit their own needs. As a result, many features—including enterprise management tools—weren’t included in the core unmodified version of Android. While that was a noble plan it soon became evident that not all manufactures were adding management features as part of their customization process, so as a result, Google added some very basic management features into the core version of Android.

There’s still a catch, though: most Android devices don’t get updated to the most recent versions of the OS, since device makers focus their efforts on adapting the new versions of Android to the newest devices only. And it’s not uncommon for Android devices—especially the cheap ones—to ship with old versions of the OS even when they’re brand new.

There are some manufacturers, like Samsung, who have added extensive management features into their versions of Android. In fact, most of the devices from major manufactures have at least something added in. There are also several vendors working on virtualization as a way to manage Android.

Nevertheless, if you’re tasked with supporting whatever random Android device a user brings in the door, you’ll want need to support whatever the lowest common denominator is. With that, here’s a history of Android management features.


The first Android device was the HTC Dream, released in October 2008, with absolutely no provisions for enterprise management. The only saving grace was that Android did launch with the ability to install third-party apps, and various app makers filled the enterprise void by offering sandboxed corporate email apps. The idea was that since the device couldn’t be managed, security features would be built into the app instead. Products like GoodLink (from Good Technology) had been doing this for years on other platforms, and the model worked well on Android.


In September 2009, Android 1.6 added VPN support (though at the time there were already third-party VPN apps), and later that year Android 2.0 brought support for Exchange email accounts. Unfortunately there was no way enforce any Exchange security policies, and in general Android was way behind iOS when it came to management features.


In May, version 2.2 of Android introduced the Device Administration API. This API lets an Android app enforce device-level management policies, including password requirements, wiping the device, and locking the device. While it was a great addition, having an API meant that there weren't any well-defined configuration profiles like with iOS devices, and instead each MDM vendor had to make their own app that interfaces with the Device Administration API. Still, it meant it was finally possible to build MDM apps that at could at least enforce the basics of over-the-air management, without having to rely on device manufactures to build the features on their own. This was pretty close to the time that iOS 4 added major features as well, and it helped kick off a huge boom for MDM.


Android 3.0 in February 2011 gave the Device Administration API the ability to enforce more complex password policies and device encryption—a feature that would open up more use cases. Then Android 4.0, in October, added the ability for Device Administrator apps to block the camera.

What else?

If this list of management features seems paltry, that’s because it is! It just reminds us that the real Android MDM innovation is taking place among manufactures. They’re doing some great things, but none of them will be able to help the fact that we have to deal with fragmentation.

By the way, Google is expected to announce the next version of Android in two weeks at Google IO, and while I'm excited for the incremental improvements, I'm certainly not holding my breath waiting for anything that will make the the difficulty of managing Android go away.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I feel like I always hear about Samsung (with SAFE and KNOX) as the example of an Android manufacturer who's doing it right. What about the other big Android makers? Do they have any extensions that common MAM vendors plug into?


Did you mean management extensions that MDM plugs into? Other OEMs also have APIs that go beyond the Device Admin API basics, but Samsung is by far the most robust and spending the most ad dollars on it.

MAM is interesting on Android because the more you build into the app level, the less you care abut the device management capabilities (and 3rd party email clients on Android can actually work in the background, unlike on iOS...but that's a future article :)


A while ago Motorola bought out an MDM vendor 3LM that made management extensions for Android.  I was surprised to now read that Google has mothballed these MDM extensions.  Many of Motorola's patents were also recently invalidated in a lawsuit with Microsoft.  New Moto phones are MIA.  Not sure what Google is smoking recently.


I wondering if Samsung will indeed fork Android eventually.