Google IO is next week, and Apple WWDC is next month, which means that we’ll soon be learning about all the new features in the next versions of Android and iOS. Today I’m going throw around some ideas about how changes in each of these platforms could impact the enterprise mobility management world.
It’s around this time that bloggers love to tons of wish lists for new features and try to predict what’s in store. So bear with me here... I’ll just say that what follows is going to be pretty speculative.
Today’s Android and iOS challenges
Last week I wrote about the journey that Android and iOS both took, and how they went from being completely unmanageable to having respectable MDM capabilities. However, if you’ve been around around the enterprise mobility management space, you know that’s old news. The real problem is that modern mobile OSes provide lots of ways for apps to share (or leak!) data with each other. As a result, the challenge now is to figure out how to manage and secure corporate apps and data separately from personal apps and data (I use the term “dual persona” for this).
There are a number of ways to accommodate dual persona, but the emerging favorite is mobile application management (MAM). MAM faces some challenges, including how to get all of the apps you need to work with the system, but I believe this problem is being solved.
However, with new versions of Android and iOS due soon, it’s natural to wonder what changes might be coming that could make it easier to deal with dual persona issues. I’ll look at the platforms individually.
What could iOS do to enable dual persona, or at least make it easier for EMM vendors to do so? This is a question that I think about a lot, and there are a few ideas that come up:
First, iOS could add “secure” or “private” versions of common sharing frameworks, such as an extra contacts API that only the corporate Exchange account and other managed apps could use, a secure document handling framework, and a way so that only certain apps use the VPN, and secure clipboard, and on and on and on...
Soon enough you realize that this gets really complicated really fast! Would this work on older hardware? Who knows? Do you have to build apps that specifically ask for access to the extra set of frameworks? Or could you use configuration profiles to whitelist whatever apps you want? There are a million questions, and this all seems like it would be such a drastic change that Apple would never go for it.
How about approaching it from the other direction? What if configuration profiles could have more options to restrict access to data that’s associated with corporate Exchange accounts. This is more along the lines of the controls that Apple has been adding gradually, so maybe it’s more feasible.
And then there’s another completely different direction that Apple could go in—they could loosen restrictions around the behavior of third-party apps. Right now one of the biggest issue with using MAM to get dual persona is that third-party email apps aren’t allowed to download messages in the background. If Apple were to relax this rule, that would eliminate one of the biggest drawback of third-party mail clients. There’s a history of this type of change, too. In the early days of the App Store, Apple didn’t allow any apps that duplicated the functionality of built-in apps, but today we have lots of options that can easily take their place.
Android is a completely different story. Remember from last week’s article that Android is built around the idea that management features are left up to device manufacturers to do on their own. To that end Samsung KNOX and all of the mobile virtualization vendors have versions of Android with dual persona frameworks already built into the OS.
Because the core version of Android only includes very basic management features, I have very little expectation that revolutionary dual persona features will show up in the next version. But what if something did happen? It still wouldn’t be a big of a deal because we would still have to deal with fragmentation and the fact that most of the devices out there wouldn’t have the new features. MAM would still remain as the best way to achieve dual persona across a wide variety of different versions of Android.
How will this impact the EMM?
Keeping in mind the danger of making predictions, I’m going to say overall that there’s very little that could happen in upcoming OS updates that could have a significant impact on how we deal with dual persona issues. In addition, regardless of what happens with the new OSes, here’s why I think MAM will continue to grow and be strong:
- Android fragmentation. Enough said.
- Even if dual-persona capabilities are built into devices, you’ll still need to provide apps to do anything beyond email and browsing.
- If iOS background processes are opened up, then there will be that much more demand for MAM.
- A lot of people don’t want to worry about the device and just manage apps—the fact that dual-persona frameworks would be built into the device would be insignificant.
We’ll hear about Android next week, but the bigger news will likely be iOS 7 in June. While I don’t think it will turn the EMM world upside-down, each iOS release has had something in it for the enterprise, so there will be something to talk about.