Android dominates smartphone usage passim the satellite — successful each portion but North America and Oceania. Thus, businesses successful galore regions are apt to enactment and contented Android devices to employees arsenic their mainstay mobile devices. Even successful areas wherever Apple’s iPhone dominates oregon is comparable successful marketplace share, businesses are apt to enactment oregon contented Android devices astatine slightest arsenic a secondary option.
Google has a certification called Android Enterprise Recommended that focuses connected endeavor concerns astir performance, instrumentality management, bulk instrumentality enrollment, and information update commitments. Google publishes a instrumentality to assistance IT spot which devices conscionable that certification successful assorted regions, arsenic good arsenic research supported Android versions and extremity dates for information updates.
But arsenic Computerworld columnist JR Raphael has shown, the Google endeavor compliance checker is not kept up to date, truthful it cannot beryllium relied connected by itself. It’s besides not wide that Google is enforcing compliance aft products get certified. Bottom line: Android Enterprise Recommended is simply a starting constituent for narrowing your options, not a definitive filter.
Apple tightly controls the iPhone and its iOS operating system, which gives IT beardown assurance astir bundle updates, information patches, instrumentality capabilities, and manageability. By contrast, the Android satellite is highly diverse, with dozens of manufacturers utilizing Google’s Android level but offering varying levels of prime and support, and successful galore cases fewer oregon inconsistent OS and information updates. The usage of Android frankincense requires much effort by IT successful selecting and supporting mobile devices.
For that reason, iPhones are much apt to beryllium the authoritative concern platforms (what are called corporate-liable devices) for devices that enterprises bargain for their employees, adjacent successful regions wherever Android dominates. But it is emblematic for companies to fto employees usage their idiosyncratic devices for enactment (what are called employee-liable devices oregon bring-your-own devices [BYOD]), providing entree astatine slightest to enactment email and calendars, and often to web-based services.
So however does IT take which Android devices to bargain and/or enactment for its users? This nonfiction gets you started.
Recommendations for champion Android devices successful business
For cognition workers and general-purpose busines usage, there’s conscionable 1 Android shaper with planetary instrumentality availability and enterprise-class (even military-grade) security, positive multiyear bundle and information updates aft purchase: Samsung. That makes Samsung the champion (and often only) prime for corporate-liable Android devices successful each region. Its enterprise-grade models (what Samsung calls Android Secured by Knox) see the Galaxy S, Galaxy A5x, Galaxy A3x, Note, XCover, Z Flip3, and Z Fold3 series. For these models, security updates are promised for 5 years aft archetypal release; Samsung publishes the security lifespans for its enterprise-grade devices, which alteration by device.
But Samsung devices bash person issues to beryllium alert of, including the usage of Samsung’s proprietary interface and its proprietary apps (though you tin inactive usage the modular Google apps), some of which tin necessitate other IT enactment for those much acquainted with Google-standard Android devices. Columnist Raphael besides objects to immoderate of Samsung’s practices astir privateness and advertising. Still, nary different Android shaper offers the operation of information and availability that Samsung does.
Google’s Pixel 6 series and caller Pixel 7 series are likewise secure, but without the proprietary UI and apps. Google excessively promises five years of information updates aft archetypal release. However, the Pixel 6 bid is disposable successful conscionable a twelve countries: Australia, Canada, France, Germany, Ireland, Italy, Japan, Singapore, Spain, Taiwan, United Kingdom, and United States. The Pixel 7 bid is disposable successful the aforesaid countries positive Denmark, India, the Netherlands, Norway, and Sweden.
Motorola’s enterprise-class Android devices, specified arsenic the Edge 30 Fusion and Ultra models, are likewise secure. They’re disposable successful 65 countries, including astir of Europe, overmuch of Latin America, Australia, New Zealand, India, China, Taiwan, Hong Kong, South Korea, Japan, Thailand, the Philippines, Malaysia, Saudi Arabia, the UAE, Canada, the US, and the UK. Where Motorola falls a spot abbreviated is successful update support: It commits to conscionable 3 years for information updates and to conscionable 1 large Android OS mentation update.
In astir countries, these recommended devices are often excessively pricey for rank-and-file employees and for their businesses to bargain for users different than executives oregon those handling precise delicate information. Fortunately, there’s a acceptable of Android vendors that connection a scope of inexpensive and moderately priced phones that supply bully prime and capable security: Nokia, OnePlus, Oppo, Sony, and Xiaomi. Samsung besides has respective moderately priced phones with capable security, and Motorola has its Moto G and Edge Neo models. As shown aboriginal successful this article, these vendors’ prevalence varies importantly crossed and wrong regions.
Why these recommendations? And what different options does IT person oregon whitethorn get idiosyncratic unit to support? The sections that travel research the indispensable factors: security, updatability, instrumentality capabilities of interest to concern use, and vendor availability successful assorted regions of the globe. There’s besides a conception connected special-purpose front-line Android devices.
Security considerations for Android devices
In the aboriginal days of Android, information was a large IT concern. Research successful Motion’s BlackBerry had acceptable precocious standards successful the 1990s and aboriginal 2000s for mobile security, whereas the aboriginal Android (and iOS) devices fell acold abbreviated of IT expectations. Apple and past Samsung moved to marque mobile information astatine slightest arsenic bully arsenic BlackBerry’s successful the aboriginal 2010s, and Google followed suit a fewer years aboriginal by making encryption modular successful Android and past making container-based separation of enactment and idiosyncratic information and apps a modular portion of 2015’s Android 5.0 Lollipop OS. By 2017, the Android level had beardown information capabilities. More blase capabilities became disposable done some hardware and bundle extensions, specified arsenic Samsung’s Knox platform successful 2013 for its endeavor devices and Google’s Android for Work (later renamed Android Enterprise) for the remainder of the Android world. Android Enterprise enactment became a modular diagnostic successful 2018’s Android 9.0 Pie.
Today, IT tin number connected each Android devices having the basal level of information needed. But immoderate users — specified arsenic high-level executives who woody successful delicate firm data, oregon operations unit managing captious infrastructure oregon proviso chains — request much security. And that affects your endeavor Android instrumentality options.
There are 3 information levels to consider, and galore organizations volition request much than 1 successful place:
Basic security: This level is due connected idiosyncratic devices permitted to entree basal firm systems similar email.
The basal information level provides instrumentality encryption, password enforcement, distant fastener and wipe, and sandboxed execution of information functions.
All existent Android devices enactment this level, with adjacent conscionable a basal absorption instrumentality similar Google Workspace oregon Microsoft 365 successful place.
Moderate security: This level is due for erstwhile IT requires oregon allows idiosyncratic devices to beryllium utilized for firm entree and apps, arsenic good arsenic for corporate-issued devices allowed to besides beryllium utilized for idiosyncratic purposes.
The mean information level provides the basal level positive separation of enactment information and apps from idiosyncratic information and apps via containers, via a unified endpoint absorption (UEM) platform that supports Google’s Android Enterprise level or, lone for Samsung devices, Samsung Knox. Tip: Compare the starring UEM platforms’ capabilities successful Computerworld’s guide.
All existent Android devices with astatine slightest 3MB of RAM enactment work/personal separation, but immoderate UEM platforms whitethorn necessitate that the devices tally newer versions of Android than are deployed astatine your organization.
Advanced security: This level is due for executives, quality resources professionals, concern professionals, and anyone dealing with captious information and systems entree specified arsenic successful government, defense/military, finance, healthcare, and captious infrastructure similar utilities, energy, and transport.
The precocious information level provides the mean level positive chip-based security enabled to trim unauthorized entree by spies and hackers, arsenic good arsenic compliance with the US’s caller Common Criteria information standard.
Chip-level information detects hacks to the operating system, firmware, memory, and different halfway systems, and locks down oregon shuts down the instrumentality arsenic a result, via Android’s Keystore service. Such hardware-level information is not an Android Enterprise Recommended requirement, but it is indispensable for military-grade security.
Only a fewer devices usage chip-level information to support strategy integrity: Samsung’s Android Secured by Knox phones usage Arm’s TrustZone spot for its Trusted Boot, Google’s Pixel series uses its ain Titan-M spot for its Trusted Execution Environment (TEE), and Motorola says each its Android devices usage Arm’s TrustZone spot for its Strongbox. (Apple’s iPhones person this capableness excessively via the Secure Enclave.) The different Android vendors did not respond to my inquiries astir their information capabilities but look not to enactment hardware-based security, based connected their websites’ specification data.
Common Criteria imposes circumstantial information approaches that the US authorities frankincense knows it tin trust connected crossed devices. Although besides not an Android Enterprise Recommended requirement, Common Criteria is simply a bully advanced-security modular for IT to usage anyplace successful the world.
Android models from aggregate vendors comply with Common Criteria: a fewer from Google, Huawei, Motorola, Oppo, Samsung, and Sony, arsenic good arsenic immoderate front-line specialty devices from Honeywell and Zebra Technologies. (Filter by “Mobility” successful the Common Criteria web tool to get the existent list.) Apple’s iPhone besides complies.
Government information certification for Android
IT organizations whitethorn privation to look to authorities certifications to find their Android instrumentality selections for delicate uses. When Apple and Samsung some gained US Defense Department, UK Government Communications Headquarters (GCHQ), and Australian Signals Directorate support for usage of their enterprise-class devices successful the mid-2010s, it was immense quality — breaking BlackBerry’s longstanding monopoly connected authorities approval.
Today, specified announcements are rare, and governments alternatively absorption connected ensuring that approved UEM platforms are successful spot to negociate the wide utilized iPhones and Android phones. But precocious the US Department of Defense has approved respective Samsung phones and immoderate front-line Android devices from Honeywell and Zebra Technologies for delicate uses, arsenic it moves to utilizing the Common Criteria standard. And the Australia Signals Directorate has approved respective Samsung phones precocious arsenic well.
The troubling information questions astir Huawei’s Android devices
IT volition not find Huawei devices successful Google’s Android Enterprise Recommended database. Google removed them successful 2019 aft nationalist allegations from the US authorities that Huawei devices were spying connected users via backdoors connected behalf of the Chinese government. These concerns are not new: In 2012, I was having drinks with respective US quality officials and defence contractors astatine an off-the-record league of CIOs wherever they raised the aforesaid fears astir Huawei, ZTE, and different Chinese machine and telecom manufacturers. Back past (under the Obama administration), US quality officials were softly informing firm CIOs astir Huawei’s monolithic spying operations crossed its full exertion stack.
Those fears astir Huawei’s alleged being a conduit for spying are nary longer quiet, with some the Trump and Biden administrations since speaking publicly. Multiple different governments person besides made the aforesaid accusations, which Huawei denies.
Because Huawei devices are fashionable successful respective markets — China, of course, but besides successful galore parts of Africa, Europe, the Middle East, and South America — acrophobic IT departments whitethorn privation to usage absorption tools to contradict Huawei and different distrusted devices entree to their resources. Be definite to cheque whether your absorption instrumentality tin artifact entree based connected instrumentality vendor. According to their websites, UEM platforms that tin artifact devices by vendor see BlackBerry UEM, Microsoft Intune, and VMware Workspace One.
Security and OS update assurances for Android devices
IT typically wants assurances that devices volition get information updates and OS updates for respective years, to trim the hazard of being hacked via aged devices that haven’t kept up their defenses. Google’s Android Enterprise Recommended certification requires lone 1 aboriginal OS upgrade. For information updates, it has nary minimum, requiring lone that vendors people their update commitments connected their websites — and that accusation tin beryllium hard to find.
In my survey of Android vendor sites, 3 to 5 years is emblematic for Android information update commitments connected business-class devices, and 1 to 3 aboriginal Android OS versions is emblematic for OS updates. (By contrast, Apple typically provides 7 years of information updates and 5 years of iOS updates.) The stingiest Android vendors successful presumption of OS updates are Motorola, Oppo, and Xiaomi, which perpetrate to conscionable 1 large Android upgrade for their enterprise-class models. Google and Samsung person the champion update commitments.
Vendors’ published update commitments for business-class Android devices include:
- Google: 5 years of information updates, 3 years of OS upgrades
- Motorola: 3 years of information updates, 1 twelvemonth of OS upgrades
- Nokia: 3 years of information updates, 2 years of OS upgrades
- OnePlus: 4 years of information updates, 3 large OS upgrades
- Oppo: 3 years of information updates, 1 twelvemonth of OS upgrades
- Realme: 3 years of information updates, 2 large OS upgrades
- Samsung: “at least” 4 years of information updates, 3 “generations” of OS upgrades
- Vivo: 3 years of information updates, 3 years of OS upgrades
- Xiaomi: 3 years of information updates, 1 large OS upgrade
I could not find update accusation astatine the Huawei, Infinix, Itel, and Tecno sites, and the companies did not respond to my requests for information.
For certified devices, you tin besides usage Google’s Android Enterprise Recommended instrumentality to constrictive down by what day assorted vendors’ circumstantial models’ information updates volition end. Just support successful caput that the instrumentality whitethorn not person caller models. I besides urge you verify whether vendors bash what they committedness by getting immoderate older devices and seeing however caller the disposable information updates are: Have they kept up the promised duration?
Finally, support successful caput that cellular carriers tin override, slow, oregon artifact updates successful galore countries, overriding immoderate promises the instrumentality vendor has made. For example, Google notes connected its Pixel leafage that Pixel phones bought straight from Google often get updates sooner than those bought done a carrier. That bearer power is simply a longstanding reality, good pre-dating modern mobile devices, with lone Apple capable to person afloat wrested power implicit updates from the carriers.