Will it be called Lollipop? Licorice? Lemon Sorbet? OK, that’s a stretch.
Chances are, you probably aren’t concerned with the real name of Android L. In fact, you’re likely not looking ahead at all, given the fragmented state of the platform and the lead-time before your organization fully upgrades (note: fragmentation is getting better with over 85% of the Android ecosystem on Android 4.x as of August, 2014).
Here at BlueFletch, though, we believe that it’s always important to know what’s on the horizon. In this case, L is purported to be the next big version increment for the OS, serving as the baseline for Android 5.x. Along with the version bump come a slew of new features that will most certainly impact you and your organization.
As has been the norm with the press around each release, Google’s communications carry a consumer slant, with a strong focus on Material Design and the user experience changes inherently with the upgrade. However, Google continues to add enterprise features to their offering, and several improvements in L bring yet more maturity to the platform.
Here are the 5 enterprise features in Android L that we at BlueFletch are most excited about:
1. Faster OS Updates and Security Patches
If you’re a day-to-day Android user and have been following the platform for the last few years, you’ve witnessed an effort by Google to gradually reduce their dependence on mobile carriers to distribute software updates. Almost all of the core Google applications and services, including Gmail, Google Talk, Google Play services, as well as features like language support and keyboard updates are now distributed through Google Play, rather than bundled within the OS and dependent on OTA updates.
With Android L, Google is taking this a step further by introducing support for security patches through Google Play services.
Urgent security updates will now be delivered to your employee’s devices as soon as they’re resolved, rather than after the users carrier has organized resources and slotted an OTA release. This is done through what Google is calling a “Dynamic Security Provider” that’s bundled with the 5.0 version of Google Play Services. It sounds like this is really just an externalization of network security components, similar to the prior externalization of Google apps, language support, etc., but it’s exciting nonetheless. It’s definitely another step in the right direction and should greatly appease security-minded folks.
One of the biggest concerns in Android BYOD environments is the dependence on the least-secure device attached to your corporate infrastructure. This provides a way for Google to get around slow or non-existent carrier updates to ensure that important security updates are applied to all devices in a timely manner.
2. Built-in Security Containers and Managed Provisioning
Up until now, Google has left most security and mobile management features to device manufacturers. Sure, Android 2.2 introduced the concept of a Device Admin, along with some APIs around policy enforcement and the like, but from the beginning this has had a lackluster feature set, begging for improvement and extension. Device manufacturers were left to roll their own solutions, and device management platforms like Airwatch, Soti, and MobileIron have been stuck supporting a multitude of different APIs and versions.
Cue forward to Android L and the introduction of security containers and managed provisioning to the core OS product. Corporate applications can now be provisioned through a managed process, associated with a user’s enterprise profile, and sandboxed away from the user’s consumer applications. Look out for the ability to enforce a check-in and check-out policy, tied to your associate’s enterprise credentials, for user access to enterprise applications.
If any of this sounds familiar, that’s because it is. Most of these features are borrowed from the undisputed leader in this space, Samsung Knox.
3. Password-protected Factory Reset
Here’s a less broad, but still important feature reportedly being added in Android L the ability to password protect a device’s factory reset mechanism. This actually opens up a feature-set that has long been absent from most Android devices.
Device management solutions now have the ability to lock-down and brick a stolen device through policy enforcement. Until now, a stolen device could easily be reset and repurposed, even if encrypted and set up with a lock mechanism. Sure, your corporate data would be wiped, but you’re still looking at a lost asset.
Expect solid uptake on enterprise policies requiring password protection for factory resets, along with (hopefully) a corresponding drop in device theft.
4. Scheduled Jobs and other new APIs
You have probably noticed a security-focused trend here. It makes sense; security concerns have been more-or-less the main roadblock in Android’s adoption rates in the enterprise thus far. However, Android promises a number of new APIs that enable developers to create better user experiences and more efficiently execute tasks.
There are certainly more than this, but here are the highlights that struck a chord with us:
- The new Job Scheduler APIs allow for battery-optimized and OS-managed task scheduling.
- Updated connectivity APIs to support Multiple network connections, and capability-based network change requests (e.g. if your app needs to be on a carrier billing network).
- WebView updated to Chromium M36, with a slew of security updates. The folks writing cross-platform Cordova applications should be happy about this.
5. Defined Organizational Device Owner and Task Locking
I’m probably under the influence of my recent projects in the enterprise space here, but this is absolutely my favorite feature (As a consumer I love Material Design, but we’re talking the corporate world here!).
Task Locking allows an application to lock the user within a specific task, with no way to exit through a press of the “Home” or “Back” button, or by switching to a recent application. The constraint is that the application must be authorized by an organizational device owner application (I read that as an MDM client) in a side-loaded configuration file, so an arbitrary application downloaded from the Google Play store can’t take over the device.
In the simplest of terms, task locking is an OS-supported, general-use kiosk mode.
I’ve found this to be one of the most valuable features added to Android L, from an enterprise sense, and one that is often overlooked by industry analysts and overshadowed by the inclusion of Knox-like managed provisioning.
The opportunities here are extremely broad; imagine Android tablets used for standardized test taking, customer help kiosks at retail stores, or electronic menus at fast-food restaurants.
Here at BlueFletch, we’ve already been experimenting with the Android preview SDK quite a bit. Our opinion: the next iteration can’t get here fast enough!
We’re crossing our fingers that we see quick adoption amongst consumers and enterprise users alike. The big question, particularly around the security and device management improvements, is how quick mobile device management solution providers can incorporate these features and convert their home-grown, manufacturer-specific implementations to those standardized in Android L.
You can find more information on the features in upcoming Android L here.
If you have questions about the impact of Android L on your organization, I’m happy to help. Please reach out!
by Matt Mehalso