The overhaul of security that Android 5.0 ‘Lollipop’ offers is perhaps the biggest one in the history of the mobile OS. Arguably, Lollipop 5.0 is the most secure version of the Android OS. Apart from challenging Apple’s iOS more effectively, this appears aimed at attracting a greater share of enterprise users.
It is essential for enterprises to support Android as it has a majority of market share in the smartphone market globally. So IT managers in enterprises have begun to integrate Android into their mobile strategies, especially in view of recent trends like ‘bring your own device’ (BYOD).
For several years, the Android platform’s fragmentation remained an obstacle for enterprise support for it. Administrators were worried about allowing Android on their networks due to the security risks involved. Even if they did allow it, Android was limited to Exchange ActiveSync access. All that appears set to change with the advent of the Lollipop version. Apart from enterprises, obviously, this should be of interest to companies offering Android application development services.
Let us look at some of the enterprise-friendly security features of the Android 5.0 Lollipop:
Enhanced security with inclusion of MDM/EMM APIs
For a standard approach to the security and management of Android mobile devices, Google has included MDM/EMM APIs. Enterprise mobility management solution vendors will no longer have to create different versions for devices of different manufacturers running on Lollipop. They will have to continue to do so for devices running Android versions earlier than Lollipop, of course.
Google has also strengthened the base operating system, strengthening the data security by default. The new APIs number in thousands and many of them help enterprises.
Android for Work securely separates personal data from work data
Samsung’s Knox technology is said to have contributed to Android’s open source project that resulted in Android for Work (which has been described in detail in an earlier blog post). EMM had been a well-recognized weakness that Android had, especially with respect to security and privacy of data. Before Lollipop, Google had included almost nothing in the base operating system.
The container model, which lets users separate work and personal environments on the device, is perhaps the most significant capability that Android for Work offers. ‘Managed profiles’ is the name Google has given it. Data and apps in one managed profile are not accessible in the other. You can use third party MDM/EMM systems to manage the profiles.
Comes with SELinux, a new, more secure version of Linux OS
All Android versions are based on Linux. Lollipop has been built on SELinux, which is a variant much more secure than others. SELinux offers much more fine-grained and sophisticated access control over files and processes than conventional Linux or as compared to traditional UNIX permissions. The permissions can’t be changed when processes run in user mode. Privilege escalation attack potential is reduced greatly in this manner.
As against devices running older Android versions, it is much more difficult for malicious software to take hold of a system on Lollipop or to do anything substantial with it.
Default encryption makes it hard to crack
Android 5.0 by default provides strong encryption for user storage. This is in line with what iOS 8 provides, despite protests by several governments in this regard and appeals against it in the name of national security.
The encryption will be automatically turned on in new Lollipop devices. Those who upgrade their devices to Lollipop will have to initiate the encryption on their own.
So, enterprises have already been able to encrypt their devices, but Lollipop will make it easier for them and nevertheless increase the encrypted percentage of the devices.
Urgent updates for security now delivered regardless of ISPs
Google has traditionally depended upon the carriers to provide updates for the Android operating system. However, they have not proved to be very reliable. So, Google has decided to take away some of the responsibility from them with the Lollipop version.
Google Play Services now has a ‘dynamic security provider’. It can deliver security updates that are urgent to devices as soon as the security issues are resolved.
It’s a big plus for security as far as Lollipop is concerned that critical updates can now be rushed out without waiting for carriers. However, it’s still not clear if carriers can be bypassed for delivering major updates also.
Smart Lock feature provides additional security
The feature makes it easier to use a locked device. You don’t have to repeatedly enter a code to unlock a device if you pair it with an Android Auto, Android Wear or other Bluetooth or NFC device. You just have to bring both devices close enough to each other to unlock.
Google has also improved on Android’s Face Unlock through Smart Lock. Whereas Face Unlock statically checks the user’s face during login, Smart Lock checks it continually. When the device can’t see the user, it gets locked.
Lollipop lets a user wipe a device remotely, if it is stolen, and a thief can’t factory reset a device running Lollipop.
Screen Pinning allows use of device for single function
A user or organization can lock a device to a single app through screen pinning. The Back and Home buttons don’t work and the enterprises can loan out or assign the devices to users who require a single function.
Generally, the function is a kiosk, such as those required in a hotel lobby or to help customers in a retail store or to provide electronic menus and ordering help at restaurants. There are other uses such as test-taking as well.
However, the app requires authorization from a device owner app and requires a MDM/EMM client.
Device sharing made easier through multi-user mode and guest mode
Android Lollipop has a multi-user mode that lets users sign into any device running the Lollipop version, using their own credentials. There also is a guest mode that lets a second person use the phone in a way wherein data and features are secure and ‘locked down’.
Android 5.0 Lollipop has some added features which make it more secure than earlier versions and, therefore, more suitable for the enterprise than any other Android version.
How has your experience with Android Lollipop been? Are you part of an enterprise where a number of employees use devices that run Lollipop? Please share with us in the comments section below.