- Android announced the availability of its latest operating system Android 8.0 Oreo which includes new enterprise mobility management, application programming interface (API), and security features.
Work profile on work managed devices is one of the biggest enterprise additions to the OS. Fully managed devices now have work profiles with the new OS. Organizations can now separate apps and policies while maintaining visibility across both profiles.
With work profiles on fully managed devices, device owners can:
- Create a managed profile without user interaction
- Receive notifications when secondary users or managed profiles are created or removed
- Prevent other DPCs from creating managed profiles.This setting is the default in Android 8.0 for device owners on newly provisioned devices or devices upgraded to Android 8.0.
- Device owners can also prevent users from removing existing managed profiles
The distinction between the device owner and the profile owner make it easier for organizations to control what apps are being used and how the device is interreacting with the network. This also makes it easier for organizations to manage BYOD devices.
APIs also received an update and are now easier to provision. API delegation allows device and profile owners to offload app management to other applications.
The update also includes interface changes to better communicate the status of always-on VPN connections.
- When always-on VPN connections disconnect or can't connect, users see a non-dismissible notification. Tapping the notification shows the VPN configuration settings. The notification disappears when the VPN reconnects or the user turns off the always-on VPN option.
- Before users enable always-on VPN, Settings now warns the user that they won't have an Internet connection until the VPN connects. Settings prompts the user to continue or cancel.
The Android update also eliminates the ‘allow unknown sources’ setting. This is significant to enterprises because it reduces the chance that users will download an app that will infect the network.
The ‘allow unknown sources’ setting has always been an Android staple, allowing users to download apps from outside the Google Play store.
The feature has been replaced in the update with the ‘install unknown apps’ permission which makes it safer to download apps outside of Google Play.
“This permission is tied to the app that prompts the install— just like other runtime permissions—and ensures that the user grants permission to use the install source before it can prompt the user to install an app,” Android Security Product Manager Edward Cunningham said in a blog post. “When used on a device running Android O and higher, hostile downloaders cannot trick the user into installing an app without having first been given the go-ahead.”
The permission gives users more control over how they download apps and allows them to revoke any apps permission at any time.
Healthcare organizations can incorporate these updates into their enterprise mobility management strategies to help IT maintain batter control over Android devices and users have a better understanding of their devices.