Google Buckles Down on Android Enterprise Security

The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.

Google today launched the Android Enterprise Vulnerability Rewards Program, its latest effort to boost Android Enterprise security, along with several new capabilities and tools in Android 12.

Android 12, which is now available for Pixel phones and will be available for other devices later this year, brings more default enterprise security features to the operating system. Employees have access to more privacy controls over which work apps can access their device data, and IT admins have more controls to apply management configurations for enterprise devices.

If the IT admin allows it, employees using Android 12 can approve or deny sensor-related permissions, such as location and camera, for work profile apps. IT admins can give employees this same control on fully managed devices, Google wrote in a blog post on Android 12 security.

Other security features in Android 12 include the ability for admins to set up Wi-Fi networks for employees using a network API that doesn't require location permissions. Google has also added controls to help IT teams lower risk and ensure business data is more closely monitored — for example, IT can decide which input method editors (IMEs) employees can use on their personal devices to reduce the risk of using a rogue keyboard that might capture device data.

The latest version of the OS also brings new password complexity controls to protect corporate data, as well as network logging for the work profile for added control and reporting for work data.

Bug Bounty
Google's new program offers up to $250,000 for a full exploit on a Pixel device running Android Enterprise, Google says.

Also new today is the Android Management API, which aims to simplify management for companies that use Android Enterprise along with an enterprise mobility management tool. The cloud-based API aims to ensure these organizations receive new enterprise features with best practices and Android Enterprise Recommended requirements set by default.

In addition, businesses can use the new Android Management API Extensibility framework to change Android Management API capabilities, using on-device signals to trigger policy changes and address changing business needs.

Google has also built APIs and tools to support zero trust on Android. Today it announced partnerships with identity companies including Okta, Ping Identity, and ForgeRock to move beyond WebView for authentication and instead use Custom Tabs, which "give apps more control over their web experience, and make transitions between native and web content more seamless without having to resort to a WebView," the company explained.

"While WebView is a flexible and powerful component for rendering web content, Custom Tabs are more modern and full-featured, allowing identity providers to gather device trust signals, improve employee security and enable single-sign-on across apps and the web," wrote senior product manager Rajeev Pathak in a blog post on today's news.

Editors' Choice
Elizabeth Montalbano, Contributor, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading