Google recently announced Android 4.1 ‘Jelly Bean’ at its I/O conference in San Francisco. The latest flavor of the world’s #1 mobile OS promises better user experience and sexier UI. But does it really make any easier for IT to secure and manage those personal devices used for work?
Generally speaking, 4.1 is an incremental release that takes Android one step closer to Apple iOS, which has been in the market for 5 years now. From a corporate IT perspective, nothing is dramatically different or better. The many improvements are all consumer-oriented and mostly pertain to usability and overall end-user experience – key is the new extended vsync timing. From a BYOD perspective, not much has changed either. In fact, there are new reasons to worry about the potential security implications of some of the new consumer-oriented features related to Wi-Fi connectivity and data exchange. These include Wi-Fi Direct, a technology that lets apps discover and pair directly, over a high-bandwidth peer-to-peer connection and the Android Beam that allows Bluetooth data transfers from one device to another triggered by NFC.
On the other hand, IT managers will welcome the new Network Bandwidth Management API and the Smart App Updates functionality. The Network Bandwidth Management enhanced functionality may help corporate IT curb mobile data costs when the device is connected to a metered (read commercial) network, including tethering to a mobile hotspot. Apps can query whether the current network is metered before beginning a large download that might otherwise be relatively expensive to the user. However, this new API requires Mobile Device Management (MDM) and/or Telecom Expense Management (TEM) integration to get a clear picture of which networks are sensitive to data usage and to manage the network activity accordingly. In addition, the Smart App Updates technology, which makes app updates smaller, and thus faster and cheaper to download, may also help the overall system security by increasing the likelihood that individual end-users will keep their apps up-to-date.
Among the announced new features, two in particular may have a direct impact on security:
Once more, it appears that Google prioritizes consumer requirements over security and manageability. And that’s what you would expect from one of the most successful consumer brands on the planet. It’s fair to say that, despite some enterprise-grade security and management capabilities creeping into the Android platform over time, the primary target for Google – as well as for the many Android OEMs – is the consumer segment. The focus is on attributes like design, form factor and sleek user interfaces, not encryption, VPN, or MDM support. And unfortunately for the many IT managers cooping with disruptive IT trends such as Consumerization and BYOD, there is still no evidence that this is going to change any time soon.