We've just published guidance for Android 8 (Oreo). In it we recommend the best configuration to help organisations deploying Android 8 to take advantage of its new security features.
The guidance is aimed at devices in work-managed mode (which you may know as Device Owner mode, or sometimes Corporate Liable mode). This mode provides an organisation with the highest level of control, and offers the best option to manage information risk, over its Android devices.
Here are some other updates you will find in the guidance:
- Project Treble, a major architectural change that enables OEMs to separate their specific customisations and drivers from the Android operating system framework, aims to reduce the time frame between Google releasing security fixes and those being pushed to devices
- the ability to gather detailed network logs including DNS requests and TCP connections
- zero-touch deployment details, although this does require devices to be bought from specific carriers
- information on Google's new Android Enterprise Recommended programme, more below
Android Enterprise Recommended
Google recently announced the launch of this new programme which establishes best practices and common requirements for devices and services. Some of the programme's requirements include:
- delivery of Android security updates within 90 days of release from Google, for a minimum of three years
- consistent application experience in managed profiles and on managed devices
- minimum hardware specifications for Android 7.0+ devices
- the full list of requirements is available
The Android Enterprise Recommended devices will be kept up to date by Google, organisations can use this scheme to simplify their device selection process.
One thing you won’t find in our new Android 8 guidance, is information on another new Android 8 feature referred to as COMP (Corporately Owned Managed Profile). This is the ability to add an additional managed profile controlled by the same Mobile Device Manager (MDM) as the main profile. It allows for some extra security benefits such as ejecting keys from memory and some finer grain control over work and personal use. We haven't seen many organisations utilising this feature, so we haven’t included it - but if you believe your organisation may benefit from guidance on it let us know.
As always, feel free to add comments below or get in touch if you have any suggestions on how we could improve the guidance. We’d be especially keen to hear from you if you have completed any recent deployments using the settings we recommend – being able to learn from your experiences improves the guidance we develop.
And finally, remember to keep your devices up to date and patched!