Google Buckles Down on Android Enterprise Safety



Google as we speak launched the Android Enterprise Vulnerability Rewards Program, its newest effort to spice up Android Enterprise safety, together with a number of new capabilities and instruments in Android 12.
Android 12, which is now out there for Pixel telephones and might be out there for different units later this yr, brings extra default enterprise safety features to the working system. Workers have entry to extra privateness controls over which work apps can entry their system knowledge, and IT admins have extra controls to use administration configurations for enterprise units.
If the IT admin permits it, workers utilizing Android 12 can approve or deny sensor-related permissions, similar to location and digital camera, for work profile apps. IT admins can provide workers this identical management on totally managed units, Google wrote in a weblog submit on Android 12 safety.
Different safety features in Android 12 embrace the power for admins to arrange Wi-Fi networks for workers utilizing a community API that does not require location permissions. Google has additionally added controls to assist IT groups decrease threat and guarantee enterprise knowledge is extra carefully monitored — for instance, IT can determine which enter technique editors (IMEs) workers can use on their private units to scale back the chance of utilizing a rogue keyboard that may seize system knowledge.
The newest model of the OS additionally brings new password complexity controls to guard company knowledge, in addition to community logging for the work profile for added management and reporting for work knowledge.
Bug BountyGoogle’s new program gives as much as $250,000 for a full exploit on a Pixel system operating Android Enterprise, Google says.
Additionally new as we speak is the Android Administration API, which goals to simplify administration for corporations that use Android Enterprise together with an enterprise mobility administration device. The cloud-based API goals to make sure these organizations obtain new enterprise options with finest practices and Android Enterprise Advisable necessities set by default.
As well as, companies can use the brand new Android Administration API Extensibility framework to vary Android Administration API capabilities, utilizing on-device alerts to set off coverage adjustments and deal with altering enterprise wants.
Google has additionally constructed APIs and instruments to help zero belief on Android. Right now it introduced partnerships with id corporations together with Okta, Ping Identification, and ForgeRock to maneuver past WebView for authentication and as a substitute use Customized Tabs, which “give apps extra management over their net expertise, and make transitions between native and net content material extra seamless with out having to resort to a WebView,” the corporate defined.
“Whereas WebView is a versatile and highly effective element for rendering net content material, Customized Tabs are extra fashionable and full-featured, permitting id suppliers to assemble system belief alerts, enhance worker safety and allow single-sign-on throughout apps and the online,” wrote senior product supervisor Rajeev Pathak in a weblog submit on as we speak’s information.