Americas

  • United States

Asia

Galen Gruman
Executive Editor for Global Content

Android for Work brings container security to Google Play apps

news
Feb 25, 20152 mins
AndroidMobileSecurity

IT can secure any Play Store apps for Lollipop users, but earlier Android versions require special app versions.

Google today made real its Android for Work product, which was first announced last June at the Google I/O conference. Android for Work is a revamped version of the Divide containerization app that Google acquired last spring. It’s built in to Android 5.0 Lollipop and available as a separate app for Android 3.0 Ice Cream Sandwich through Android 4.4 KitKat.

Android for Work lets IT admins create a separate workspace on Android smartphones and tablets in which business-managed apps run. IT can also control how data is managed within that workspace, such as disallowing copy and paste from apps in the secured workspace into apps outside the workspace (that is, the user’s personal apps).

Google has not detailed the specific management controls available for managing content and apps within the secured workspace, though mobile management vendor MobileIron has produced a useful overview to Android for Work’s capabilities (registration required).

So it’s unclear how those controls compare to the app-management APIs that Apple introduced for iOS 7 in October 2013. Apple does not use a separate workspace for business apps and content, but instead keeps each app in a separate sandbox and highly restricts what data can be moved between sandboxes; the APIs introduced in iOS 7 let MDM (mobile device management) tools control the permissions for that data. Other iOS policies let IT manage app deployment and VPN use on a per-app basis.

Android for Work also relies on MDM tools to manage the data, as well as allow VPN management on a per-app basis. MDM providers that support Android for Work containers include BlackBerry, Citrix Systems, Good Technology, Google, IBM, MobileIron, SAP, Soti, and VMware AirWatch. 

Most vendors’ containers require that apps be “wrapped” with the management APIs, thus requiring a separate version of the app tied to a specific MDM tool. That’s the case with the Divide technology that Google bought, as well as with containers from other MDM providers.

In the case of Android for Work, apps don’t need to be wrapped to work in Android 5.0 Lollipop’s built-in container — you can run any existing Play Store app in that container. However, wrapped apps are required for earlier versions of the Android for Work container app.