Using a single device for both work and personal processes throws up a range of privacy concerns for both employers and their employees. The danger of accidentally sharing business-related information via an inappropriate app becomes far greater when you’re trying to juggle your personal and professional life off the same handset. Meanwhile, admin policies for company-owned, personally enabled (COPE) handsets often give admins deep control over the device, including too much visibility into personal use.
In Android 11, Google has doubled down on its efforts to separate work and personal profiles. The latest update for the mobile operating system, which is the seventh Android release featuring dedicated features for business users, has been designed to protect both individual users and the companies they work for, including enhanced sandboxing of apps and data, and better separation of work and personal use.
SEE: Android 11: New features for business users (free PDF) (TechRepublic)
These tabs are the most prominent new feature in Android 11, offering a highly visible means of switching between both work and personal profiles. This clear separation extends throughout the OS, offering employees separate tabs for work and personal when they share files, open content or go into their settings menu.
Enhanced controls for employers, more privacy for employees
For employers, Android 11 offers device controls like asset management tools and personal usage policies that give IT the ability to keep company-owned devices compliant with corporate policy, without compromising employee privacy.
This includes allowing admins to check and enable Common Criteria Mode on a device, which ensures certain device functionalities – such as AES-GCM encryption for Wi-Fi and Bluetooth Long Term Keys – are enabled, in line with workplace policies.
At the same time, Android 11 now notifies users when their company activates certain privacy and security-related device permissions: for example, when an admin enables location services on the device, or grants an app permission to use the location of a personally owned device.
“Android champions employee privacy with the work profile, and in Android 11 we’re bringing the same work profile privacy protections from personally-owned devices to company-owned devices as well,” said Ian Marsanyi, Android product manager.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)
Other enterprise improvements include the ability to pre-grant certificate access for work apps so that specific apps can access credentials without user interaction.
Data isolation has also been improved in Android 11. This is designed to ensure a secure separation between work and personal apps on the same device, and prevent access from outside of each profile by other applications or potentially malicious code.
“If a work profile is added from the setup wizard using the provisioning tools added in Android 11, the device is recognized as company-owned and a wider range of asset management and device level controls are made available to the device policy controller,” Google’s security documentation reads.
“These capabilities enable easier management of both work and personal use on company-owned devices, while maintaining the privacy protections of the work profile. Protecting and preserving a user’s privacy does not impact a device’s overall security but rather prevents an admin from viewing potentially sensitive info such as personal apps.”
Striking a work-life balance
Finally, for occasions when it’s helpful to view work and personal data simultaneously, Google has built a new secure mechanism that allows trusted apps to connect between work and personal profiles. By way of example, Google Calendar will soon allow people to see personal events in their work calendar, while keeping this information invisible to both colleagues and IT.
Both employees and IT must approve the way an app will handle security and user privacy before allowing an app to connect, Google said.
Other enterprise features in Android 11 put an emphasis on enabling employees using company-owned devices to better detach from work at the end of the day – particularly important at a time where the lines between work and home life have become increasingly blurred. “Separating work from personal makes it possible to do things such as pausing the work profile so employees can disconnect at the end of the day,” Marsanyi said.
“In Android 11 we’ve made this easier by removing unwanted distractions when the work profile is paused and enabling employees to automatically pause work apps according to their own schedule.”