Along with Android 11, many innovations have entered the market compared to Android 10. In addition to the innovations that participate in our daily lives, along with the release of Android 11, there are developments that concern us at the corporate level, that is, at the level of managing corporate devices. The Android 11 version, released on September 8, 2020, is the 11th version of the Android mobile operating system. You see, the Android 11 update is not as brand new as one might think; in fact, Android 12 is already on the market. So why talk about Android 11 now?
At MobiVisor we noticed that a significant number of managed mobile devices are still older Android versions and thus were not affected by the change in mobile device management that Android 11 brings. But while companies are upgrading and renewing their mobile device fleets more and more, it is very important to talk about the significant impact Android 11 and following versions have.

What’s new, Android?

Technology is developing rapidly and we are trying to keep up with its pace. But sometimes the biggest vulnerability of rapidly developing technology can be in the security and privacy of our devices. With the release of Android 10 for users, extended user security measures have entered our lives. With Android 11, security and privacy have been further increased for corporate devices enabled for personal use. We are of course, talking about devices that are used as work devices as well as personal mobile devices.

With the Android 11 update, the privacy protections provided for personal devices have been made available, while personal usage restrictions have been placed on the work profile, thus improving the work profile support for company-owned devices. These changes will provide all employees with a consistent user experience and privacy offering, and will also provide device-compatible extended management features.

Android in business contexts

First of all, Android 11 doesn’t change much in regards to usability. That means that the basic ways of how android works remain unfazed. The real difference is located in the background.
For a long time, Android tried to build up a more company friendly business model that directly compares to systems like Samsung Knox or Apple DEP. Android's biggest advantage is still  that it is very easy to handle and thus widely used. So of course, it would make sense for Android to try and get more into companies. But to achieve this it is most important to have a safe and sound security infrastructure.

When we compare older versions of android and how they worked with MDMs, it becomes obvious that there were security gaps, for example certain restrictions, that were not available for every android device. Also, not every android device reacted as well as some others would to commands coming from an MDM. The reasons for this were of course altered android versions on different devices: Samsung for example has their own very stable and reliable android version and thus worked very well with any MDM, even if it wasn’t Samsung Knox.
Others, for example Huawei devices, never took well to MDMs.
This leaves Android with a problem, though: to win more and more market shares, it is important to become a more reliable partner. So basically one point was to enhance security measures.

Another difference lies in the way  MDMs used to set up restrictions on mobile devices. As a system administrator you’d have to choose which apps and settings can be used or changed by the user. In the past, many companies handled this by either strictly forbidding personal usage and so having total control over a device  or by dividing the device into personal and work profile.
So far that's nothing new; however, strict regulations might have a negative impact on employer branding. Which company likes to be called old-fashioned or dusty?

In summary, companies are caught between the need for high security standards (especially when working remotely or with sensitive data) and being a company that is open and employee friendly. The last of course poses not an insignificant number of threats. Everytime employees could also use their devices for personal purposes there is the danger of misusing devices or data loss.
Thus, companies also often chose the COPE (company Owned, personally enabled) option for the devices. With older Android versions, they could still be sure to have some kind of access to the personal profile of the employees, for example to forbid the usage of apps like Whatsapp or Facebook. This is a slip with a catch though, as the personal data of employees might not be entirely sheltered from a company's grip.

How does Android 11 affect mobile device management?

We see that Android had a more complex problem to solve than simply patching up security issues. It was about providing a more reliable partnership with businesses than ever before. Android 11 mostly affects the division between personal+company profiles, meaning that Android 11 has strict rules for the configuration of the devices. When a new device is set-up, android forces a decision whether the device is used as a Company Device only ( without personal profile) or if the device is also used for personal purposes (division between personal + company profile)

This means that companies have to decide whether they want to grant their employees to use the mobile devices for personal purposes. If they decide to do so, they can rely on a more strict division between personal apps and data, for example when adding google accounts, than ever before. But the price for this is that they lose the bit of access they previously had on the personal profiles.

Android 11 and Google are very strict on this: every action that could affect personal data is forbidden and thus can’t be done from the admin, for example, blacklisting certain apps.
On the other hand, if a company decides to be more strict, they can choose to  enable the usage as a work only device. This way it is also not possible for the user to create a secondary profile, which could be used personally.

So what does this mean for an MDM admin?

As stated above, with older Android Versions it was practically excluded that system administrators lost access to whole parts of the device they should be managing.
But Android 11 began a development we don’t see ending, as Android 12 proved.
Of course in many companies there are still some older devices in stock, which are still used. But in the near future companies have to be even clearer about their intentions with the mobile devices they give to their employees.
That means, before deciding for an MDM it should be defined, what kind of restrictions are absolutely necessary in order to protect the companies data and systems. This way, a system administrator can not only decide what is the best way to handle this via MDM, but also what kind of policies they have to apply in order to comply with all necessary security measures.

All in all, our general feeling is that Android aims to support companies in making these decisions by limiting the possibilities in which they can configure devices. This can be easier especially when the mobile device management has to be done apart from the main business.
One problem Android didn’t solve though, is that different android devices still react a bit differently to MDM commands, so we will see how this turns out in the future.