How to decide on one of the best Android telephones for enterprise
Security is the most important — however not solely — issue when deciding what Android gadgets to assist in your enterprise. See how Google, Huawei, Infinix, Itel, Motorola, Nokia, OnePlus, Oppo, Realme, Samsung, Tecno, Vivo, and Xiaomi stack up.
Vivek Chaudhary
Android dominates smartphone utilization all through the world — in each area besides North America and Oceania. Thus, companies in lots of areas are more likely to assist and situation Android gadgets to workers as their mainstay cellular gadgets. Even in areas the place Apple’s iPhone dominates or is comparable in market share, companies are more likely to assist or situation Android gadgets not less than as a secondary choice.
Google has a certification referred to as Android Enterprise Recommended that focuses on enterprise considerations round efficiency, gadget administration, bulk gadget enrollment, and safety replace commitments. Google publishes a device to assist IT see which gadgets meet that certification in numerous areas, in addition to discover supported Android variations and finish dates for safety updates.
But as Computerworld columnist JR Raphael has proven, the Google enterprise compliance checker just isn’t stored updated, so it can’t be relied on by itself. It’s additionally not clear that Google is implementing compliance after merchandise get licensed. Bottom line: Android Enterprise Recommended is a place to begin for narrowing your choices, not a definitive filter.
Apple tightly controls the iPhone and its iOS working system, which provides IT sturdy assurance about software program updates, safety patches, gadget capabilities, and manageability. By distinction, the Android world is extremely various, with dozens of producers utilizing Google’s Android platform however providing various ranges of high quality and assist, and in lots of instances few or inconsistent OS and safety updates. The use of Android thus requires extra effort by IT in deciding on and supporting cellular gadgets.
For that motive, iPhones usually tend to be the official enterprise platforms (what are referred to as corporate-liable gadgets) for gadgets that enterprises purchase for his or her workers, even in areas the place Android dominates. But it’s typical for firms to let workers use their private gadgets for work (what are referred to as employee-liable gadgets or bring-your-own gadgets [BYOD]), offering entry not less than to work e mail and calendars, and sometimes to web-based companies.
So how does IT select which Android gadgets to purchase and/or assist for its customers? This article will get you began.
Recommendations for finest Android gadgets in enterprise
For data staff and general-purpose busines utilization, there’s only one Android producer with international gadget availability and enterprise-class (even military-grade) safety, plus multiyear software program and safety updates after buy: Samsung. That makes Samsung one of the best (and sometimes solely) selection for corporate-liable Android gadgets in each area. Its enterprise-grade fashions (what Samsung calls Android Secured by Knox) embody the Galaxy S, Galaxy A5x, Galaxy A3x, Note, XCover, Z Flip3, and Z Fold3 sequence. For these fashions, safety updates are promised for 5 years after preliminary launch; Samsung publishes the safety lifespans for its enterprise-grade gadgets, which fluctuate by gadget.
But Samsung gadgets do have points to pay attention to, together with the usage of Samsung’s proprietary interface and its proprietary apps (although you possibly can nonetheless use the usual Google apps), each of which may require further IT assist for these extra conversant in Google-standard Android gadgets. Columnist Raphael additionally objects to a few of Samsung’s practices round privateness and promoting. Still, no different Android producer gives the mixture of safety and availability that Samsung does.
Google’s Pixel 6 sequence and new Pixel 7 sequence are equally safe, however with out the proprietary UI and apps. Google too guarantees 5 years of safety updates after preliminary launch. However, the Pixel 6 sequence is on the market in only a dozen international locations: Australia, Canada, France, Germany, Ireland, Italy, Japan, Singapore, Spain, Taiwan, United Kingdom, and United States. The Pixel 7 sequence is on the market in the identical international locations plus Denmark, India, the Netherlands, Norway, and Sweden.
Motorola’s enterprise-class Android gadgets, such because the Edge 30 Fusion and Ultra fashions, are equally safe. They’re out there in 65 international locations, together with most of Europe, a lot of Latin America, Australia, New Zealand, India, China, Taiwan, Hong Kong, South Korea, Japan, Thailand, the Philippines, Malaysia, Saudi Arabia, the UAE, Canada, the US, and the UK. Where Motorola falls a bit quick is in replace assist: It commits to only three years for safety updates and to only one main Android OS model replace.
In most international locations, these really helpful gadgets are sometimes too dear for rank-and-file workers and for his or her companies to purchase for customers aside from executives or these dealing with very delicate data. Fortunately, there’s a set of Android distributors that provide a variety of cheap and reasonably priced telephones that present good high quality and satisfactory safety: Nokia, OnePlus, Oppo, Sony, and Xiaomi. Samsung additionally has a number of reasonably priced telephones with satisfactory safety, and Motorola has its Moto G and Edge Neo fashions. As proven later on this article, these distributors’ prevalence varies considerably throughout and inside areas.
Why these suggestions? And what different choices does IT have or could get consumer strain to assist? The sections that observe discover the important elements: safety, updatability, gadget capabilities of concern to enterprise use, and vendor availability in numerous areas of the globe. There’s additionally a piece on special-purpose front-line Android gadgets.
Security concerns for Android gadgets
In the early days of Android, safety was a serious IT concern. Research in Motion’s BlackBerry had set excessive requirements within the Nineties and early 2000s for cellular safety, whereas the early Android (and iOS) gadgets fell far in need of IT expectations. Apple after which Samsung moved to make cellular safety not less than pretty much as good as BlackBerry’s within the early 2010s, and Google adopted go well with a number of years later by making encryption commonplace in Android after which making container-based separation of labor and private information and apps a regular a part of 2015’s Android 5.0 Lollipop OS. By 2017, the Android platform had sturdy safety capabilities. More refined capabilities grew to become out there via each {hardware} and software program extensions, akin to Samsung’s Knox platform in 2013 for its enterprise gadgets and Google’s Android for Work (later renamed Android Enterprise) for the remainder of the Android world. Android Enterprise assist grew to become a regular function in 2018’s Android 9.0 Pie.
Today, IT can depend on all Android gadgets having the essential stage of safety wanted. But some customers — akin to high-level executives who deal in delicate company information, or operations employees managing vital infrastructure or provide chains — want extra safety. And that impacts your enterprise Android gadget choices.
There are three safety ranges to think about, and plenty of organizations will want a couple of in place:
Basic safety: This stage is suitable on private gadgets permitted to entry primary company techniques like e mail.
The primary safety stage offers gadget encryption, password enforcement, distant lock and wipe, and sandboxed execution of safety capabilities.
All present Android gadgets assist this stage, with even only a primary administration device like Google Workspace or Microsoft 365 in place.
Moderate safety: This stage is suitable for when IT requires or permits private gadgets for use for company entry and apps, in addition to for corporate-issued gadgets allowed to even be used for private functions.
The average safety stage offers the essential stage plus separation of labor information and apps from private information and apps through containers, through a unified endpoint administration (UEM) platform that helps Google’s Android Enterprise platform or, just for Samsung gadgets, Samsung Knox. Tip: Compare the main UEM platforms’ capabilities in Computerworld’s information.
All present Android gadgets with not less than 3MB of RAM assist work/private separation, however some UEM platforms could require that the gadgets run newer variations of Android than are deployed at your group.
Advanced safety: This stage is suitable for executives, human assets professionals, finance professionals, and anybody coping with vital information and techniques entry akin to in authorities, protection/navy, finance, healthcare, and significant infrastructure like utilities, vitality, and transport.
The superior safety stage offers the average stage plus chip-based safety enabled to scale back unauthorized entry by spies and hackers, in addition to compliance with the US’s current Common Criteria safety commonplace.
Chip-level safety detects hacks to the working system, firmware, reminiscence, and different core techniques, and locks down or shuts down the gadget because of this, through Android’s Keystore service. Such hardware-level safety just isn’t an Android Enterprise Recommended requirement, however it’s important for military-grade safety.
Only a number of gadgets use chip-level safety to guard system integrity: Samsung’s Android Secured by Knox telephones use Arm’s TrustZone chip for its Trusted Boot, Google’s Pixel sequence makes use of its personal Titan-M chip for its Trusted Execution Environment (TEE), and Motorola says all its Android gadgets use Arm’s TrustZone chip for its Strongbox. (Apple’s iPhones have this functionality too through the Secure Enclave.) The different Android distributors didn’t reply to my inquiries about their safety capabilities however seem to not assist hardware-based safety, primarily based on their web sites’ specification information.
Common Criteria imposes particular safety approaches that the US authorities thus is aware of it may possibly depend on throughout gadgets. Although additionally not an Android Enterprise Recommended requirement, Common Criteria is an efficient advanced-security commonplace for IT to make use of wherever on the planet.
Android fashions from a number of distributors adjust to Common Criteria: a number of from Google, Huawei, Motorola, Oppo, Samsung, and Sony, in addition to some front-line specialty gadgets from Honeywell and Zebra Technologies. (Filter by “Mobility” within the Common Criteria internet device to get the present checklist.) Apple’s iPhone additionally complies.
Government safety certification for Android
IT organizations could need to look to authorities certifications to find out their Android gadget choices for delicate makes use of. When Apple and Samsung each gained US Defense Department, UK Government Communications Headquarters (GCHQ), and Australian Signals Directorate approval to be used of their enterprise-class gadgets within the mid-2010s, it was enormous information — breaking BlackBerry’s longstanding monopoly on authorities approval.
Today, such bulletins are uncommon, and governments as an alternative give attention to guaranteeing that permitted UEM platforms are in place to handle the extensively used iPhones and Android telephones. But lately the US Department of Defense has permitted a number of Samsung telephones and a few front-line Android gadgets from Honeywell and Zebra Technologies for delicate makes use of, because it strikes to utilizing the Common Criteria commonplace. And the Australia Signals Directorate has permitted a number of Samsung telephones lately as properly.
The troubling safety questions round Huawei’s Android gadgets
IT is not going to discover Huawei gadgets in Google’s Android Enterprise Recommended database. Google eliminated them in 2019 after public allegations from the US authorities that Huawei gadgets have been spying on customers through backdoors on behalf of the Chinese authorities. These considerations usually are not new: In 2012, I used to be having drinks with a number of US intelligence officers and protection contractors at an off-the-record convention of CIOs the place they raised the identical fears about Huawei, ZTE, and different Chinese laptop and telecom producers. Back then (beneath the Obama administration), US intelligence officers have been quietly warning company CIOs about Huawei’s large spying operations throughout its entire know-how stack.
Those fears about Huawei’s alleged being a conduit for spying are not quiet, with each the Trump and Biden administrations since talking publicly. Multiple different governments have additionally made the identical accusations, which Huawei denies.
Because Huawei gadgets are fashionable in a number of markets — China, after all, but in addition in lots of components of Africa, Europe, the Middle East, and South America — involved IT departments could need to use administration instruments to disclaim Huawei and different distrusted gadgets entry to their assets. Be certain to test whether or not your administration device can block entry primarily based on gadget vendor. According to their web sites, UEM platforms that may block gadgets by vendor embody BlackBerry UEM, Microsoft Intune, and VMware Workspace One.
Security and OS replace assurances for Android gadgets
IT usually desires assurances that gadgets will get safety updates and OS updates for a number of years, to scale back the danger of being hacked through outdated gadgets that haven’t stored up their defenses. Google’s Android Enterprise Recommended certification requires just one future OS improve. For safety updates, it has no minimal, requiring solely that distributors publish their replace commitments on their web sites — and that data might be onerous to seek out.
In my survey of Android vendor websites, three to 5 years is typical for Android safety replace commitments on business-class gadgets, and one to 3 future Android OS variations is typical for OS updates. (By distinction, Apple usually offers seven years of safety updates and 5 years of iOS updates.) The stingiest Android distributors by way of OS updates are Motorola, Oppo, and Xiaomi, which decide to only one main Android improve for his or her enterprise-class fashions. Google and Samsung have one of the best replace commitments.
Vendors’ revealed replace commitments for business-class Android gadgets embody:
- Google: 5 years of safety updates, three years of OS upgrades
- Motorola: three years of safety updates, one yr of OS upgrades
- Nokia: three years of safety updates, two years of OS upgrades
- OnePlus: 4 years of safety updates, three main OS upgrades
- Oppo: three years of safety updates, one yr of OS upgrades
- Realme: three years of safety updates, two main OS upgrades
- Samsung: “at least” 4 years of safety updates, three “generations” of OS upgrades
- Vivo: three years of safety updates, three years of OS upgrades
- Xiaomi: three years of safety updates, one main OS improve
I couldn’t discover replace data on the Huawei, Infinix, Itel, and Tecno websites, and the businesses didn’t reply to my requests for data.
For licensed gadgets, you can too use Google’s Android Enterprise Recommended device to slender down by what date numerous distributors’ particular fashions’ safety updates will finish. Just needless to say the device could not have current fashions. I additionally suggest you confirm whether or not distributors do what they promise by getting some older gadgets and seeing how current the out there safety updates are: Have they stored up the promised period?
Finally, needless to say mobile carriers can override, gradual, or block updates in lots of international locations, overriding no matter guarantees the gadget vendor has made. For instance, Google notes on its Pixel web page that Pixel telephones purchased immediately from Google typically get updates ahead of these purchased via a provider. That provider management is a longstanding actuality, properly pre-dating trendy cellular gadgets, with solely Apple capable of have absolutely wrested management over updates from the carriers.