> a dedicated work profile that isolates and protects work data
Oh wow, can this be used to just create a separate profile for every app? That way I can run Uber or Line without giving them every permission to everything? This is the biggest reason I do not install apps. Every "famous" app requests so many permissions it's just stupid.
And not to mention the weirdness of some of them, like "WiFi Device Information". What's that mean? Access to my WiFi AP names? No thanks. Or just local multicast? Who knows.
CyanogenMod's Privacy Guard is useful for dealing with this situation. There is a setting to enable it by default on newly installed apps. No matter what permissions the app says it requires, you are prompted when it actually requests them and can deny them at will or permanently.
I understand the discussion of app permissions is not a new one, but today I decided I wanted to try and buy a product through Amazon outside of the browser... Amazon specifically instructs you to navigate to your settings and allow installation of 3rd part apps. Then it directs you to download their .apk - To this point I was almost to the point of excitement that a MAJOR company is showing the public that this is even possible.
Then I opened the .apk. It asked me for what has to be every permission available on Android. Why would Amazon need access to me Contacts? It even asked specifically for permission to my microphone! What?
blackberry allows blackberry users to choose what permissions they won't allow access of in their apps. This doesn't work with the android apps but works rather well with blackberry apps.
For example 2048 game has a lot of permission but being a game I don't allow a single one and it still works flawlessly. I would love to see something like this in android as well. But for now users are at the mercy of app developers.
You can use Xprivacy with Xposed to feed an app fake or empty data on a permission by permission basis. This works better than blocking permissions because sometimes apps don't fail gracefully when a permission is denied.
I suggest that anyone considering sharing a personal device with work activity (other than basic phone calls and messaging, e.g. "I'll be in late") think twice.
Comes a security concern or conflict, someone's probably going to want access to the whole thing.
If you want me to do "your work" on a phone -- particularly as an employee as opposed to as an independent contractor utilizing their own resources as defined in the contract -- then give me a phone. A hassle, but on the other hand some protection, in exchange for a few additional ounces (phone weight) of prevention, as it were.
Just like I don't want to use my own computer to host their work/data. Nope. When the relationship ends, I turn in their equipment and there is no question as to whether all relevant data has been expunged. They have the entire device.
I'm a stickler about this. Beyond answering the odd phone call or message, I have a hard time seeing it as anything but the company unfairly attempting to externalize costs onto their employees.
Just like you give me a work computer to do work related tasks on, the same should go for mobile devices.
My employer used to be rather liberal but recently started clamping down on security. They wanted us communicating in the company chat on our phones so we installed the chat app. But now with the security clamp down they want to set security requirements on anything that accesses potentially sensitive information, meaning they want to dictate the security policy used on our personal devices. I told them to go stuff it, if its a choice between no work stuff on my phone and letting them set the policy on my devices, I'll go without access to work stuff. I'm not going to play that game with you, yes I'm willing to be That Guy that takes a stand on this.
The real irony is that my security policy at home is more strict than the one at work, but they conflict somewhat and I'm not willing to reduce my home security to accommodate them.
This is right, theoretically, but I'd love to see the stats on how many people carry two phones everywhere. It's either BYOD or someone using COPE for personal stuff. Not sure which is worse.
Where I work, they told us upfront "you can have your work email on your personal phone, but if we need to do an investigation for any reason, we're taking your personal phone". And they happily handed out work phones.
Of course, I've worked in security in other companies where employees had their work email and data on their personal devices, and in the event of a security incident we were not allowed to touch their personal devices even though there was work data on it. So it goes both ways.
Would secure-wiping the phone if involved in a legal discovery process be considered destruction of evidence?
Does your advice apply when you're only using, say Exchange, as your only entry point (e.g. on iOS devices?) - in this case, all discovery can be done server-side.
I find it hard pressed to think this issue hasn't been covered more rigorously.
Awkward naming aside, it seems like this is very similar to what Apple did in iOS2.0 with iOS Enterprise Developer program.
"Google Play for Work allows businesses to securely deploy and manage apps across all users running Android for Work, simplifying the process of distributing apps to employees and ensuring that IT approves every deployed app"
Leaving aside exactly how it's done, the end goal is the same: If I am Example Inc's CTO, I can now have my staff develop Example Inc Android apps that are neither sold on Play store nor side-loaded.
Apple requires running your own App Store server, I'm fairly certain Google will probably make it more cloud centric.
The name is silly, but it makes sense. Google Play is effectively a package manager. "Google Play for Work" is an enterprise-controlled package manager.
On a basic level its a "container" that uses selinux to create a separate security space in which "work" apps and data live, so they they don't mingle with your personal apps. The Android for Work administrator has complete control over that part of the phone, but can't touch any personal apps or data. There are also updated email/calendar/contacts apps. This made mainly to address BYOD scenarios.
This would be a lot more compelling if, when I got a Google voice voicemail and saw that in my Gmail app on my "Google Experience" Moto-G and clicked on the "listen to it" link it didn't just vanish leaving me with an open browser and no message.
I like my phone, it works for me, but the sheer disconnectedness of it all is really jarring. Things show up in random places, or not at all, (especially media), and there is no "data connectivity" from anywhere to anywhere else, the same text message appears in my GVoice app, my Gmail app, and as a text message in Messaging.
How do you even begin to make a coherent business tool out of that?
> same text message appears in my GVoice app, my Gmail app, and as a text message in Messaging.
The "official" way to deal with this is to go to the Google Voice site and turn of emailing yourself every text. Then install the Hangouts app and enable SMS through Hangouts. Then disable notifications in the Google Voice and Messaging apps.
Result: On phone Hangouts handles texts + voicemail + Google chat, and on desktop GMail (or the Hangouts extension for Chrome) handles them.
At least, that's my understanding of what Google's intended best practice is.
Google really did drop the ball on messaging.
Hangouts was supposed to progressively regroup all these messaging capabilities in one service, but the SMS integration alone has been so bad that Google rolled out a separate SMS app after deleting it in the first place (the new version is an improved Material revamp, but it still serves the same purpose).
There is probably a very interesting insider story behind this cock-up.
In the mean-time, I hope that Google will learn from these attempts and improve Hangouts in meaningful ways. Sundar Pinchai has already alluded to the fact that Hangouts and Photos are going to be treated as entirely different teams/services than Google+, which is probably a good start.
Looks like they are going after Microsoft on a different front. Especially with the notes and outlook integration. Can they provide enough of a productivity boost to get people to dump the windows ecosystem? Will IT managers be comfortable with cloud managed systems?
Right, on a device with a closed source baseband. On a platform where the vendor has shown to install new apps without getting active consent from the user (Google Play Games, Hangouts, Google Now, Play Kiosk) to name a few.
I hope this will appeal to our management, at the moment we have to use this horrible, horrible Vodafone-at-work app on Android (https://play.google.com/store/apps/details?id=com.mobileiron...). I crashes, it ask for a password constantly, separate from your system password, it cannot show appointment in your normal agenda or the lock screen, it drains battery.
They switched to it because some apps for android "lied" to our exchange server and said that mail was encrypted locally while it was not, passwords would not even be necessary (I think that was solved in Android >4). The Vodafone app caused many people to just stop syncing work related accounts: Not worth the trouble.
Looks like anoher thing would follow pc world. Initially companies allow personal laptop to be connected to work as long as you had correct version of patches and so on but with increased focus on security in most large organizations they have moved back company provided laptop. Same will happen here? Another issue a lot of good andriod's come with single sim hence you will anyway need a second (may be dumb phone) phone. Or does people use office phone for personal use , i mean where websites ask for your phone number? Because in India when leave a company (which is on an average one in 3 years) the company take the SIM back with number. And many folks have 2 sims for personal use itself so will obivously need office to provide the phone.
For work on Android I really need native split-screen support. Samsung-specific "multi window" is not a solution.
A proper window tiler would be even better.
Also the interface needs slim UI controls and slim window decorations, basically a "pro mode" theme-switcher for larger screens and mouse/keyboard users.
Because centralized control by IT has worked so well for corporate security over the past few decades...
I don't understand why organizations still want implement an IT paradigm which has done nothing but fail at its primary goal but has held back innovation and made workers miserable.
All the negativity aside can someone post what this brings to the market. What can android for work do essentially that other androids can't ? What does this bring extra to average android users?
I tried to find any info about license or repos and couldn't find anything. Unlike Samsung's Knox, which is FOSS, how can this be even remotely secure if it is closed source?
Seems that Google is full on the "Extinguish" phase with Android.
edit: amazing that I'm being downvoted for stating facts yet nobody replies to me.
[+] [-] MichaelGG|11 years ago|reply
Oh wow, can this be used to just create a separate profile for every app? That way I can run Uber or Line without giving them every permission to everything? This is the biggest reason I do not install apps. Every "famous" app requests so many permissions it's just stupid.
And not to mention the weirdness of some of them, like "WiFi Device Information". What's that mean? Access to my WiFi AP names? No thanks. Or just local multicast? Who knows.
[+] [-] errantmind|11 years ago|reply
[+] [-] loxs|11 years ago|reply
[+] [-] scrapcode|11 years ago|reply
Then I opened the .apk. It asked me for what has to be every permission available on Android. Why would Amazon need access to me Contacts? It even asked specifically for permission to my microphone! What?
[+] [-] rtpg|11 years ago|reply
There's also an issue with "leaky abstractions" on android, where some useful features require extremely invasive permissions.
[+] [-] cbhl|11 years ago|reply
That said, if you want to create a separate profile for Uber or Line, you can already do so on Android 5.0 and above: https://support.google.com/nexus/answer/2865483?hl=en&ref_to...
[+] [-] guelo|11 years ago|reply
[+] [-] minusSeven|11 years ago|reply
For example 2048 game has a lot of permission but being a game I don't allow a single one and it still works flawlessly. I would love to see something like this in android as well. But for now users are at the mercy of app developers.
[+] [-] 0x5f3759df-i|11 years ago|reply
[+] [-] Nicholas_C|11 years ago|reply
[+] [-] fshen|11 years ago|reply
Almost every app requests too many permissions. Almost every app starts a background process to receive notifications. which are very bad.
[+] [-] pasbesoin|11 years ago|reply
Comes a security concern or conflict, someone's probably going to want access to the whole thing.
If you want me to do "your work" on a phone -- particularly as an employee as opposed to as an independent contractor utilizing their own resources as defined in the contract -- then give me a phone. A hassle, but on the other hand some protection, in exchange for a few additional ounces (phone weight) of prevention, as it were.
Just like I don't want to use my own computer to host their work/data. Nope. When the relationship ends, I turn in their equipment and there is no question as to whether all relevant data has been expunged. They have the entire device.
[+] [-] click170|11 years ago|reply
Just like you give me a work computer to do work related tasks on, the same should go for mobile devices.
My employer used to be rather liberal but recently started clamping down on security. They wanted us communicating in the company chat on our phones so we installed the chat app. But now with the security clamp down they want to set security requirements on anything that accesses potentially sensitive information, meaning they want to dictate the security policy used on our personal devices. I told them to go stuff it, if its a choice between no work stuff on my phone and letting them set the policy on my devices, I'll go without access to work stuff. I'm not going to play that game with you, yes I'm willing to be That Guy that takes a stand on this.
The real irony is that my security policy at home is more strict than the one at work, but they conflict somewhat and I'm not willing to reduce my home security to accommodate them.
[+] [-] blazespin|11 years ago|reply
[+] [-] freehunter|11 years ago|reply
Of course, I've worked in security in other companies where employees had their work email and data on their personal devices, and in the event of a security incident we were not allowed to touch their personal devices even though there was work data on it. So it goes both ways.
[+] [-] r00fus|11 years ago|reply
Does your advice apply when you're only using, say Exchange, as your only entry point (e.g. on iOS devices?) - in this case, all discovery can be done server-side.
I find it hard pressed to think this issue hasn't been covered more rigorously.
[+] [-] cwyers|11 years ago|reply
[+] [-] r00fus|11 years ago|reply
"Google Play for Work allows businesses to securely deploy and manage apps across all users running Android for Work, simplifying the process of distributing apps to employees and ensuring that IT approves every deployed app"
Leaving aside exactly how it's done, the end goal is the same: If I am Example Inc's CTO, I can now have my staff develop Example Inc Android apps that are neither sold on Play store nor side-loaded.
Apple requires running your own App Store server, I'm fairly certain Google will probably make it more cloud centric.
Glad they're finally stepping up on this front.
[+] [-] robotresearcher|11 years ago|reply
[+] [-] pfooti|11 years ago|reply
[+] [-] munificent|11 years ago|reply
[+] [-] digi_owl|11 years ago|reply
Even the icon is a stylized version of the mark found on the appropriate button.
[+] [-] narrator|11 years ago|reply
https://github.com/cocaine
[+] [-] CmonDev|11 years ago|reply
[+] [-] ispivak|11 years ago|reply
[+] [-] JTon|11 years ago|reply
[+] [-] bdcravens|11 years ago|reply
[+] [-] aetch|11 years ago|reply
[+] [-] ChuckMcM|11 years ago|reply
I like my phone, it works for me, but the sheer disconnectedness of it all is really jarring. Things show up in random places, or not at all, (especially media), and there is no "data connectivity" from anywhere to anywhere else, the same text message appears in my GVoice app, my Gmail app, and as a text message in Messaging.
How do you even begin to make a coherent business tool out of that?
[+] [-] Bjartr|11 years ago|reply
The "official" way to deal with this is to go to the Google Voice site and turn of emailing yourself every text. Then install the Hangouts app and enable SMS through Hangouts. Then disable notifications in the Google Voice and Messaging apps.
Result: On phone Hangouts handles texts + voicemail + Google chat, and on desktop GMail (or the Hangouts extension for Chrome) handles them.
At least, that's my understanding of what Google's intended best practice is.
[+] [-] on_and_off|11 years ago|reply
[+] [-] valgaze|11 years ago|reply
[+] [-] narrator|11 years ago|reply
[+] [-] prawn|11 years ago|reply
I can imagine the average business manager type reading that line and thinking "Wha?!"
[+] [-] kibwen|11 years ago|reply
[+] [-] jnevelson|11 years ago|reply
[+] [-] chinathrow|11 years ago|reply
Right, on a device with a closed source baseband. On a platform where the vendor has shown to install new apps without getting active consent from the user (Google Play Games, Hangouts, Google Now, Play Kiosk) to name a few.
[+] [-] chinathrow|11 years ago|reply
[+] [-] teekert|11 years ago|reply
They switched to it because some apps for android "lied" to our exchange server and said that mail was encrypted locally while it was not, passwords would not even be necessary (I think that was solved in Android >4). The Vodafone app caused many people to just stop syncing work related accounts: Not worth the trouble.
[+] [-] jsudhams|11 years ago|reply
[+] [-] listic|11 years ago|reply
[+] [-] Navarr|11 years ago|reply
[+] [-] pjbrunet|11 years ago|reply
A proper window tiler would be even better.
Also the interface needs slim UI controls and slim window decorations, basically a "pro mode" theme-switcher for larger screens and mouse/keyboard users.
[+] [-] makeitsuckless|11 years ago|reply
I don't understand why organizations still want implement an IT paradigm which has done nothing but fail at its primary goal but has held back innovation and made workers miserable.
[+] [-] minusSeven|11 years ago|reply
[+] [-] noconflict|11 years ago|reply
[+] [-] viccuad|11 years ago|reply
Seems that Google is full on the "Extinguish" phase with Android.
edit: amazing that I'm being downvoted for stating facts yet nobody replies to me.
[+] [-] walterbell|11 years ago|reply
[+] [-] davidgerard|11 years ago|reply
[+] [-] aembleton|11 years ago|reply
If it does, then it will be possible for a third party to read the stored data.