What is device owner mode?
Device Owner mode is yet another deployment method available through Android Enterprise.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
May 10, 2020
9 min read
Android work profile is a secure space on the user’s smartphone where the administrator can manage applications and user accounts without restricting the user’s usage of their own data. Android work profile is also known as profile owner mode or Android for Work.
Android, with the help of Android Enterprise, supports various deployment models.
To help deployment models where work and personal applications reside together on the same device, Android places them in separate containers or work profiles, where the operating system enforces a firewall between them. All apps which correlate to work are placed in the work profile and personal apps are left in the primary profile. This is the case for BYO devices and COPE devices. In dedicated device deployment and work, only device deployment the work profile is not enabled.
The work profile functions as a separate Android user segregated from the primary profile but shares common UI. Work profile apps, alerts, and notifications are shown next to the primary profile counterparts, and they are badged with Android for Work briefcase icon, in order for users to understand what kind of app it is.
The Android work profile solution package is for BYOD users, allowing admins to maintain a self-contained work profile on a personal android device for a user. Corporate programs, documents, and management policies are limited to the work profile, keeping them protected and distinct from personal data while preserving user privacy. These are the Android Enterprise features that help the Admin achieve this.
Work profile can be provisioned on devices enrolled with Android Enterprise in two ways.
Enterprise data doesn’t intertwine with personal application data with the work profile. The work profile has its own apps, its own download directory, and its own settings. The following are the critical security elements that can be applied to any Android work profile.
Wading into more advanced and granular security restrictions, your UEM provider can utilize Google’s SafetyNet Attestation API to ensure that all the devices that are being enrolled in the organization’s network are actually genuine Android devices. SafetyNet is a set of Google Play Protect APIs which protect apps from threats to security. This series of APIs can mitigate device tampering, bad URLs, PHAs, and fake users.
Using Managed Google Play, Google Play enterprise edition, the UEM console may distribute apps to managed devices. You can access managed Google Play directly from the UEM console. Users can only install what they have been whitelisted for.
Android Enterprise does provide several granular device management capabilities with regard to the Android Work Profile. IT can enforce custom policies to make the management of work profile enabled devices much easier. Features that can be included in such custom policies are as follows.
The IT admin can create Android Work Profiles in user devices with the help of a UEM solution like Hexnode. This can be done by enrolling the device in the profile owner mode. Devices can be enrolled with Android Enterprise either as a device owner or as a profile owner mode. As a device owner, the admin can control the whole device and it is used for work only device deployment and dedicated device deployment. Unlike in the device owner mode, you do not have to reset the device to its factory settings to enroll as a profile owner.
As we said earlier, installing UEM’s Android for Work app or DPC from the Playstore, is a method of initiating the creation of a work profile in the user’s device.
Hexnode for Work is such an application available in the Playstore. The user has to download the app and make it the profile owner. After installing the app, the user will be guided through the entire process by the app itself so as to avoid any sort of confusion.
OEMConfig is a standard for configuring OEM-specific settings on devices that are part of the Android Enterprise program. It is an OEM-built application that is published on the Google Play Store. With the help of the Managed Configuration Management feature, these OEM-built apps can be used to push OEM specific configurations onto devices.
The customized OEM app once whitelisted in the work profile, can be used to set-up specific configurations for each OEM.
Since more and more emphasis is being placed on BYO devices and Remote Working is becoming the new norm, Android Work Profile is relevant now, more than ever. These are some industry-specific use cases mentioned below.
Employees working in a fixed location can now work remotely using their own personal devices. By deploying a work profile in their Android device, they can work on the go and remotely if a situation calls for that.
A work profile can be deployed in the devices that are personally used by delivery agents. This would give the agents a higher degree of freedom and the organization can save the cost of buying new devices for every new agent that joins their ranks.
Hospitals have lots of staff members ranging from doctors to attenders. It is close to impossible to deploy that many institution-issued devices to all the staff. Deploying a work profile on the personal devices owned by at least a fraction of the staff members can save the healthcare institution a lot of funds.
Android Work profile is a very useful and versatile offering by Android Enterprise. Especially for organizations looking to utilize the BYOD space. Thanks to technologies such as the Android work profile, corporations’ needs are being met in a sustainable manner that enables the right amount of control for end-users.