Android R – new COPE model provides more privacy and fewer management options

Android R - new Cope Modell

Android R or Android 11 – this is the new operating system version of Android this year. While the update doesn’t bring many major changes overall, it does bring one that is relevant for companies that provide corporate devices, allow their private use, and use Android Enterprise: Because Android R changes the COPE model, where devices were previously managed using a Work Profile on Fully Managed Devices. This profile will be replaced by the so-called “Enhanced Work Profile”, which comes close to the BYOD scenario and allows significantly fewer management options in the private area than before.

BYOD, COPE, COBO vs. COSU

No matter whether a device is owned by the company or the employee: When it comes to corporate data, companies have the need to secure that data – but also the duty to protect the privacy of users. That’s why Android has four different models that offer different management options in Unified Endpoint Management systems for IT administrators, depending on ownership and usage:

  • Bring Your Own Device: BYOD devices are private devices that are also used for business. To protect employee privacy, the settings that administrators can change are low and focused on ensuring the security of corporate data. For example, an enterprise app store can be offered, a PIM application can be installed, data transfer to unauthorized applications can be prevented and data can be deleted from the device if necessary. Users must install a so-called Work Profile or it can be distributed to the devices via a UEM system.
  • Corporate Owned Personally Enabled: COPE devices are corporate property but are also enabled for private use. Here, professional apps are protected in a container that is managed by a Work Profile. Comprehensive security policies can be enforced. For example, the use of cameras, WLAN, and data roaming can be restricted and insight can be gained into the security of private and business applications.
  • Corporate Owned Business Only: COBO devices are also corporate devices, but are only allowed to be used for business purposes. Here the entire device is secured – with extensive management options. For example, it can be specified that apps may only be downloaded from the corporate app store.
  • Corporate Owned Single Use: COSU devices are also company devices that are operated in a kiosk mode and are restricted to certain applications. Here, the user interface, range of functions, and applications can be completely limited.

The management options of companies are usually defined in their policies. If the COPE model is too intrusive for an employee, he or she can simply do without the private use of the device.

Beratung_Android BYOD-COPE-COBO-CUSO im Vergleich

The future: The "Enhanced Work Profile"

According to Google, the COPE model will move much closer to the BYOD scenario in the future by limiting the administrative options in the private sector and limiting them to the professional context. Settings that affect the privacy of users can no longer be made in-depth, as is currently the case. The previous Work Profile will now be replaced by an “Enhanced Work Profile”, which separates and secures professional data and applications from private data.

This means that it will still be possible in future, for example,

  • to prevent the device from being reset to factory settings,
  • to limit the pausing of the Work Profile to a certain period of time and
  • to place the device under the management of the UEM system directly during the initial installation.

But it is no longer possible,

  • to view all privately installed apps,
  • to install apps in the personal area as administrator or prevent the installation of an app there and
  • to locate the location of a device.                                                                             

The release of Android 11 and thus the coming into effect of the new “Enhanced Work Profile” is currently scheduled by Google for the end of Q3/beginning of Q4 2020.

How will the migration succeed?

 

The migration to the “Enhanced Work Profile” is not too big for many companies. This is because many companies have not made – or have not been able to make – use of the previous options for the COPE model, which concerned private areas, to protect the privacy of employees. This is because some UEM providers have previously supported companies not being able to implement privacy settings.

 

However, companies should consider at an early stage whether they can do without the information and management options that will no longer be available in the future – or whether the COBO model could be the better alternative.

Please contact us so we can advise and support you with regard to the conversion.

Find out about the latest developments in the fast-moving digital workplace!

We keep you regularly informed about exciting topics around the digital workplace and invite you to our webinars.

EBF Newsletter

EBF Newsletter

Enterprise Mobility Newsletter

We keep you up to date on the topics of Enterprise Mobility and Digital Workplace

EBF-Mobility-Newsletter_EN_xs