Google has announced that it will support the Device Administrator, which is used to manage Android devices, only until Android Q is released. The Android Q release is announced for Q3 2019. Therefore, we recommend that you switch to Android Enterprise – if you have not done so already. This is the only way you can securely manage your Android Q-enabled devices in the future. In addition, the switch allows you to take advantage of many new features that Google offers with Android Enterprise.
We will explain to you which functions will no longer be supported in the future, which new possibilities Android Enterprise offers and how the migration will succeed.
Which functions will no longer be supported in the future?
Since Android 2.2, you have been able to manage Android devices using the Device Administrator via an administration API, enforcing security standards for your devices. What was sufficient back then is now obsolete and no longer offers an adequate standard of safety.
Google has therefore introduced Android Enterprise with Android 5.0, which offers enhanced security features and more customization options, and with the introduction of Android 7.0 has begun to no longer support the first functions of the Device Administrator – for example, resetting device passwords using EMM. Although the Device Administrator has since been regarded as an outdated device management method, it is still used by many companies.
Since Android Pie, warnings for outdated Device Administrator functions are now displayed and with the introduction of Android Q, the support of the Device Administrator is to be discontinued completely.
The following device functions, among others, will then probably no longer be able to be used via the EMM:
- Enforce policies for device passwords (length, complexity, etc.), key locks, and camera access
- Resetting device passwords
- Preventing the Device Administrator from being deactivated/deleted
- Preventing resetting to factory settings
- AppConnect support under MobileIron
These features are essential for a high level of security, so we strongly recommend that you switch to Android Enterprise. As soon as a device is updated to Android Q or a new device is delivered with Android Q, this will no longer be controllable via the Device Administrator interfaces.
You should therefore start the switch as soon as possible. On the one hand, the new functions of Android Enterprise provide you with a great added value and on the other hand, it is a great risk not to have switched to Android Enterprise when the support of Device Administrator is finally discontinued.
What new features does Android Enterprise offer?
Google recognizes that many companies have security concerns when using Android devices, and has continuously invested in improving security features. With Android Enterprise, Google has made great progress and now offers features that provide more security and freedom for individual customization. These include, among other things:
- Android Zero-Touch: for an automatic connection of a mobile device with an Enterprise Mobility Management system already at the first start-up
- Managed Google Play Store: for complete control of apps in the Enterprise App Store
- The Android Enterprise Recommended seal: a seal for devices that meet specific security standards
- Comprehensive restriction options for BYOD, COPE, COBO and COSU devices
How to make the switch?
We recommend the following procedure to switch from Device Administrator to Android Enterprise.
Switching for private devices
- Android offers the “Work Profile” mode for private devices that are also used professionally. The profile can be provided via an EMM and separates private and professional applications and data by a container. Applications can be delivered via the Enterprise App Store Managed Google Play. Data cannot be transferred to unauthorized applications and can be deleted from the device if necessary.
- The switch succeeds with minimal interruption. Ask the user to install the Work Profile or enforce it using EMM or ship new devices directly with the Work Profile.
Switching for company-owned equipment
- For in-house devices (COPE, COBO and COSU), Android offers the “Managed Device” mode, which can be used to implement extensive security policies and which can also be distributed via an EMM.
- The switch requires a reset to factory settings. As this is a time-consuming process for the end user, we recommend that you equip all new devices with the profile and switch over on existing devices successively or as required.
Plan the switch in good time, since some not-inconsiderable adjustments must be made, for large numbers of devices carry the switch out in phases. Please feel free to contact us if we can assist you in this matter.