Dora Vision - Fotolia

Android Enterprise Recommended touts quick security updates

Google's new program certifies devices that meet minimum hardware requirements, provide regular Android security updates and offer a consistent management experience.

The latest Android enterprise effort aims to reassure skeptical IT pros that their users' smartphones will receive regular security updates and provide consistent management capabilities.

Google's Android Enterprise Recommended program, launched today, certifies devices that meet certain standards and follow specific guidelines, with an emphasis on business deployment and security. Devices in the program will receive Android security updates within 90 days of Google releasing them, and these updates will continue for at least three years.   

"This is another attempt by Google to say that, as an enterprise, the devices that you pick will be secure," said Brian Katz, enterprise architect at Oath, a global online media company. "But the proof is in the pudding. Some devices get updates regularly, but it's not consistent."

Getting Android into the enterprise has been a real issue forever because of the security concerns.
Eric Kleinanalyst, VDC Research

Android Enterprise Recommended devices must also run Android 7.0 Nougat or higher, meet or exceed minimum hardware specifications, support zero-touch enrollment for enterprise mobility management (EMM) and more. Only 29.6% of all Android devices run version 7.0, which came out in August 2016, or higher, according to Google.

If an original equipment manufacturer (OEM) fails to keep up with Android security updates or meet other requirements, Google will remove it or its devices from the program, the company said.

Android security updates leave IT wary

The large number of OEMs and their varying approaches to Android security updates has hindered enterprise adoption since the operating system's inception.

"Getting Android into the enterprise has been a real issue forever because of the security concerns," said Eric Klein, director of mobile software at VDC Research. "Vendors have gotten a lot better, and the EMM companies have more robust solutions, but they're still not totally there."

Android Enterprise Recommended devices at launch

  • BlackBerry KEYone and Motion
  • Google Pixel, Pixel XL, Pixel 2 and Pixel 2 XL
  • Huawei Mate 10, Mate 10 Pro, P10, P10 Plus, P10 Lite and P Smart
  • LG V30 and G6
  • Motorola X4 and Z2
  • Nokia 8

Some devices have stopped receiving updates within 18 months of their release, leaving them susceptible to vulnerabilities and frustrating the IT pros tasked with securing them.

"Tell us what we can put our trust in," said Katz, whose company manages some Android devices.

In the absence of business-specific devices -- which OEMs have been reluctant to create because of low adoption numbers -- Android Enterprise Recommended is a step in the right direction, Klein said.

"IT folks are going to be more willing to buy a device that has that explicit detail in terms of the enterprise specifications," he added.

Moto X4
The Motorola X4 is an Android Enterprise Recommended device.

Android Enterprise Recommended partners

The Android Enterprise Recommended program includes devices from six OEMs, but not Samsung, the Android market share leader. Samsung has added several enterprise security and management features to its devices over the years. These include Knox, a set of management APIs, hardware-based security capabilities and more, and E-FOTA, software that gives IT control over Android updates.

Google said in a statement that it worked closely with Samsung to develop the Android Enterprise Recommended requirements and invited the company to join the program at launch.

"This is the first group of partners to be announced, and we'll be working with more OEMs in the future," Google said.

Dig Deeper on Mobile operating systems and devices

Unified Communications