Android 11 marks our seventh release with enterprise features, going back to 2014 when we introduced the work profile to secure and separate work data on a personal device. Now we’re coming full circle with new work profile improvements that make Android even more private and productive for employees. We’ve also included some key security updates in this release to further protect both work and personal data.
Making employee privacy job #1
Android champions employee privacy with the work profile, and in Android 11 we’re bringing the same work profile privacy protections from personally-owned devices to company-owned devices as well. Privacy is an expectation for employees and IT decision makers alike: a new Omdia research survey of 700 IT decision makers found that 80 percent of respondents believed personal data should be kept private from IT on a company-owned device.
To better support company-owned devices, the work profile now offers device controls like asset management tools and personal usage policies that give IT the ability to keep devices compliant with corporate policy without compromising employee privacy. And regardless of who owns the device, industry-leading data separation and security controls help ensure work data is secure in the work profile. To learn more, read our new work profile security paper.
To give employees more information about their location privacy, we’ve added a new notification whenever their IT admin grants location access to work apps. We’ve also enhanced our agreements with device manufacturers to help ensure all work profile privacy protections are reliably enforced.
Making it easy to get work done
The work profile makes the separation of work and personal data visible and usable for employees, while enabling easy switching between profiles. This helps people focus on their work and avoid accidental data leaks, all on a single device.
We’re taking that even further in Android 11 by expanding work and personal separation to more places throughout Android. Employees will now see separate tabs for work and personal when they share files, open content or go into their settings menu.
Separating work from personal makes it possible to do things such as pausing the work profile so employees can disconnect at the end of the day. In Android 11 we’ve made this easier by removing unwanted distractions when the work profile is paused and enabling employees to automatically pause work apps according to their own schedule.
Finally, for those times when it’s helpful to view work and personal data at the same time, we’ve built a new secure mechanism for merged experiences, allowing trusted apps to connect between work and personal profiles. Both employees and IT must approve the way an app will handle security and user privacy before allowing an app to connect.
For instance, Google Calendar will soon allow people to see personal events in their work calendar, helping to better schedule around commitments across their day. Personal calendar events will remain privately stored on device in the personal profile, invisible to both colleagues and IT.
We’ll be working with additional developers in the coming months to make more connected experiences available to users.
Making it simple to be secure and in control
Android security continually gets stronger as recently demonstrated by Pixel smartphones completing Common Criteria certification on Android 10 by leveraging Android Enterprise management APIs. In Android 11, we’re investing even more in security and management features that provide organizations with more protection for their data.
Last year, we launched Google Play system updates to directly patch OS system components using the same infrastructure we use to update apps. In Android 11, we’re now adding 12 more privacy and security components that can be updated via Google Play system updates, allowing us to quickly address even more critical areas without waiting for full operating system updates.
Other enterprise improvements include:
More IT controls for always-on VPN configurations.
The ability to pre-grant certificate access for work apps, so specific individual apps can access credentials without user interaction.
Device attestation using individual certificates, on devices with a dedicated secure element.