Navigation
Recherche
|
Enterprise buyer’s guide: Android smartphones for business
vendredi 28 juin 2024, 12:00 , par ComputerWorld
Android dominates smartphone usage throughout the world — in every region except North America and Oceania. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option.
Google has a certification called Android Enterprise Recommended that focuses on enterprise concerns around performance, device management, bulk device enrollment, and security update commitments. Google publishes a tool to help IT see which devices meet that certification in various regions, as well as explore supported Android versions and end dates for security updates. But as Computerworld columnist JR Raphael has shown, the Google enterprise compliance checker is not kept up to date, so it cannot be relied on by itself. It’s also not clear that Google is enforcing compliance after products get certified. Bottom line: Android Enterprise Recommended is a starting point for narrowing your options, not a definitive filter. Apple tightly controls the iPhone and its iOS operating system, which gives IT strong assurance about software updates, security patches, device capabilities, and manageability. By contrast, the Android world is highly diverse, with dozens of manufacturers using Google’s Android platform but offering varying levels of quality and support, and in many cases few or inconsistent OS and security updates. The use of Android thus requires more effort by IT in selecting and supporting mobile devices. For that reason, iPhones are more likely to be the official business platforms (what are called corporate-liable devices) for devices that enterprises buy for their employees, even in regions where Android dominates. But it is typical for companies to let employees use their personal devices for work (what are called employee-liable devices or bring-your-own devices [BYOD]), providing access at least to work email and calendars, and often to web-based services. So how does IT choose which Android devices to buy and/or support for its users? This article gets you started. In this article: Recommendations for best Android devices in business Security considerations for Android devices Functional considerations for Android devices Vendor considerations for Android devices around the world Vendor considerations for front-line Android devices Recommendations for best Android devices in business For knowledge workers and general-purpose busines usage, there’s just one Android manufacturer with global device availability and enterprise-class (even military-grade) security, plus multiyear software and security updates after purchase: Samsung. That makes Samsung the best (and often only) choice for corporate-liable Android devices in every region. Its enterprise-grade models (what Samsung calls Android Secured by Knox) include the Galaxy S, Galaxy A5x, Galaxy A3x, Note, XCover, Z Flip3, and Z Fold3 series. For these models, security updates are promised for five years after initial release; Samsung publishes information on which models are currently receiving updates. But Samsung devices do have issues to be aware of, including the use of Samsung’s proprietary interface and its proprietary apps (though you can still use the standard Google apps), both of which can require extra IT support for those more familiar with Google-standard Android devices. Columnist Raphael also objects to some of Samsung’s practices around privacy and advertising. Still, no other Android manufacturer offers the combination of security and availability that Samsung does. Google’s Pixel 8 series phones are similarly secure, but without the proprietary UI and apps. Google promises seven years of security updates after initial release (up from five years for the previous Pixel 7 models). However, the Pixel 8 series is available in just 22 countries: Austria, Australia, Belgium, Canada, Czechia, Denmark, Ireland, France, Germany, Italy, Japan, Netherlands, Norway, Poland, Portugal, Singapore, Spain, Sweden, Switzerland, Taiwan, United Kingdom, and United States (except Puerto Rico). Motorola’s enterprise-class Android devices, such as the Edge models, are similarly secure. They’re available in 65 countries, including most of Europe, much of Latin America, Australia, New Zealand, India, China, Taiwan, Hong Kong, South Korea, Japan, Thailand, the Philippines, Malaysia, Saudi Arabia, the UAE, Canada, the US, and the UK. Where Motorola falls a bit short is in update support: It commits to just three years for security updates and to just one major Android OS version update. In most countries, these recommended devices are often too pricey for rank-and-file employees and for their businesses to buy for users other than executives or those handling very sensitive information. Fortunately, there’s a set of Android vendors that offer a range of inexpensive and moderately priced phones that provide good quality and adequate security: Nokia, OnePlus, Oppo, Sony, and Xiaomi. Samsung also has several moderately priced phones with adequate security, and Motorola has the Moto G. As shown later in this article, these vendors’ prevalence varies significantly across and within regions. Why these recommendations? And what other options does IT have or may get user pressure to support? The sections that follow explore the essential factors: security, updates, device capabilities of concern to business use, and vendor availability in various regions of the globe. There’s also a section on special-purpose front-line Android devices. Security considerations for Android devices In the early days of Android, security was a major IT concern. Research in Motion’s BlackBerry had set high standards in the 1990s and early 2000s for mobile security, whereas the early Android (and iOS) devices fell far short of IT expectations. Apple and then Samsung moved to make mobile security at least as good as BlackBerry’s in the early 2010s, and Google followed suit a few years later by making encryption standard in Android and then making container-based separation of work and personal data and apps a standard part of 2015’s Android 5.0 Lollipop OS. By 2017, the Android platform had strong security capabilities. More sophisticated capabilities became available through both hardware and software extensions, such as Samsung’s Knox platform in 2013 for its enterprise devices and Google’s Android for Work (later renamed Android Enterprise) for the rest of the Android world. Android Enterprise support became a standard feature in 2018’s Android 9.0 Pie. Today, IT can count on all Android devices having the basic level of security needed. But some users — such as high-level executives who deal in sensitive corporate data, or operations staff managing critical infrastructure or supply chains — need more security. And that affects your enterprise Android device options. There are three security levels to consider, and many organizations will need more than one in place: Basic security: This level is appropriate on personal devices permitted to access basic corporate systems like email. The basic security level provides device encryption, password enforcement, remote lock and wipe, and sandboxed execution of security functions. All current Android devices support this level, with even just a basic management tool like Google Workspace or Microsoft 365 in place. Moderate security: This level is appropriate for when IT requires or allows personal devices to be used for corporate access and apps, as well as for corporate-issued devices allowed to also be used for personal purposes. The moderate security level provides the basic level plus separation of work data and apps from personal data and apps via containers, via a unified endpoint management (UEM) platform that supports Google’s Android Enterprise platform or, only for Samsung devices, Samsung Knox. Tip: Compare the leading UEM platforms’ capabilities in Computerworld’s guide. All current Android devices with at least 3MB of RAM support work/personal separation, but some UEM platforms may require that the devices run newer versions of Android than are deployed at your organization. Advanced security: This level is appropriate for executives, human resources professionals, finance professionals, and anyone dealing with critical data and systems access such as in government, defense/military, finance, healthcare, and critical infrastructure like utilities, energy, and transport. The advanced security level provides the moderate level plus chip-based security enabled to reduce unauthorized access by spies and hackers, as well as compliance with the US’s recent Common Criteria security standard. Chip-level security detects hacks to the operating system, firmware, memory, and other core systems, and locks down or shuts down the device as a result, via Android’s Keystore service. Such hardware-level security is not an Android Enterprise Recommended requirement, but it is essential for military-grade security. Only a few devices use chip-level security to protect system integrity: Samsung’s Android Secured by Knox phones use Arm’s TrustZone chip for its Trusted Boot, Google’s Pixel series uses its own Titan-M chip for its Trusted Execution Environment (TEE), and Motorola says all its Android devices use Arm’s TrustZone chip for its Strongbox. (Apple’s iPhones have this capability too via the Secure Enclave.) The other Android vendors did not respond to my inquiries about their security capabilities but appear not to support hardware-based security, based on their websites’ specification data. The Common Criteria standard imposes specific security approaches that the US government thus knows it can rely on across devices; it’s also been adopted by multiple other countries. Although also not an Android Enterprise Recommended requirement, Common Criteria is a good advanced-security standard for IT to use anywhere in the world. Android models from multiple vendors comply with Common Criteria: a few from Google, Huawei, Motorola, Oppo, Samsung, and Sony, as well as some front-line specialty devices from Honeywell and Zebra Technologies. Apple’s iPhone also complies. Common Criteria keeps a current list of validated devices; be sure to open the Mobility section to see which phones comply. Government security certification for Android IT organizations may want to look to government certifications to determine their Android device selections for sensitive uses. When Apple and Samsung both gained US Defense Department, UK Government Communications Headquarters (GCHQ), and Australian Signals Directorate approval for use of their enterprise-class devices in the mid-2010s, it was huge news — breaking BlackBerry’s longstanding monopoly on government approval. Today, such announcements are rare, and governments instead focus on ensuring that approved UEM platforms are in place to manage the widely used iPhones and Android phones. But recently the US Department of Defense has approved several Samsung phones and some front-line Android devices from Honeywell and Zebra Technologies for sensitive uses, as it moves to using the Common Criteria standard. And the Australia Signals Directorate has approved several Samsung phones recently as well. The troubling security questions around Huawei’s Android devices IT will not find Huawei devices in Google’s Android Enterprise Recommended database. Google removed them in 2019 after public allegations from the US government that Huawei devices were spying on users via backdoors on behalf of the Chinese government. These concerns are not new: In 2012, I was having drinks with several US intelligence officials and defense contractors at an off-the-record conference of CIOs where they raised the same fears about Huawei, ZTE, and other Chinese computer and telecom manufacturers. Back then (under the Obama administration), US intelligence officials were quietly warning corporate CIOs about Huawei’s massive spying operations across its whole technology stack. Those fears about Huawei’s alleged being a conduit for spying are no longer quiet, with both the Trump and Biden administrations since speaking publicly. Multiple other governments have also made the same accusations, which Huawei denies. Because Huawei devices are popular in several markets — China, of course, but also in many parts of Africa, Europe, the Middle East, and South America — concerned IT departments may want to use management tools to deny Huawei and other distrusted devices access to their resources. Be sure to check whether your management tool can block access based on device vendor. According to their websites, UEM platforms that can block devices by vendor include BlackBerry UEM, Microsoft Intune, and VMware Workspace One. Security and OS update assurances for Android devices IT typically wants assurances that devices will get security updates and OS updates for several years, to reduce the risk of being hacked via old devices that haven’t kept up their defenses. Google’s Android Enterprise Recommended certification requires only one future OS upgrade. For security updates, it has no minimum, requiring only that vendors publish their update commitments on their websites — and that information can be hard to find. In my survey of Android vendor sites, three to five years is typical for Android security update commitments on business-class devices, and one to three future Android OS versions is typical for OS updates. (By contrast, Apple typically provides seven years of security updates and five years of iOS updates.) The stingiest Android vendors in terms of OS updates are Motorola, Oppo, and Xiaomi, which commit to just one major Android upgrade for their enterprise-class models. Google and Samsung have the best update commitments. Vendors’ published update commitments for business-class Android devices include: Google: seven years of security updates, three years of OS upgrades Motorola: three years of security updates, one year of OS upgrades Nokia: three years of security updates, two years of OS upgrades OnePlus: four years of security updates, three major OS upgrades Oppo: three years of security updates, one year of OS upgrades Realme: three years of security updates, two major OS upgrades Samsung: “at least” four years of security updates, three “generations” of OS upgrades Vivo: three years of security updates, three years of OS upgrades Xiaomi: three years of security updates, one major OS upgrade I could not find update information at the Honor, Huawei, Infinix, Itel, and Tecno sites, and the companies did not respond to my requests for information. For certified devices, you can also use Google’s Android Enterprise Recommended tool to narrow down by what date various vendors’ specific models’ security updates will end. Just keep in mind that the tool may not have recent models. I also recommend you verify whether vendors do what they promise by getting some older devices and seeing how recent the available security updates are: Have they kept up the promised duration? Finally, keep in mind that cellular carriers can override, slow, or block updates in many countries, overriding whatever promises the device vendor has made. For example, Google notes on its Pixel page that Pixel phones bought directly from Google often get updates sooner than those bought through a carrier. That carrier control is a longstanding reality, well pre-dating modern mobile devices, with only Apple able to have fully wrested control over updates from the carriers. Functional considerations for Android devices After narrowing down the pool of Android devices for potential support or purchase, the next step is to identify minimum requirements that necessitate specific configurations of those devices and perhaps eliminate some candidate models completely. These factors include: Android version: Your UEM platform or corporate apps and cloud services may require a minimum version of Android to function correctly or to comply with their security standards. RAM and storage capacity: Some devices offer minimal capacity to offer a cheap price. But that can hamper performance, especially for personal/work separation. A good minimum for corporate-issued devices is 8MB of RAM and 64GB of storage, to provide sufficient capacity for running multiple apps and switching among them with no performance hit. (Google’s official minimum is 3MB of RAM and 32GB of storage to support Android Enterprise.) Multiple-SIM support. People who work in multiple countries or must use their own SIM card for personal use and a corporate one for business use should use devices that offer two SIM trays or use, where carriers support them, eSIMs that are stored digitally on the devices. Expect to find differences in multi-SIM support even for the same model phone across countries and carriers, so purchase carefully to ensure you have all the needed variations. Some users work in tough environments where you’ll want tougher phones better able to withstand changes in air pressure, humid and wet conditions, heat and cold, and drops, bangs, and scrapes. That could mean using ruggedized devices, buying ruggedized cases for common devices, or avoiding devices with characteristics, like very thin materials or folding screens, that are more likely to be damaged. For maximum durability, ruggedized phones or cases should conform to the American Mil-Std-810G standard or the newer Mil-Std-810H standard. Vendor considerations for Android devices around the world Regional differences in vendor sources can be a factor in the devices IT chooses to provide and/or support. Those differences can both steer local companies to specific Android phone vendors and require multinational companies to consider such variations when formulating their approved-device lists for employee-liable devices and in the choice of corporate-liable devices they furnish. In addition to Apple, there are 14 current Android vendors with 1% or more usage share in at least one region: Google, Honor Device, Huawei, Infinix Mobility, Itel Mobile, Lenovo-owned Motorola Mobility, Nokia, OnePlus, Oppo, Realme Chongqing Telecommunications, Samsung Electronics, Tecno Mobile, Vivo Mobile Communication, and Xiaomi. Although LG discontinued its Android business in July 2021, enough devices are still in use to show up in usage charts, most notably in South America, and so they may still need IT support. Business purchase and BYOD patterns for Android Usage share in business, versus overall consumer usage, is likely to skew more toward the major vendors, but data on enterprise mobile market share — whether for corporate-provided or BYOD devices — is not available even from IDC, which specializes in tracking installed-product market share across a wide range of enterprise categories. Still, IDC analyst Kiranjeet Kaur notes that in much of the world, businesses other than multinational companies struggle to justify the expense of purchasing Samsung’s enterprise-class Android Secured by Knox phones and Apple iPhones — or, where available, even Motorola’s slightly less expensive Edge Fusion and Ultra phones or Google’s Pixel phones — for anyone but executives. So their IT organizations tend to issue adequately securable Android phones from broad-market vendors that offer models across a wider range of prices. Such Android vendors are also more likely to have business-oriented marketing and sales teams in key markets than the other Android vendors, she adds. I classify OnePlus, Oppo, and Xiaomi (and Nokia in East Africa and Sony in Japan) as broad-market vendors that offer at least some business-appropriate models. Google, Motorola, and Samsung also offer sub-enterprise models for broad-market business use. In most of the world, individuals who use their own phones for work — BYOD users — typically pick the cheaper Android phones, because in most markets the enterprise-class devices simply are unaffordable. In many rich countries like Australia, Canada, Japan, New Zealand, Norway, Saudi Arabia, Sweden, Switzerland, the UK, and the US, both IT and individuals favor enterprise-class devices from Apple and Samsung. But in much of Europe — including rich countries like Austria, France, Germany, Italy, and the Netherlands — the mix is broader than Apple and Samsung, with lower-cost, more consumer-focused Android vendors like Xiaomi having significant traction among users overall. IT organizations — especially in multinational companies — tend to avoid the low-cost Chinese vendors often favored by individual consumers in many parts of the world for price reasons. Why? Because on those low-cost devices, “the app experience can be shaky and can’t implement features properly, or apps don’t install properly,” IDC’s Kaur says. That poor quality for the only devices many employees can afford does pose a challenge for IT when supporting BYOD. I classify Honor, Infinix, Itel, Realme, Tecno, and Vivo as vendors of Android phones that are iffy for business use around app compatibility. And I advise against Huawei devices due to longstanding concerns over Huawei’s alleged spying, as noted earlier. Where IT will encounter the major Android vendors Samsung and Apple are the major phone vendors in nearly every market, which combines with their higher security capabilities to make them standard devices in multinational companies. However, South Korea-based Samsung has very little usage share in China, whose government policies favor Chinese vendors and where Samsung’s China Android business strategy failed due to Samsung’s own mistakes. Samsung’s share in Japan is also quite low, as it has been for more than a decade. US-based Apple has very little share in India, largely around cost but also due to the government’s Make in India policies that favor products made in India; in 2017, Apple started making iPhones in India due both to that pressure and to seek a manufacturing alternative to China, where the vast majority of its devices are still made. Some regions have major vendors not seen widely or at all elsewhere. For example: Tecno and Infinix have sizeable usage shares in Africa, and both have increasing shares in some Asian countries and in Latin America. Motorola is significant in South America and has pockets of adoption in Europe. Huawei is significant in Africa, Mexico, China, India, and parts of Southeast Asia, but overall it has lost about half its market in two years. Oppo, Realme, and Vivo have notable presences in much of Asia and in parts of the Middle East. Xiaomi is a significant vendor in much of the world — especially in Asia, Europe, Mexico, the Middle East, and South America — but is barely present in the US, Canada, and Oceania. By contrast, some well-known names don’t have significant presence outside a handful of markets, falling below the 1.0% threshold globally: Google’s Pixel devices have little global usage share but have shown growth in developed countries, topping out in New Zealand at 12.4%, followed by Japan at 5.4% and by Canada at 5.1%, with lower presence in Australia, the UK, and the US, as well as in several European countries. The well-reviewed OnePlus devices have minor usage share globally, though they are found in various countries across the world, including China, India, Israel, Norway, and Sweden. Chinese manufacturer Honor has a notable presence in a handful of countries — including China, Czechia, Mexico, Peru, Russia, and several Central American countries — but it is essentially invisible globally. It also uses its own MagicOS, based on Android 14 and proprietary apps, leaving broad compatibility a question mark. The tables below, all based on usage data from StatCounter (based on web access from devices), show which mobile phone vendors have 1% usage share or more across various regions, highlighting the major vendors in each. It also shows the shares of those vendors in select countries in each region, showing the diversity within each region that could affect IT support decisions. Although the data is from April 2024, the percentages have been fairly stable for several years, with the greatest variations among those with the smallest percentages, which often move around in that large bottom tier. Global mobile usage share ≥1%AppleSamsungXiaomiOppoVivoRealmeHuaweiMotorolaTecnoWorldwide28.024.011.45.75.03.53.52.31.6 All numbers are percentages Africa mobile usage share ≥1%SamsungTecnoAppleHuaweiInfinixXiaomiOppoItelRealmeAll Africa30.612.912.47.37.26.44.84.91.7Ethiopia46.819.04.34.710.21.3—3.7—Ghana22.720.916.35.913.01.7—8.2—Kenya22.817.93.42.89.04.26.73.05.6Morocco34.31.416.47.34.619.34.4—1.9Nigeria11.226.28.43.621.83.63.06.4—Senegal37.422.022.03.41.52.81.03.0—South Africa50.9—16.013.4—3.73.5—— All numbers are percentages Asia mobile usage share ≥1%AppleSamsungXiaomiOppoVivoRealmeHuaweiOnePlusAll Asia20.019.114.29.29.15.93.71.7China22.41.313.05.86.4—20.61.4Hong Kong48.229.58.5—1.1—3.8—India4.013.820.711.518.013.2—4.6Indonesia11.417.015.217.513.07.1——Japan60.27.54.32.31.1—2.1—Malaysia30.715.010.911.810.35.212.0—Pakistan4.415.46.612.212.93.64.6—Philippines15.713.410.013.812.411.65.8—Singapore33.022.85.54.81.71.02.4—South Korea26.867.6——————Taiwan57.220.83.66.22.3———Thailand31.920.66.814.413.34.92.4—Vietnam33.126.19.617.96.13.5—— All numbers are percentages Central America and Caribbean mobile usage share (Selected countries — no overall regional roundup data is available.) ≥1%SamsungAppleHuaweiMotorolaXiaomiHonorLG*Costa Rica25.026.56.45.110.75.3—Dominican Rep.27.934.32.03.28.8—3.5Guatemala40.121.74.68.311.15.8—Jamaica45.443.4—1.51.3——Panama34.920.25.8—14.58.4— All numbers are percentages*LG no longer sells Android devices; this reflects old devices still in use Europe mobile usage share ≥1%AppleSamsungXiaomiHuaweiOppoMotorolaRealmeGoogleAll Europe32.130.914.23.82.72.31.61.3Austria38.532.97.54.3————Czechia25.026.321.94.6—2.83.0—France29.131.713.94.03.6——1.2Germany34.033.810.93.51.21.0—1.6Greece13.029.332.06.2—1.02.4—Italy29.329.514.14.35.52.22.11.1Netherlands38.735.66.12.12.81.4—1.0Norway61.724.01.61.9—1.4—1.2Poland13.833.222.64.33.67.75.5—Portugal30.129.215.64.74.5———Romania25.243.28.56.13.04.4——Russia29.417.321.54.81.3—6.0—Spain20.327.628.73.86.91.01.9—Sweden55.727.92.91.7—1.4—1.2Switzerland51.027.44.72.52.3——1.2Ukraine29.119.027.82.42.72.02.1—United Kingdom49.230.12.14.4—2.8—3.1 All numbers are percentages Middle East mobile usage share (Selected countries — no overall regional roundup data is available.) ≥1%SamsungAppleXiaomiHuaweiOppoVivoRealmeInfinixEgypt25.211.813.28.018.52.210.04.1Israel49.825.815.9—————Saudi Arabia19.634.28.85.14.66.04.13.6Türkiye17.118.911.93.32.0———UAE22.819.517.63.98.55.45.12.2 All numbers are percentages North America mobile usage share ≥1%AppleSamsungMotorolaGoogleXiaomiAll North America54.825.14.62.92.1Canada61.024.21.55.11.1Mexico23.222.915.2—11.7United States56.525.24.33.01.4 All numbers are percentages Oceania mobile usage share ≥1%AppleSamsungGoogleOppoXiaomiHuaweiMotorolaAll Oceania53.927.46.02.91.21.01.0Australia57.425.85.02.61.3—1.1Fiji16.966.9—2.12.61.5—New Zealand41.932.412.44.3—1.7— All numbers are percentages South America mobile usage share ≥1%SamsungMotorolaAppleXiaomiHuaweiLG*TecnoAll South America36.216.816.114.41.71.41.3Argentina50.626.110.04.7—1.8—Brazil34.918.318.414.5—1.8—Chile31.59.022.114.24.92.0—Colombia24.612.222.320.64.9—1.5Peru31.09.510.224.07.41.3— All numbers are percentages*LG no longer sells Android devices; this reflects old devices still in use Vendor considerations for front-line Android devices For specialty uses — such as ruggedized devices in the field or special-purpose devices in retail and logistics — there’s a different set of front-line Android vendors for what Google calls dedicated devices. Zebra Technology, Motorola, Kyocera, and Honeywell are perhaps the most well-known, but there are many others. These devices are typically provided as an integrated solution, combining specific hardware devices with required specialty features like scanners and a software or cloud suite customized for the enterprise’s tasks, such as inventory management in retail, shipment tracking in logistics, medication distribution in healthcare, or sensor reading in utilities. As you can see at Google’s Android Enterprise Recommended tool, these front-line devices tend to use older versions of Android than consumer and knowledge-worker devices do, largely because of the customizations made. As with most special-purpose gear, stability is critical, so having a flow of feature updates can be a negative, unlike for general-purpose usage. This article was originally published in October 2022 and updated in June 2024.
https://www.computerworld.com/article/1614161/enterprise-buyers-guide-android-smartphones-for-busine...
Voir aussi |
56 sources (32 en français)
Date Actuelle
jeu. 21 nov. - 21:52 CET
|