This document summarizes a presentation given at Droidcon 2012 about using Android in enterprise environments. The presentation covered some of the challenges of developing for large organizations with strict rules and international operations. It discussed what makes Android interesting for enterprises and some of its challengers like iOS and Windows mobile platforms. The presentation addressed issues like supporting multiple devices, applications, and development standards across diverse enterprise environments. It also noted some missing features from Android that could help further its adoption in enterprises.
2. Droidcon 2012
«The purpose of an organization is
to enable ordinary humans beings
to do extraordinary things» Peter F. Drucker
Large Organizations have to strictly follow rules and laws
Very risk averse, very security and privacy aware
Rigid development standards and quality assurance
Large Organizations are internationally spread
IT as business enabler, not feature- but productivity-driven
IT usually outsourced – documentation and processes
mandatory
We look at corporate internal applications
3. Droidcon 2012
What makes Android so interesting
for the enterprise?
Captain Jean-Luc Picard: There's an aura
around him.
Lieutenant Geordi La Forge: Well, of course, he's
an android.
5. Droidcon 2012
Challengers
iOS Windows [mobile|embedded|CE|phone]
Very strong C-Level visibility, Windows CE is the standard
favorite in BYOD schemes mobile productivity platform
Very good enterprise Broad range of rugged and
features, particularly for hardware (SAM) secured devices
update and hardware services Very good enterprise features,
Strong device and mail very strong Outlook integration
encryption WP 7 incompatible, Windows
Development requires Embedded 8 could be game-
separate infrastructure changer
Most importantly, though, they care.
6. Droidcon 2012
«I had a problem so I thought to use Java –
now I have a ProblemFactory»
7. Droidcon 2012
«We seek peaceful co-existence»
Capt. Remmick
or: Supporting multiple platforms
The right choice: Native, Hybrid or Cross-
Platform
No silver bullet. Analyze your requirements & constraints.
MEAP: Advantages & Drawbacks
Pro’s in integration and governance. Con’s in usability and native
features.
8. Droidcon 2012
Native Code Thick
Cross- Client
Code
Generator
Rich
Client
VM /
Runtime How much
users actually
like it*
Hybrid
App How much it
Web fits enterprise
Starter standards
Web
Client
Generic Code
Generic UI Native UI
*) the uncanny valley, see http://martinfowler.com/bliki/CrossPlatformMobile.html
9. «How can you be certain they're Droidcon 2012
receiving us?» Capt. Picard
or: Supporting multiple devices
Blacklists vs Whitelists
Trusted Certificates vary between device/api/provider
API & Development Issues
HttpUrlConnection vs DefaultHttpClient
Different Bouncycastle algorithms and hardware security features
Missing XML validation
Licensing 3rd party software.
Best technical solution Business model
10. «Mr. Data, is that the trouble I Droidcon 2012
believe it is?» Capt. Picard
or: Supporting multiple apps
Dealing with enterprise release and life cycles
Always be ready to release. Think of test environment and repositories
Intergalactic Continuous Integration
Not out of the box: strong & exotic hardware requirements
Missing Distribution Channels
Android stays behind its competitors
12. Droidcon 2012
How do you manage the diversity of
rules and guidelines in an enterprise?
13. Droidcon 2012
«The bureaucratic mentality is the
only constant in the universe» Dr. McCoy
Governance is key
Enterprises applications require transactions and accountability
Device state and user assignment must be maintainable
E-Mail, Clipboard, Intents and Caches often not properly secured
Security is key
Device Encryption and Application Safety are mandatory
Trusted context either via virtualization (BizzTrust, VMware) or
encryption e.g. with hardware modules (3LM, Certgate, Ageto)
Tradeoff: Most sophisticated protection is not integrated in
standard Android. Requires rooting, which itself is a security risk.
14. Droidcon 2012
«One of the advantages of being a Captain
is being able to ask for advice without
necessarily having to take it.» Cpt. Kirk
Bring your own device (BYOD)
Most employees do not want complex device passwords or full
control over their device and route all internet traffic over VPN*
Currently no distinction between Corporate/Private data
(except for dual-boot or application-level encryption)
Rooting and malicious software must be recognized
Connectivity
Connectivity should usually established over secure channels
Android does not support Proxy Authentication, Wi-Fi
configuration
Tethering and Bluetooth cannot be controlled
*) Which, luckily, is currently impossible anyways
16. Droidcon 2012
«Reports of my assimilation have been
greatly exaggerated» Cpt. Picard
Missing ecosystem features
Enterprise Market with CA for trusted applications
OTA Update API without Google account
Clear Chrome (Jelly Bean), Motorola and Samsung strategy
Understanding of enterprise features with app makers
Missing security features
MDM which supports user certificates, CA’s and network config
Wi-Fi Proxy Authentication, Full VPN routing, EAP-SIM
Real ASLR and storage encryption for corporate/private stores
E-Mail and Exchange features for S/MIME and two-factor auth
Robust Synchronization (SyncML), Robust Service and SSL
API
17. Droidcon 2012
Recap
Align to enterprise policies, prepare for non-market distribution
Embrace development standards, KPI’s and lifecycles
Thoroughly manage traceability, accountability and privacy
Prepare for integration using secure Webservices and XML
Prepare for fragmented device base and users who need to be
supported by – in the end – yourself (incomprehensible pain)
Scenario: Native Apps for different Platforms3 Developers2 different HardwaresMISSING DISTRIBUTION CHANELSBETA TestingAndroidstraightforward BUT: reducesecurity + missingdistributioncontroliOSentreprise -> no securityloss, (ordeviceidcontrol)WP7 -> via marketplace