ISEC7 Digital Workplace Blog

Android 15 for Enterprise: Everything You Need to Know

Written by Remi Keusseyan | Nov 12, 2024 11:03:44 AM

While predominately offering new consumer-focused features, the forthcoming Android 15 release  also brings a series of security and management improvements for the enterprise.

Consumer Features

Partial Screen Sharing

With Android 15, applications can detect if the device's screen is being recorded when they are in the  foreground. The system now supports partial screen sharing, allowing users to share or record just an  app window instead of the entire screen. This feature was initially introduced in Android 14 QPR2 for  specific devices like Pixel. During a screen sharing session, users can choose between sharing a single  app or the whole screen.

Satellite Connectivity Support

Android 15 introduces support for SMS and preloaded RCS apps to use satellite connectivity for  sending and receiving messages, expanding satellite use beyond just emergencies. Apps can use APIs  to detect when a device is connected to a satellite, providing better awareness of why full network  services may be unavailable.

Satellite Messaging with T-Mobile

Android 15 opens the door for satellite communication, allowing T-Mobile users to send messages  natively in the Messages app, via a paid subscription for satellite messaging through T-Mobile. This  service will use Starlink's satellite-to-cellular connectivity, providing messaging capabilities in areas  without a standard cellular service.

Management features

Simplified eSIM Management on Managed Devices

Android 15 allows IT administrators to remotely provision eSIM profiles on company-owned devices,  enabling them to silently activate eSIM after downloading. Users on these devices cannot delete  admin-provisioned and managed eSIM. However, on BYOD (Bring Your Own Device) devices, users  retain the option to delete the eSIM at any time.

Controls for Circle to Search on Android Work Profile

Circle to Search is an AI-powered feature on Android phones that allows users to search the web for  items displayed on their screen without needing to switch between apps. Android 15 allows  administrator to disable that feature completely on fully managed devices, or within an Android Work  Profile on BYOD and COPE devices.

Additional Customization for Corporate-Owned Devices

Android 15 extends control over screen brightness and timeout settings, previously available for COBO  devices, to COPE devices as well, helping extend battery life. IT administrators can now enforce  default settings for personal profiles on COPE devices, including setting OEM-default dialer,  messaging, and browser apps before setup, preventing users from changing them. If defaults are set  after setup, they must be combined with app allowlist controls. Additionally, admins can only  designate an app as default if it is already present in the user's personal profile.

Disable Thread networking

Android 15 allows the disabling of thread networking, a mesh network protocol for IoT devices, on  corporate-owned devices (COPE and COBO). This feature is similar to the Disable Ultra-Wide Band  (UWB) policy introduced in Android 14, providing IT admins with more control over network security  settings on these devices.

Restrictions on Device Identifiers for Personally Owned

Devices Android 15 imposes restrictions on device identifiers for personally owned devices, allowing  applications to access an enrollment-specific ID that serves as a unique device identifier persisting  across re-enrollments, provided they occur within the same deployment scenario (e.g., fully managed  or personally owned Work Profile) by the same vendor agent and within the same enterprise. This ID  acts as an alternative to traditional identifiers like IMEI and serial numbers but will no longer be  accessible to apps that lack the appropriate device or profile owner role. In the future, this will be the  default and only option for unique device IDs for BYOD devices.

Security Features

Theft Protection

Android 15 includes new theft protection features. Threat Detection Lock, which uses Artificial  Intelligence (AI) and motion sensors (like accelerometer and gyroscope) to identify potential threats.  Offline Device Lock monitors changes in network activity, including connections to unfamiliar  networks and prolonged disconnections; If such conditions are detected, the device automatically  locks to prevent unauthorized access.

Private Space

Android 15 introduces a native version of Samsung’s Secure Folder, enabling users to lock apps in a  private profile on their devices, accessible only through biometrics or a lock code. These apps are  isolated from those in the primary parent profile. On managed devices, IT administrators can block  users from creating a private space and remove any existing private space from personal profiles on  corporate-owned devices, while existing personal app allowlists and blocklists apply to this private  space. However, on fully managed devices, the Private space feature is not available.

National Information Assurance Partnership (NIAP) compliance

Android 15 moves its backup service audit logging to enhance compliance with National Information  Assurance Partnership (NIAP) standards, ensuring mobile devices meet U.S. government security  standards set by the Common Criteria framework. Devices must undergo rigorous testing for  vulnerabilities, data protection, and secure communication. Certification allows these devices to be  used in sensitive or classified environments.

Availability

The new software was released to the Android Open Source Project (AOSP) on September 15th, with  availability for Google Pixel devices since mid-October. It will become gradually available on selected  devices from OEM vendors in the coming weeks/months.  

Compatibility

The new software is not preinstalled on the new Pixel 9 but will be available for Pixel 6 and later  models. For Samsung devices, it supports the Galaxy S21 series and later, Galaxy Z Flip 3 and later, as  well as Galaxy S9 and later models, among others.

The team at ISEC7 can help with incorporating the new Android 15 for Enterprise into your pre- existing enterprise deployment to ensure all business and operational use cases are addressed. ISEC7  is your premier one-stop-shop for all your mobility and security needs, further shaping and improving  efficiency in your digital landscape. Please feel free to contact us with any inquiries and we would be  happy to assist you.