Introducing our EUD Guidance for Android 8

We’ve just published guidance for Android 8 (Oreo). In it we recommend the best configuration to help organisations deploying Android 8 to take advantage of its new security features.

The guidance is aimed at devices in work-managed mode (which you may know as Device Owner mode, or sometimes Corporate Liable mode). This mode provides an organisation with the highest level of control, and offers the best option to manage information risk, over its Android devices.

Here are some other updates you will find in the guidance:

  • Project Treble, a major architectural change that enables OEMs to separate their specific customisations and drivers from the Android operating system framework, aims to reduce the time frame between Google releasing security fixes and those being pushed to devices
  • the ability to gather detailed network logs including DNS requests and TCP connections
  • zero-touch deployment details, although this does require devices to be bought from specific carriers
  • information on Google’s new Android Enterprise Recommended programme, more below

Android Enterprise Recommended

Google recently announced the launch of this new programme which establishes best practices and common requirements for devices and services. Some of the programme’s requirements include:

  • delivery of Android security updates within 90 days of release from Google, for a minimum of three years
  • consistent application experience in managed profiles and on managed devices
  • minimum hardware specifications for Android 7.0+ devices
  • the full list of requirements is available

The Android Enterprise Recommended devices will be kept up to date by Google, organisations can use this scheme to simplify their device selection process.

One thing you won’t find in our new Android 8 guidance, is information on another new Android 8 feature referred to as COMP (Corporately Owned Managed Profile). This is the ability to add an additional managed profile controlled by the same Mobile Device Manager (MDM) as the main profile. It allows for some extra security benefits such as ejecting keys from memory and some finer grain control over work and personal use.  We haven’t seen many organisations utilising this feature, so we haven’t included it – but if you believe your organisation may benefit from guidance on it let us know.

As always, feel free to add comments below or get in touch if you have any suggestions on how we could improve the guidance. We’d be especially keen to hear from you if you have completed any recent deployments using the settings we recommend – being able to learn from your experiences improves the guidance we develop.

And finally, remember to keep your devices up to date and patched!

Stuart G
EUD Security Research

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News Plan for security flaws
Serviceteam IT Security News Mirai Variant Targets Financial Sector With IoT DDoS Attacks
Serviceteam IT Security News Change the law on computer evidence with an amendment to data protection bill | Letter
Serviceteam IT Security News UK competition watchdog launches review of AI market
Serviceteam IT Security News Military Contractor Vendor Leaks CVs with AWS S3
Serviceteam IT Security News Critical Apple Login Bug Puts macOS High Sierra Systems at Risk