
Google announces Android for Work - derpenxyne
https://googleforwork.blogspot.com/2015/02/android-is-ready-for-work.html
======
MichaelGG
> a dedicated work profile that isolates and protects work data

Oh wow, can this be used to just create a separate profile for every app? That
way I can run Uber or Line without giving them every permission to everything?
This is the biggest reason I do not install apps. Every "famous" app requests
so many permissions it's just stupid.

And not to mention the weirdness of some of them, like "WiFi Device
Information". What's that mean? Access to my WiFi AP names? No thanks. Or just
local multicast? Who knows.

~~~
errantmind
CyanogenMod's Privacy Guard is useful for dealing with this situation. There
is a setting to enable it by default on newly installed apps. No matter what
permissions the app says it requires, you are prompted when it actually
requests them and can deny them at will or permanently.

~~~
scottjad
When you deny them, roughly how often in your experience does this cause the
app to crash or display an error?

~~~
patcon
Doesn't crash, but sometimes apps seem to be created under the assumption
their permission request isn't creating a popup, so there are sometimes like
10 in a row, so the user will often give up and just either blanket deny or
accept

EDIT:an "allow for 10 min" option would resolve this

~~~
mmebane
The lack of a "for 10 minutes"-type option is, IMO, the biggest failing of
Privacy Guard. XPrivacy is better in that regard, but was harder to use
overall when I last tried it.

XPrivacy does have the benefit of making it easy to provide realistic-looking
fake data, which I believe the CyanogenMod team is against.

------
pasbesoin
I suggest that anyone considering sharing a personal device with work activity
(other than basic phone calls and messaging, e.g. "I'll be in late") think
twice.

Comes a security concern or conflict, someone's probably going to want access
to the whole thing.

If you want me to do "your work" on a phone -- particularly as an employee as
opposed to as an independent contractor utilizing their own resources as
defined in the contract -- then give me a phone. A hassle, but on the other
hand some protection, in exchange for a few additional ounces (phone weight)
of prevention, as it were.

Just like I don't want to use my own computer to host their work/data. Nope.
When the relationship ends, I turn in their equipment and there is no question
as to whether all relevant data has been expunged. They have the entire
device.

~~~
r00fus
Would secure-wiping the phone if involved in a legal discovery process be
considered destruction of evidence?

Does your advice apply when you're only using, say Exchange, as your only
entry point (e.g. on iOS devices?) - in this case, all discovery can be done
server-side.

I find it hard pressed to think this issue hasn't been covered more
rigorously.

~~~
pjc50
_Would secure-wiping the phone if involved in a legal discovery process be
considered destruction of evidence?_

Yes, if it's not part of a routine process.

~~~
rhino369
If you are already in litigation there is almost always a litigation hold, and
you can't even wipe it as part of a routine process.

~~~
dredmorbius
However if _prior to receiving notice of the hold_ you'd wiped it as part of a
documented data retention policy, odds are far smaller of falling afoul of
legal process.

Sudden change of policy in conjunction with other shady events, harder time.

------
cwyers
I love the name "Google Play for Work."

~~~
r00fus
Awkward naming aside, it seems like this is very similar to what Apple did in
iOS2.0 with iOS Enterprise Developer program.

"Google Play for Work allows businesses to securely deploy and manage apps
across all users running Android for Work, simplifying the process of
distributing apps to employees and ensuring that IT approves every deployed
app"

Leaving aside exactly how it's done, the end goal is the same: If I am Example
Inc's CTO, I can now have my staff develop Example Inc Android apps that are
neither sold on Play store nor side-loaded.

Apple requires running your own App Store server, I'm fairly certain Google
will probably make it more cloud centric.

Glad they're finally stepping up on this front.

~~~
bonn1
I think you are confusing use cases, the iOS Enterprise Developer program is
something totally different. It serves companies who want to either test own
apps within the organization or use own apps just for internal use (like
intranet apps). Meanwhile the program got rather abused for doing test flights
and beta tests.

What Google does is different: the company IT can decide which apps are
allowed and they can automate installation, e.g. company xy wants to install
Salesforce, Trello, and 5 other apps on company devices in addition to the OS
apps.

------
ispivak
On a basic level its a "container" that uses selinux to create a separate
security space in which "work" apps and data live, so they they don't mingle
with your personal apps. The Android for Work administrator has complete
control over that part of the phone, but can't touch any personal apps or
data. There are also updated email/calendar/contacts apps. This made mainly to
address BYOD scenarios.

------
JTon
Looks like blackberry balance was ahead of the curve on this one

~~~
bdcravens
Blackberry was ahead of the curve on many things, they just sat on those
advantages and never really responded to the changing market.

~~~
jusben1369
I don't mean to beat on Blackberry but I too thought of Blackberry when
reading this. I had a different approach though. This was the sort of approach
that Blackberry optimized to lock out any competition from the enterprise.
Apple/iPhone was just soooo good that eventually IT departments had to
capitulate and work with BYO devices. Things like the US government were the
last to cave so you Obama had a blackberry for a long time. So Google _seems_
to be catering to that crowd with this but that's a ship that's kind of
sailed. There might be a few stubborn outposts but if half my company
(including the entire C suite) has an iOS device are we really going to get
value out of implementing this Google stuff?

~~~
digi_owl
How it has pretty much been since day one.

Didn't many accountants sneak their private AppleII into the office to run
Visicalc rather than having to deal with the mainframe and its admins?

~~~
jusben1369
I think it's important though to differentiate between some rogue edge cases
and activity that changed the way IT departments think and act.

~~~
digi_owl
But telling one from the other ends up being the job of historians...

------
ChuckMcM
This would be a lot more compelling if, when I got a Google voice voicemail
and saw that in my Gmail app on my "Google Experience" Moto-G and clicked on
the "listen to it" link it didn't just vanish leaving me with an open browser
and no message.

I like my phone, it works for me, but the sheer disconnectedness of it all is
really jarring. Things show up in random places, or not at all, (especially
media), and there is no "data connectivity" from anywhere to anywhere else,
the same text message appears in my GVoice app, my Gmail app, and as a text
message in Messaging.

How do you even begin to make a coherent business tool out of that?

~~~
Bjartr
> same text message appears in my GVoice app, my Gmail app, and as a text
> message in Messaging.

The "official" way to deal with this is to go to the Google Voice site and
turn of emailing yourself every text. Then install the Hangouts app and enable
SMS through Hangouts. Then disable notifications in the Google Voice and
Messaging apps.

Result: On phone Hangouts handles texts + voicemail + Google chat, and on
desktop GMail (or the Hangouts extension for Chrome) handles them.

At least, that's my understanding of what Google's intended best practice is.

~~~
sliverstorm
You don't need Google Voice at all anymore (that I am aware of) and Messaging
just goes to sleep when you make Hangouts your SMS app.

GV integration is not the most seamless perfect experience ever (for example,
incoming IP calls go straight to voicemail when I'm on corporate WiFi) but I'm
fairly pleased with it.

------
narrator
Looks like they are going after Microsoft on a different front. Especially
with the notes and outlook integration. Can they provide enough of a
productivity boost to get people to dump the windows ecosystem? Will IT
managers be comfortable with cloud managed systems?

------
prawn
"Android for Work app – For devices running Ice Cream Sandwich through
Kitkat..."

I can imagine the average business manager type reading that line and thinking
"Wha?!"

~~~
kibwen
As immortalized in
[http://m.imgur.com/gallery/xe7Uw](http://m.imgur.com/gallery/xe7Uw)

------
chinathrow
"Secure business apps"

Right, on a device with a closed source baseband. On a platform where the
vendor has shown to install new apps without getting active consent from the
user (Google Play Games, Hangouts, Google Now, Play Kiosk) to name a few.

~~~
chinathrow
Downvote all the way you like. Or start defining "secure".

~~~
ocdtrekkie
If you criticize Google in HN, you're going to get downvoted, sadly. Lot of
fanboys here.

------
teekert
I hope this will appeal to our management, at the moment we have to use this
horrible, horrible Vodafone-at-work app on Android
([https://play.google.com/store/apps/details?id=com.mobileiron...](https://play.google.com/store/apps/details?id=com.mobileiron.vodafone.MIClient&hl=nl_NL)).
I crashes, it ask for a password constantly, separate from your system
password, it cannot show appointment in your normal agenda or the lock screen,
it drains battery.

They switched to it because some apps for android "lied" to our exchange
server and said that mail was encrypted locally while it was not, passwords
would not even be necessary (I think that was solved in Android >4). The
Vodafone app caused many people to just stop syncing work related accounts:
Not worth the trouble.

------
jsudhams
Looks like anoher thing would follow pc world. Initially companies allow
personal laptop to be connected to work as long as you had correct version of
patches and so on but with increased focus on security in most large
organizations they have moved back company provided laptop. Same will happen
here? Another issue a lot of good andriod's come with single sim hence you
will anyway need a second (may be dumb phone) phone. Or does people use office
phone for personal use , i mean where websites ask for your phone number?
Because in India when leave a company (which is on an average one in 3 years)
the company take the SIM back with number. And many folks have 2 sims for
personal use itself so will obivously need office to provide the phone.

------
listic
How is this going to be rolled out? Minor version update for Android 5.0+?

~~~
Navarr
It's probably part of Google Play Services.

------
pjbrunet
For work on Android I really need native split-screen support. Samsung-
specific "multi window" is not a solution.

A proper window tiler would be even better.

Also the interface needs slim UI controls and slim window decorations,
basically a "pro mode" theme-switcher for larger screens and mouse/keyboard
users.

~~~
Thimothy
So... You need a Surface.

------
makeitsuckless
Because centralized control by IT has worked so well for corporate security
over the past few decades...

I don't understand why organizations still want implement an IT paradigm which
has done nothing but fail at its primary goal but has held back innovation and
made workers miserable.

------
minusSeven
All the negativity aside can someone post what this brings to the market. What
can android for work do essentially that other androids can't ? What does this
bring extra to average android users?

~~~
gambiting
Why would average android users care? It's not for them. But I work for a
large company which allows me to use my own device for work purposes,but I
have to install a 3rd party sandboxing app, which encrypts everything inside
it and allows our IT department to remotely wipe it if needed. If Android
supported this natively, we wouldn't have to spend big $$$ on a 3rd party
solution.

------
noconflict
Does this mean we'll get Google Now cards for non-gmail accounts now?

~~~
chambo622
Ha, good one

------
viccuad
I tried to find any info about license or repos and couldn't find anything.
Unlike Samsung's Knox, which is FOSS, how can this be even remotely secure if
it is closed source?

Seems that Google is full on the "Extinguish" phase with Android.

edit: amazing that I'm being downvoted for stating facts yet nobody replies to
me.

~~~
josteink
The fact of the matter, is that Google usually publishes their source. They're
just a bit slow at it. Most versions of android ship in binary form before
source is released.

~~~
kelnos
AOSP is fairly basic and somewhat limited on its own, unless you have the
resources to replace all of the "gapps", including setting up your own app
store. Google Play Services has been slowly taking over a lot of core (and
not-so-core) phone functionality over the past year or more, and it's entirely
closed source.

Google even stopped open-sourcing new versions of Google Authenticator, which
you'd think would be a prime candidate for a full-blown open source project.
(And hell, it's a crappy app; there are better GAuth-workalikes available.)

------
walterbell
Is this using SE Linux for isolation, like Samsung Knox?

~~~
mikecb
This is Samsung Knox, or rather its evolution.

------
davidgerard
I wonder how the work apps compare to LibreOffice, which should be getting a
usable Android version this year.

------
aembleton
Will this allow deployment to a rooted phone?

If it does, then it will be possible for a third party to read the stored
data.

~~~
sparaker
Not if it is encrypted.

~~~
pwnna
If your device is rooted, and by that I mean real rooted (bypassing SELinux),
then it can get the encryption keys as at some point the data needs to be
decrypted and viewable by you.

~~~
sparaker
No you'd still need the crypt key to decode the data. Why do you assume this
is stored on the device?

~~~
Someone
OK. Let's assume that key lives on Google's servers. Then, Google must send it
back to the Android device that it cannot trust unencrypted (possibly in a
httpd session, but that is irrelevant for this discussion. The pipe may be
secure, but you poor the data in a pool that isn't secure)

------
eka808
I would NEVER EVER EVER use an android phone for work. Privacy management of
google is catastrophic.

------
the-dude
A counter-move to the Apple-IBM collaboration?

[http://www.computerworld.com/article/2859480/apple-ibm-
partn...](http://www.computerworld.com/article/2859480/apple-ibm-partnership-
off-to-impressive-start.html)

edit: replaced paywalled wsj link

~~~
wmf
More like an official version of Knox (which has existed for years) IMO.

------
api
So we're all going to code, write, etc. on four inch screens?

Seriously why hasn't someone made a smart phone that "transforms" into a
larger screen form factor when connected to a monitor? I could see Android
phones doing this. I could never imagine iOS doing it-- Apple would never
cannibalize Mac like that, and iOS is too jailed for anything "real."

Of course apps would have to support it. But those that didn't could pop up in
little windows in "desktop mode." That would be fine.

Google should dump ChromeOS -- which I never understood -- and do this
instead.

~~~
maratd
> Seriously why hasn't someone made a smart phone that "transforms" into a
> larger screen form factor when connected to a monitor?

It has been done repeatedly. Motorola and Ubuntu come to mind. Both were
failures.

I don't want my phone to turn into a desktop. Desktops are all about muscle,
massive storage, gigabit connections, etc. Phones are about saving battery
life.

~~~
benologist
Desktops don't mean any of those things, crappy old computers with none of
your characteristics are very common.

Technology has improved _significantly_ in the 3 - 4 years since Motorola made
theirs, and Ubuntu's failed as a crowdsourcing campaign. Nothing has been
proven.

~~~
api
I interpreted Ubuntu's failure more a statement of lack of confidence in the
ability of Ubuntu to execute on this idea than as a statement against the
idea's ultimate potential.

Samsung, Google, Apple, or Nokisoft (MS+Nokia) could do it.

~~~
mmebane
I think Microsoft could be in a position to do this with Windows 10. It
certainly seems to me like it would be the next logical step after the Surface
Pro.

