Safeguards every step of the way

Android platform security and Google services are combined with Android enterprise enhancements to deliver comprehensive protection.

Data security icon

Data security

Business data is separated in a work profile or protected device-wide on work managed devices. IT can utilize always on VPN and full disk and file-based encryption to protect data.

App security icon

App security

Work apps are authorized and deployed through managed Google Play. IT can prevent installation of apps from unknown sources and apply app configurations, for full control over app usage.

Device security icon

Device security

Android device integrity is protected and maintained with verified boot, lockscreen policies, remote SafetyNet attestation services and hardware root of trust.

View the security white paper

Android security built in

The Android operating system offers robust security features integrated into the platform.

Advanced App Defense icon

Advanced App Defense

Sandboxing

All Android applications run in a separate sandbox with limited access to the operating system and enforced security between applications.

SELinux

Android uses Security Enhanced Linux (SELinux) to enforce security policies and prevent illegitimate actions.

Google Play app review

Google regularly scans Google Play applications for malware and other vulnerabilities and suspends developer accounts that violate developer program policies.

Virus Protection

Google Play conducts billions of checks daily to see that all apps behave in a safe manner, even after installation.

Private by default

Application data is private by default and apps must explicitly opt-in to share data with other apps.

Platform Security icon

Platform Security

Verified Boot

Verified Boot prevents devices from booting when it detects a compromise. It is now strictly enforced in Android 7.0.

Encryption

On devices that support full disk and file encryption, user data is automatically encrypted before being committed to disk.

Keystore

On devices with a hardware-backed keystore, keys are bound to the device and are non-exportable.

Secure OS Services

Highly sensitive operations such as fingerprint template matching and key management are further isolated in a Trusted Execution Environment (TEE).

Attestation Service

Apps can analyze the device to ensure it is configured in a way that is consistent with the Android platform specifications.

Android enterprise enhancements

In the enterprise, Android delivers data separation and policy control while managed Google Play provides secure app distribution and management.

Profile & Device Management icon

Profile & Device Management

Profile management

The work profile separates and protects work data from personal apps and content. In Android 7.0, separate passwords can be applied to work apps or the work profile.

Device management

Companies can apply management to an entire device with work managed device capabilities.

Data leakage prevention

Admins can apply policies to restrict the flow of data from the work profile to the personal profile.

Remote wipe of business data

Work apps and data can be remotely wiped without affecting personal apps and content.

Enhanced Security Tools icon

Enhanced Security Tools

Managed Google Play

Business apps are discovered, authorized, deployed and configured via Google Play.

Unknown sources

Admins can block side-loading and app downloads from third-party marketplaces.

VPN

Secure networking can be applied at all times to the device, work profile or specific business apps.