[iOS vs Android] OS and Application Updates

I frequently get this question from customers and partners: “How can I control Application and OS Updates in iOS and Android“. So I’ll drop a note here.

Update management includes:

  • Configuring the behaviour of OS upgrades (major), patches, public apps (via App/Play Store, VPP) and private apps (via App/Play Store or directly via EMM)
  • Scheduling updates to happen (or NOT happen) at specific times For example, do not update between 8AM and 6PM, when the user is working.
  • Manually pushing or rolling back an update to a single device or group of devices (troubleshooting, 0day immediate security patch etc)
  • Controlling the visibility of update to the user, or blocking an update to specific devices altogether (known compatibility issue with business/mission-critical apps)
  • Version control: i.e. upgrade to version X, not just to the latest version available. A very common case with public app stores.
  • Pre-release support: alpha/beta users, multiple adoption rings.
  • Controlling the updates delivery to that they only happen on Wi-Fi, or on Cellular.
  • Granular control of all of the above per device group/type, per user group/name/type, per app etc.
  • Controlling user ability to influence any of the above (allow costly cellular updates, defer/deny critical updates, update manually to an unsupported OS version etc)

Suddenly, things are not that simple, are they? Long story short, the winner is BY FAR the …Windows 10! 🙂 Watch the video on managing Win10 Updates with UEM here (tech and WorkspaceONE implementation and design/philosophy – much recommended). Now, let’s go back to iOS and Android an see what have we got there.

NB: This info may become out of date when new OS capabilities are released. If you notice anything outdated – leave a commend and I’ll update the post.


Securing work contacts while keeping caller ID 01: Android vs iOS

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?” This happens more often than you think – the infamous GetContact collected over 3.5B contacts in just a few months, all of which were officially available for sale! With GDRP in effect, how much could this cost?

Of course, both iOS and Android offer means to securely lock down enterprise data on BYOD devices. But this comes at a price of usability, the most cited problem being the caller it. We know that in the modern day an unhappy and discomforted user is essentially a backdoor waiting to happen. How can we keep this balance between security and productivity?

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

We will explore several approaches, their limitations and shortcomings for iOS and Android. This post lays the foundations and provides a TL:DR style summary/comparison of my current findings.

Table of contents: