Skip to main content
The Keyword

Putting Android Enterprise security to the test

Illustration of two people standing next to an Android mobile device and using tools to try to pick locks on the phone screen.

Today’s employees are just as likely to work from home as they are from the office. As a result, maintaining security on mobile devices has never been more challenging — and failing to do so has never been riskier.

Businesses of all sizes rely on Android Enterprise as their front line of defense to help keep enterprise data secure and employee data private. Through a hardened operating system, strict hardware requirements, security services and comprehensive enterprise mobility management (EMM) policy controls, Android Enterprise provides businesses and organizations with the multi-layered security and tools they need to secure their workforce.

Even still, we wanted to put Android Enterprise to the test. So Google engaged NCC Group, an IT security assessment firm, to evaluate how well Android Enterprise performed based on the U.S. Department of Defense’s (DoD) own security configuration requirements.

NCC Group tested a Google Pixel device with Android 12 against the DoD’s Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG), which provides standardized guidance for information technology systems across the U.S. federal government. After thorough testing, NCC Group found no “CAT I” issues, which indicate the most serious security concerns — like the ability to gain complete and immediate control over a device. They identified two “CAT II” risks, which imply a relatively low threat to the device and have since been resolved. Finally, NCC Group found only three “CAT III” risks, which are purely informational and pose no immediate threat to the device.

Read the full report.

Illustration of a Pixel phone surrounded by icons of the five threat areas NCC Group evaluated: network eavesdrop, network attack, physical access, malicious application and persistent presence.

In short, Android Enterprise held up exceedingly well under testing. That’s good news for all Android Enterprise customers, especially since both public and private sector organizations use the DISA STIG as a baseline configuration when deploying Android smartphones and tablets.

Visit the Android Enterprise security page to learn more about our security features, like built-in anti-malware through Google Play Protect and personal and work data separation through the Android work profile.