Having spent the morning listening to Vestager’s comments at a Forum Europa event, I’m full of a combined sense of horror and dismay. Because while touting the need to make Europe more competitive, the regulatory chief seems also to be putting barriers in place that will have the opposite effect.
Take climate change, for example. China is unique in that once it recognized the growing threat of environmental destruction, it launched a root and branch attempt to migrate to renewable fuels and attack pollution levels.
That journey is far from over, but one result has been the creation of a strong solar panel manufacturing industry at global scale. Europe doesn’t have anything like the capacity to build renewable energy infrastructure at the same low cost, so in its haste to combat climate change, it just clobbered China with tariffs to make that lower cost renewable infrastructure more expensive to deploy — even as energy costs spiral and the planet heats up.
I see that decision as a suicide note, given the scale of the global crisis. Vestager sees it as a victory. I am unconvinced.
A place for kids
Another Vestager victory involves App Stores. “How good will it be as a parent to open an App Store and know all the apps in there are safe for children,” said Vestager during her presentation.
“How good indeed,” I respond. “It’s why I use the heavily curated, heavily moderated Apple App Store and apply parental controls on the device.”
Of course, what Vestager is celebrating is Europe’s demand to open up the App Store under the Digital Markets Act, a move that might — as some security experts posit — make children less safe, as not every App Store will be equally secure, resilient, or trustworthy. If events on iOS echo what’s already happening on Android, we will see malware and fraud attempts amplify as criminals exploit the inherent vulnerabilities of sideloading.
But perhaps the chance for European firms to make a couple of Euros matters more. And there is strength to the argument that at Apple’s scale it does need to ensure that competitors can craft viable businesses on its platforms, in order to avoid its power becoming too great.
Pushed out of the garden
On the DMA moves against Apple, Vestager said:
“For a company who has built a very effective walled garden vertically integrated from the device operating system to the app store, of course, it is more challenging that you need to make sure that competitors can be on your platform, because you have become a gatekeeper. If you were not the essential road for businesses to reach their consumers, of course, we would have no say. But that is exactly the point, that you are an essential route to consumers and that is why you have these obligations. And of course, they go for Apple as well as for anyone else who is a… gatekeeper.”
So now we have a series of European decisions that will make kids (and everyone else using Apple products) less safe, and help ensure the planet gets warmer for longer. What else can the EU regulators come up with?
Damned if you do, damned if you don’t
Artificial intelligence, of course, specifically Apple Intelligence — which Vestager now seems to think shows how anti-competitive Apple is because the company won’t introduce these tools in Europe until it has clarity.
When it announced plans to delay the introduction, Apple said it “was committed to collaborating with the European Commission” to enable it to introduce these features, but was concerned at some of the requirements of the DMA and how they could impact the plan.
During the talk, Vestager was asked: “On Apple, to the best of your knowledge how does Apple’s Walled Garden apply to their AI? How do you interpret their decision not to launch Apple Intelligence for the EU?”
Vestager’s response: Apple said it will not launch the new AI features, “because of the obligations that they have in Europe,” she said. “And the obligations that they have in Europe, it is to be open for competition, that is sort of the short version of the DMA.
“And I find that very interesting that they say we will now deploy AI where we are not obliged to enable competition. I think that is the most stunning, open declaration that they know 100% that this is another way of disabling competition, where they have a stronghold already.”
The struggle for privacy
When Apple announced the delayed rollout, it was quite detailed about its concerns: “Specifically, we are concerned that the interoperability requirements of the DMA could force us to compromise the integrity of our products in ways that risk user privacy and data security,” it said. “We are committed to collaborating with the European Commission in an attempt to find a solution that would enable us to deliver these features to our EU customers without compromising their safety.”
But Vestager’s arguments, and previous mutterings on the topic of user security and privacy, seem to suggest that the “pro competition” trading bloc that gave us GDPR (ironically wrecking the economics of small website publishers when it did), isn’t going to be terribly receptive to Apple’s arguments that the highly personal data gathered on someone’s device should be protected, minimized, and not simply made available to third party AI competitors without clear user consent, protection, and oversight.
‘This is surveillance’
As Apple CEO, Tim Cook warned six years ago, the potential for AI-driven surveillance has never been greater; that really is what is at stake in Apple’s struggles with the European Commission.
If Europe decides in some way to force Apple to open up these features to competitors without agreeing on checks and balances to protect user data in the hopes of stimulating some great (imaginary) European unicorn digital business, then you really can kiss all hopes of digital privacy goodbye — though perhaps a smattering of billionaires will add to their bank balance.
Finally, a question: Why is it, really, that after Vestager has been in command of European competitive policy for over a decade, the bloc has become less, rather than more, relevant on the global stage?
From the editors of Computerworld, this enterprise buyer’s guide helps IT staff understand what the various unified-communications-as-a-service (UCaaS) options can do for their organizations and how to choose the right solution.
Android dominates smartphone usage throughout the world — in every region except North America and Oceania. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile devices. Even in areas where Apple’s iPhone dominates or is comparable in market share, businesses are likely to support or issue Android devices at least as a secondary option.
Google has a certification called Android Enterprise Recommended that focuses on enterprise concerns around performance, device management, bulk device enrollment, and security update commitments. Google publishes a tool to help IT see which devices meet that certification in various regions, as well as explore supported Android versions and end dates for security updates.
But as Computerworld columnist JR Raphael has shown, the Google enterprise compliance checker is not kept up to date, so it cannot be relied on by itself. It’s also not clear that Google is enforcing compliance after products get certified. Bottom line: Android Enterprise Recommended is a starting point for narrowing your options, not a definitive filter.
Apple tightly controls the iPhone and its iOS operating system, which gives IT strong assurance about software updates, security patches, device capabilities, and manageability. By contrast, the Android world is highly diverse, with dozens of manufacturers using Google’s Android platform but offering varying levels of quality and support, and in many cases few or inconsistent OS and security updates. The use of Android thus requires more effort by IT in selecting and supporting mobile devices.
For that reason, iPhones are more likely to be the official business platforms (what are called corporate-liable devices) for devices that enterprises buy for their employees, even in regions where Android dominates. But it is typical for companies to let employees use their personal devices for work (what are called employee-liable devices or bring-your-own devices [BYOD]), providing access at least to work email and calendars, and often to web-based services.
So how does IT choose which Android devices to buy and/or support for its users? This article gets you started.
In this article:
Recommendations for best Android devices in business
Security considerations for Android devices
Functional considerations for Android devices
Vendor considerations for Android devices around the world
Vendor considerations for front-line Android devices
Recommendations for best Android devices in business
For knowledge workers and general-purpose busines usage, there’s just one Android manufacturer with global device availability and enterprise-class (even military-grade) security, plus multiyear software and security updates after purchase: Samsung. That makes Samsung the best (and often only) choice for corporate-liable Android devices in every region. Its enterprise-grade models (what Samsung calls Android Secured by Knox) include the Galaxy S, Galaxy A5x, Galaxy A3x, Note, XCover, Z Flip3, and Z Fold3 series. For these models, security updates are promised for five years after initial release; Samsung publishes information on which models are currently receiving updates.
But Samsung devices do have issues to be aware of, including the use of Samsung’s proprietary interface and its proprietary apps (though you can still use the standard Google apps), both of which can require extra IT support for those more familiar with Google-standard Android devices. Columnist Raphael also objects to some of Samsung’s practices around privacy and advertising. Still, no other Android manufacturer offers the combination of security and availability that Samsung does.
Google’s Pixel 8 series phones are similarly secure, but without the proprietary UI and apps. Google promises seven years of security updates after initial release (up from five years for the previous Pixel 7 models). However, the Pixel 8 series is available in just 22 countries: Austria, Australia, Belgium, Canada, Czechia, Denmark, Ireland, France, Germany, Italy, Japan, Netherlands, Norway, Poland, Portugal, Singapore, Spain, Sweden, Switzerland, Taiwan, United Kingdom, and United States (except Puerto Rico).
Motorola’s enterprise-class Android devices, such as the Edge models, are similarly secure. They’re available in 65 countries, including most of Europe, much of Latin America, Australia, New Zealand, India, China, Taiwan, Hong Kong, South Korea, Japan, Thailand, the Philippines, Malaysia, Saudi Arabia, the UAE, Canada, the US, and the UK. Where Motorola falls a bit short is in update support: It commits to just three years for security updates and to just one major Android OS version update.
In most countries, these recommended devices are often too pricey for rank-and-file employees and for their businesses to buy for users other than executives or those handling very sensitive information. Fortunately, there’s a set of Android vendors that offer a range of inexpensive and moderately priced phones that provide good quality and adequate security: Nokia, OnePlus, Oppo, Sony, and Xiaomi. Samsung also has several moderately priced phones with adequate security, and Motorola has the Moto G. As shown later in this article, these vendors’ prevalence varies significantly across and within regions.
Why these recommendations? And what other options does IT have or may get user pressure to support? The sections that follow explore the essential factors: security, updates, device capabilities of concern to business use, and vendor availability in various regions of the globe. There’s also a section on special-purpose front-line Android devices.
Security considerations for Android devices
In the early days of Android, security was a major IT concern. Research in Motion’s BlackBerry had set high standards in the 1990s and early 2000s for mobile security, whereas the early Android (and iOS) devices fell far short of IT expectations. Apple and then Samsung moved to make mobile security at least as good as BlackBerry’s in the early 2010s, and Google followed suit a few years later by making encryption standard in Android and then making container-based separation of work and personal data and apps a standard part of 2015’s Android 5.0 Lollipop OS. By 2017, the Android platform had strong security capabilities. More sophisticated capabilities became available through both hardware and software extensions, such as Samsung’s Knox platform in 2013 for its enterprise devices and Google’s Android for Work (later renamed Android Enterprise) for the rest of the Android world. Android Enterprise support became a standard feature in 2018’s Android 9.0 Pie.
Today, IT can count on all Android devices having the basic level of security needed. But some users — such as high-level executives who deal in sensitive corporate data, or operations staff managing critical infrastructure or supply chains — need more security. And that affects your enterprise Android device options.
There are three security levels to consider, and many organizations will need more than one in place:
Basic security: This level is appropriate on personal devices permitted to access basic corporate systems like email.
The basic security level provides device encryption, password enforcement, remote lock and wipe, and sandboxed execution of security functions.
All current Android devices support this level, with even just a basic management tool like Google Workspace or Microsoft 365 in place.
Moderate security: This level is appropriate for when IT requires or allows personal devices to be used for corporate access and apps, as well as for corporate-issued devices allowed to also be used for personal purposes.
The moderate security level provides the basic level plus separation of work data and apps from personal data and apps via containers, via a unified endpoint management (UEM) platform that supports Google’s Android Enterprise platform or, only for Samsung devices, Samsung Knox. Tip: Compare the leading UEM platforms’ capabilities in Computerworld’s guide.
All current Android devices with at least 3MB of RAM support work/personal separation, but some UEM platforms may require that the devices run newer versions of Android than are deployed at your organization.
Advanced security: This level is appropriate for executives, human resources professionals, finance professionals, and anyone dealing with critical data and systems access such as in government, defense/military, finance, healthcare, and critical infrastructure like utilities, energy, and transport.
The advanced security level provides the moderate level plus chip-based security enabled to reduce unauthorized access by spies and hackers, as well as compliance with the US’s recent Common Criteria security standard.
Chip-level security detects hacks to the operating system, firmware, memory, and other core systems, and locks down or shuts down the device as a result, via Android’s Keystore service. Such hardware-level security is not an Android Enterprise Recommended requirement, but it is essential for military-grade security.
Only a few devices use chip-level security to protect system integrity: Samsung’s Android Secured by Knox phones use Arm’s TrustZone chip for its Trusted Boot, Google’s Pixel series uses its own Titan-M chip for its Trusted Execution Environment (TEE), and Motorola says all its Android devices use Arm’s TrustZone chip for its Strongbox. (Apple’s iPhones have this capability too via the Secure Enclave.) The other Android vendors did not respond to my inquiries about their security capabilities but appear not to support hardware-based security, based on their websites’ specification data.
The Common Criteria standard imposes specific security approaches that the US government thus knows it can rely on across devices; it’s also been adopted by multiple other countries. Although also not an Android Enterprise Recommended requirement, Common Criteria is a good advanced-security standard for IT to use anywhere in the world.
Android models from multiple vendors comply with Common Criteria: a few from Google, Huawei, Motorola, Oppo, Samsung, and Sony, as well as some front-line specialty devices from Honeywell and Zebra Technologies. Apple’s iPhone also complies. Common Criteria keeps a current list of validated devices; be sure to open the Mobility section to see which phones comply.
Government security certification for Android
IT organizations may want to look to government certifications to determine their Android device selections for sensitive uses. When Apple and Samsung both gained US Defense Department, UK Government Communications Headquarters (GCHQ), and Australian Signals Directorate approval for use of their enterprise-class devices in the mid-2010s, it was huge news — breaking BlackBerry’s longstanding monopoly on government approval.
Today, such announcements are rare, and governments instead focus on ensuring that approved UEM platforms are in place to manage the widely used iPhones and Android phones. But recently the US Department of Defense has approved several Samsung phones and some front-line Android devices from Honeywell and Zebra Technologies for sensitive uses, as it moves to using the Common Criteria standard. And the Australia Signals Directorate has approved several Samsung phones recently as well.
The troubling security questions around Huawei’s Android devices
IT will not find Huawei devices in Google’s Android Enterprise Recommended database. Google removed them in 2019 after public allegations from the US government that Huawei devices were spying on users via backdoors on behalf of the Chinese government. These concerns are not new: In 2012, I was having drinks with several US intelligence officials and defense contractors at an off-the-record conference of CIOs where they raised the same fears about Huawei, ZTE, and other Chinese computer and telecom manufacturers. Back then (under the Obama administration), US intelligence officials were quietly warning corporate CIOs about Huawei’s massive spying operations across its whole technology stack.
Those fears about Huawei’s alleged being a conduit for spying are no longer quiet, with both the Trump and Biden administrations since speaking publicly. Multiple other governments have also made the same accusations, which Huawei denies.
Because Huawei devices are popular in several markets — China, of course, but also in many parts of Africa, Europe, the Middle East, and South America — concerned IT departments may want to use management tools to deny Huawei and other distrusted devices access to their resources. Be sure to check whether your management tool can block access based on device vendor. According to their websites, UEM platforms that can block devices by vendor include BlackBerry UEM, Microsoft Intune, and VMware Workspace One.
Security and OS update assurances for Android devices
IT typically wants assurances that devices will get security updates and OS updates for several years, to reduce the risk of being hacked via old devices that haven’t kept up their defenses. Google’s Android Enterprise Recommended certification requires only one future OS upgrade. For security updates, it has no minimum, requiring only that vendors publish their update commitments on their websites — and that information can be hard to find.
In my survey of Android vendor sites, three to five years is typical for Android security update commitments on business-class devices, and one to three future Android OS versions is typical for OS updates. (By contrast, Apple typically provides seven years of security updates and five years of iOS updates.) The stingiest Android vendors in terms of OS updates are Motorola, Oppo, and Xiaomi, which commit to just one major Android upgrade for their enterprise-class models. Google and Samsung have the best update commitments.
Vendors’ published update commitments for business-class Android devices include:
Google: seven years of security updates, three years of OS upgrades
Motorola: three years of security updates, one year of OS upgrades
Nokia: three years of security updates, two years of OS upgrades
OnePlus: four years of security updates, three major OS upgrades
Oppo: three years of security updates, one year of OS upgrades
Realme: three years of security updates, two major OS upgrades
Samsung: “at least” four years of security updates, three “generations” of OS upgrades
Vivo: three years of security updates, three years of OS upgrades
Xiaomi: three years of security updates, one major OS upgrade
I could not find update information at the Honor, Huawei, Infinix, Itel, and Tecno sites, and the companies did not respond to my requests for information.
For certified devices, you can also use Google’s Android Enterprise Recommended tool to narrow down by what date various vendors’ specific models’ security updates will end. Just keep in mind that the tool may not have recent models. I also recommend you verify whether vendors do what they promise by getting some older devices and seeing how recent the available security updates are: Have they kept up the promised duration?
Finally, keep in mind that cellular carriers can override, slow, or block updates in many countries, overriding whatever promises the device vendor has made. For example, Google notes on its Pixel page that Pixel phones bought directly from Google often get updates sooner than those bought through a carrier. That carrier control is a longstanding reality, well pre-dating modern mobile devices, with only Apple able to have fully wrested control over updates from the carriers.
Functional considerations for Android devices
After narrowing down the pool of Android devices for potential support or purchase, the next step is to identify minimum requirements that necessitate specific configurations of those devices and perhaps eliminate some candidate models completely. These factors include:
Android version: Your UEM platform or corporate apps and cloud services may require a minimum version of Android to function correctly or to comply with their security standards.
RAM and storage capacity: Some devices offer minimal capacity to offer a cheap price. But that can hamper performance, especially for personal/work separation. A good minimum for corporate-issued devices is 8MB of RAM and 64GB of storage, to provide sufficient capacity for running multiple apps and switching among them with no performance hit. (Google’s official minimum is 3MB of RAM and 32GB of storage to support Android Enterprise.)
Multiple-SIM support. People who work in multiple countries or must use their own SIM card for personal use and a corporate one for business use should use devices that offer two SIM trays or use, where carriers support them, eSIMs that are stored digitally on the devices. Expect to find differences in multi-SIM support even for the same model phone across countries and carriers, so purchase carefully to ensure you have all the needed variations.
Some users work in tough environments where you’ll want tougher phones better able to withstand changes in air pressure, humid and wet conditions, heat and cold, and drops, bangs, and scrapes. That could mean using ruggedized devices, buying ruggedized cases for common devices, or avoiding devices with characteristics, like very thin materials or folding screens, that are more likely to be damaged. For maximum durability, ruggedized phones or cases should conform to the American Mil-Std-810G standard or the newer Mil-Std-810H standard.
Vendor considerations for Android devices around the world
Regional differences in vendor sources can be a factor in the devices IT chooses to provide and/or support. Those differences can both steer local companies to specific Android phone vendors and require multinational companies to consider such variations when formulating their approved-device lists for employee-liable devices and in the choice of corporate-liable devices they furnish.
In addition to Apple, there are 14 current Android vendors with 1% or more usage share in at least one region: Google, Honor Device, Huawei, Infinix Mobility, Itel Mobile, Lenovo-owned Motorola Mobility, Nokia, OnePlus, Oppo, Realme Chongqing Telecommunications, Samsung Electronics, Tecno Mobile, Vivo Mobile Communication, and Xiaomi. Although LG discontinued its Android business in July 2021, enough devices are still in use to show up in usage charts, most notably in South America, and so they may still need IT support.
Business purchase and BYOD patterns for Android
Usage share in business, versus overall consumer usage, is likely to skew more toward the major vendors, but data on enterprise mobile market share — whether for corporate-provided or BYOD devices — is not available even from IDC, which specializes in tracking installed-product market share across a wide range of enterprise categories.
Still, IDC analyst Kiranjeet Kaur notes that in much of the world, businesses other than multinational companies struggle to justify the expense of purchasing Samsung’s enterprise-class Android Secured by Knox phones and Apple iPhones — or, where available, even Motorola’s slightly less expensive Edge Fusion and Ultra phones or Google’s Pixel phones — for anyone but executives. So their IT organizations tend to issue adequately securable Android phones from broad-market vendors that offer models across a wider range of prices. Such Android vendors are also more likely to have business-oriented marketing and sales teams in key markets than the other Android vendors, she adds.
I classify OnePlus, Oppo, and Xiaomi (and Nokia in East Africa and Sony in Japan) as broad-market vendors that offer at least some business-appropriate models. Google, Motorola, and Samsung also offer sub-enterprise models for broad-market business use.
In most of the world, individuals who use their own phones for work — BYOD users — typically pick the cheaper Android phones, because in most markets the enterprise-class devices simply are unaffordable. In many rich countries like Australia, Canada, Japan, New Zealand, Norway, Saudi Arabia, Sweden, Switzerland, the UK, and the US, both IT and individuals favor enterprise-class devices from Apple and Samsung. But in much of Europe — including rich countries like Austria, France, Germany, Italy, and the Netherlands — the mix is broader than Apple and Samsung, with lower-cost, more consumer-focused Android vendors like Xiaomi having significant traction among users overall.
IT organizations — especially in multinational companies — tend to avoid the low-cost Chinese vendors often favored by individual consumers in many parts of the world for price reasons. Why? Because on those low-cost devices, “the app experience can be shaky and can’t implement features properly, or apps don’t install properly,” IDC’s Kaur says. That poor quality for the only devices many employees can afford does pose a challenge for IT when supporting BYOD.
I classify Honor, Infinix, Itel, Realme, Tecno, and Vivo as vendors of Android phones that are iffy for business use around app compatibility. And I advise against Huawei devices due to longstanding concerns over Huawei’s alleged spying, as noted earlier.
Where IT will encounter the major Android vendors
Samsung and Apple are the major phone vendors in nearly every market, which combines with their higher security capabilities to make them standard devices in multinational companies.
However, South Korea-based Samsung has very little usage share in China, whose government policies favor Chinese vendors and where Samsung’s China Android business strategy failed due to Samsung’s own mistakes. Samsung’s share in Japan is also quite low, as it has been for more than a decade. US-based Apple has very little share in India, largely around cost but also due to the government’s Make in India policies that favor products made in India; in 2017, Apple started making iPhones in India due both to that pressure and to seek a manufacturing alternative to China, where the vast majority of its devices are still made.
Some regions have major vendors not seen widely or at all elsewhere. For example:
Tecno and Infinix have sizeable usage shares in Africa, and both have increasing shares in some Asian countries and in Latin America.
Motorola is significant in South America and has pockets of adoption in Europe.
Huawei is significant in Africa, Mexico, China, India, and parts of Southeast Asia, but overall it has lost about half its market in two years.
Oppo, Realme, and Vivo have notable presences in much of Asia and in parts of the Middle East.
Xiaomi is a significant vendor in much of the world — especially in Asia, Europe, Mexico, the Middle East, and South America — but is barely present in the US, Canada, and Oceania.
By contrast, some well-known names don’t have significant presence outside a handful of markets, falling below the 1.0% threshold globally:
Google’s Pixel devices have little global usage share but have shown growth in developed countries, topping out in New Zealand at 12.4%, followed by Japan at 5.4% and by Canada at 5.1%, with lower presence in Australia, the UK, and the US, as well as in several European countries.
The well-reviewed OnePlus devices have minor usage share globally, though they are found in various countries across the world, including China, India, Israel, Norway, and Sweden.
Chinese manufacturer Honor has a notable presence in a handful of countries — including China, Czechia, Mexico, Peru, Russia, and several Central American countries — but it is essentially invisible globally. It also uses its own MagicOS, based on Android 14 and proprietary apps, leaving broad compatibility a question mark.
The tables below, all based on usage data from StatCounter (based on web access from devices), show which mobile phone vendors have 1% usage share or more across various regions, highlighting the major vendors in each. It also shows the shares of those vendors in select countries in each region, showing the diversity within each region that could affect IT support decisions.
Although the data is from April 2024, the percentages have been fairly stable for several years, with the greatest variations among those with the smallest percentages, which often move around in that large bottom tier.
Global mobile usage share
≥1%
Apple
Samsung
Xiaomi
Oppo
Vivo
Realme
Huawei
Motorola
Tecno
Worldwide
28.0
24.0
11.4
5.7
5.0
3.5
3.5
2.3
1.6
All numbers are percentages
Africa mobile usage share
≥1%
Samsung
Tecno
Apple
Huawei
Infinix
Xiaomi
Oppo
Itel
Realme
All Africa
30.6
12.9
12.4
7.3
7.2
6.4
4.8
4.9
1.7
Ethiopia
46.8
19.0
4.3
4.7
10.2
1.3
—
3.7
—
Ghana
22.7
20.9
16.3
5.9
13.0
1.7
—
8.2
—
Kenya
22.8
17.9
3.4
2.8
9.0
4.2
6.7
3.0
5.6
Morocco
34.3
1.4
16.4
7.3
4.6
19.3
4.4
—
1.9
Nigeria
11.2
26.2
8.4
3.6
21.8
3.6
3.0
6.4
—
Senegal
37.4
22.0
22.0
3.4
1.5
2.8
1.0
3.0
—
South Africa
50.9
—
16.0
13.4
—
3.7
3.5
—
—
All numbers are percentages
Asia mobile usage share
≥1%
Apple
Samsung
Xiaomi
Oppo
Vivo
Realme
Huawei
OnePlus
All Asia
20.0
19.1
14.2
9.2
9.1
5.9
3.7
1.7
China
22.4
1.3
13.0
5.8
6.4
—
20.6
1.4
Hong Kong
48.2
29.5
8.5
—
1.1
—
3.8
—
India
4.0
13.8
20.7
11.5
18.0
13.2
—
4.6
Indonesia
11.4
17.0
15.2
17.5
13.0
7.1
—
—
Japan
60.2
7.5
4.3
2.3
1.1
—
2.1
—
Malaysia
30.7
15.0
10.9
11.8
10.3
5.2
12.0
—
Pakistan
4.4
15.4
6.6
12.2
12.9
3.6
4.6
—
Philippines
15.7
13.4
10.0
13.8
12.4
11.6
5.8
—
Singapore
33.0
22.8
5.5
4.8
1.7
1.0
2.4
—
South Korea
26.8
67.6
—
—
—
—
—
—
Taiwan
57.2
20.8
3.6
6.2
2.3
—
—
—
Thailand
31.9
20.6
6.8
14.4
13.3
4.9
2.4
—
Vietnam
33.1
26.1
9.6
17.9
6.1
3.5
—
—
All numbers are percentages
Central America and Caribbean mobile usage share
(Selected countries — no overall regional roundup data is available.)
≥1%
Samsung
Apple
Huawei
Motorola
Xiaomi
Honor
LG*
Costa Rica
25.0
26.5
6.4
5.1
10.7
5.3
—
Dominican Rep.
27.9
34.3
2.0
3.2
8.8
—
3.5
Guatemala
40.1
21.7
4.6
8.3
11.1
5.8
—
Jamaica
45.4
43.4
—
1.5
1.3
—
—
Panama
34.9
20.2
5.8
—
14.5
8.4
—
All numbers are percentages *LG no longer sells Android devices; this reflects old devices still in use
Europe mobile usage share
≥1%
Apple
Samsung
Xiaomi
Huawei
Oppo
Motorola
Realme
Google
All Europe
32.1
30.9
14.2
3.8
2.7
2.3
1.6
1.3
Austria
38.5
32.9
7.5
4.3
—
—
—
—
Czechia
25.0
26.3
21.9
4.6
—
2.8
3.0
—
France
29.1
31.7
13.9
4.0
3.6
—
—
1.2
Germany
34.0
33.8
10.9
3.5
1.2
1.0
—
1.6
Greece
13.0
29.3
32.0
6.2
—
1.0
2.4
—
Italy
29.3
29.5
14.1
4.3
5.5
2.2
2.1
1.1
Netherlands
38.7
35.6
6.1
2.1
2.8
1.4
—
1.0
Norway
61.7
24.0
1.6
1.9
—
1.4
—
1.2
Poland
13.8
33.2
22.6
4.3
3.6
7.7
5.5
—
Portugal
30.1
29.2
15.6
4.7
4.5
—
—
—
Romania
25.2
43.2
8.5
6.1
3.0
4.4
—
—
Russia
29.4
17.3
21.5
4.8
1.3
—
6.0
—
Spain
20.3
27.6
28.7
3.8
6.9
1.0
1.9
—
Sweden
55.7
27.9
2.9
1.7
—
1.4
—
1.2
Switzerland
51.0
27.4
4.7
2.5
2.3
—
—
1.2
Ukraine
29.1
19.0
27.8
2.4
2.7
2.0
2.1
—
United Kingdom
49.2
30.1
2.1
4.4
—
2.8
—
3.1
All numbers are percentages
Middle East mobile usage share
(Selected countries — no overall regional roundup data is available.)
≥1%
Samsung
Apple
Xiaomi
Huawei
Oppo
Vivo
Realme
Infinix
Egypt
25.2
11.8
13.2
8.0
18.5
2.2
10.0
4.1
Israel
49.8
25.8
15.9
—
—
—
—
—
Saudi Arabia
19.6
34.2
8.8
5.1
4.6
6.0
4.1
3.6
Türkiye
17.1
18.9
11.9
3.3
2.0
—
—
—
UAE
22.8
19.5
17.6
3.9
8.5
5.4
5.1
2.2
All numbers are percentages
North America mobile usage share
≥1%
Apple
Samsung
Motorola
Google
Xiaomi
All North America
54.8
25.1
4.6
2.9
2.1
Canada
61.0
24.2
1.5
5.1
1.1
Mexico
23.2
22.9
15.2
—
11.7
United States
56.5
25.2
4.3
3.0
1.4
All numbers are percentages
Oceania mobile usage share
≥1%
Apple
Samsung
Google
Oppo
Xiaomi
Huawei
Motorola
All Oceania
53.9
27.4
6.0
2.9
1.2
1.0
1.0
Australia
57.4
25.8
5.0
2.6
1.3
—
1.1
Fiji
16.9
66.9
—
2.1
2.6
1.5
—
New Zealand
41.9
32.4
12.4
4.3
—
1.7
—
All numbers are percentages
South America mobile usage share
≥1%
Samsung
Motorola
Apple
Xiaomi
Huawei
LG*
Tecno
All South America
36.2
16.8
16.1
14.4
1.7
1.4
1.3
Argentina
50.6
26.1
10.0
4.7
—
1.8
—
Brazil
34.9
18.3
18.4
14.5
—
1.8
—
Chile
31.5
9.0
22.1
14.2
4.9
2.0
—
Colombia
24.6
12.2
22.3
20.6
4.9
—
1.5
Peru
31.0
9.5
10.2
24.0
7.4
1.3
—
All numbers are percentages *LG no longer sells Android devices; this reflects old devices still in use
Vendor considerations for front-line Android devices
For specialty uses — such as ruggedized devices in the field or special-purpose devices in retail and logistics — there’s a different set of front-line Android vendors for what Google calls dedicated devices. Zebra Technology, Motorola, Kyocera, and Honeywell are perhaps the most well-known, but there are many others.
These devices are typically provided as an integrated solution, combining specific hardware devices with required specialty features like scanners and a software or cloud suite customized for the enterprise’s tasks, such as inventory management in retail, shipment tracking in logistics, medication distribution in healthcare, or sensor reading in utilities.
As you can see at Google’s Android Enterprise Recommended tool, these front-line devices tend to use older versions of Android than consumer and knowledge-worker devices do, largely because of the customizations made. As with most special-purpose gear, stability is critical, so having a flow of feature updates can be a negative, unlike for general-purpose usage.
This article was originally published in October 2022 and updated in June 2024.
Box has unveiled a new set of features in Box AI that includes an integration with GPT-4o, support for image and spreadsheet files and the Box AI for Metadata API.
In addition, the cloud content-management company announced that end user queries in Box AI for Hubs, Documents, and Notes will be unlimited for organizations that are part of its Enterprise Plus plan.
Box said the following enhancements to Box AI, a suite of capabilities launched last year that comprise of generative AI models natively integrated into the company’s Content Cloud, will take place later this year: Support for the new GPT-4o that will help the company’s AI-powered content portal Box Hubs, support for additional file types including natural language queries on image file formats, and the ability for developers to extract “key information from documents at scale” via Box AI for Metadata API.
Company CTO Ben Kus said in a news release that the “combination of AI and unstructured data represents the biggest untapped opportunity in enterprise IT.”
Thomas Randall, director of AI market research at Info-Tech Research Group, said in an email that Kus is “right that the combination of AI and unstructured data is a large opportunity. What is missing from this statement is the solution’s ability to unify such data across different siloes. While organizations stand to benefit from optical character recognition for discovering and summarizing unstructured data, the real value is also ensuring the solution can discover and unify that data from across different systems.”
If an organization uses only Box for document storage, he said, “the problem is solved. If a company is using Box, SharePoint, Dropbox, or any number of other document management systems, organizations risk producing inconsistent business decisions based on disparate data.”
In terms of the overall launch, Randall said that “there is nothing important from a technology innovation perspective. Instead, the importance lies in Box needing to launch its own generative AI function to retain competitive market share. Already, organizations are starting to leverage smaller best-of-breed solutions that offer generative AI-driven knowledgebase and document management systems alongside document information extraction and unified business intelligence. In this context, Box will likely not experience a huge drive in new customer acquisition for their generative AI features alone.”
Box said that “access to GPT-4o for products such as Box Hubs, as well as well as support for new file types including images and spreadsheets in Box AI, is planned to be available later this year and will be included in Enterprise Plus plans.”
Meanwhile, Box AI for Metadata API is now in beta for customers on Enterprise Plus plans. The company said pricing will be announced closer to general availability, along with pricing for other Box AI platform API calls and end user metadata queries in the core Box application.
Randall said that the enhancements will be a welcome addition for “Box customers and prospects already considering Box. However, Info-Tech first recommends that organizations have an AI governance strategy in place to ensure that solutions like Box AI are utilized in appropriate contexts. Organizations need to review that the data Box AI is pulling from is not inconsistent, saving the solution from hallucinating or providing incorrect responses.”
An organization’s user base, he said, “should also be trained on prompt engineering and suitable use cases. The danger is that these tools are rolled out to an untrained workforce, who then become over-reliant on generative AI and lose sight of the proper use of the solution: as an assistant only.”
Box has unveiled a new set of features in Box AI that includes an integration with GPT-4o, support for image and spreadsheet files and the Box AI for Metadata API.
In addition, the cloud content-management company announced that end user queries in Box AI for Hubs, Documents, and Notes will be unlimited for organizations that are part of its Enterprise Plus plan.
Box said the following enhancements to Box AI, a suite of capabilities launched last year that comprise of generative AI models natively integrated into the company’s Content Cloud, will take place later this year: Support for the new GPT-4o that will help the company’s AI-powered content portal Box Hubs, support for additional file types including natural language queries on image file formats, and the ability for developers to extract “key information from documents at scale” via Box AI for Metadata API.
Company CTO Ben Kus said in a news release that the “combination of AI and unstructured data represents the biggest untapped opportunity in enterprise IT.”
Thomas Randall, director of AI market research at Info-Tech Research Group, said in an email that Kus is “right that the combination of AI and unstructured data is a large opportunity. What is missing from this statement is the solution’s ability to unify such data across different siloes. While organizations stand to benefit from optical character recognition for discovering and summarizing unstructured data, the real value is also ensuring the solution can discover and unify that data from across different systems.”
If an organization uses only Box for document storage, he said, “the problem is solved. If a company is using Box, SharePoint, Dropbox, or any number of other document management systems, organizations risk producing inconsistent business decisions based on disparate data.”
In terms of the overall launch, Randall said that “there is nothing important from a technology innovation perspective. Instead, the importance lies in Box needing to launch its own generative AI function to retain competitive market share. Already, organizations are starting to leverage smaller best-of-breed solutions that offer generative AI-driven knowledgebase and document management systems alongside document information extraction and unified business intelligence. In this context, Box will likely not experience a huge drive in new customer acquisition for their generative AI features alone.”
Box said that “access to GPT-4o for products such as Box Hubs, as well as well as support for new file types including images and spreadsheets in Box AI, is planned to be available later this year and will be included in Enterprise Plus plans.”
Meanwhile, Box AI for Metadata API is now in beta for customers on Enterprise Plus plans. The company said pricing will be announced closer to general availability, along with pricing for other Box AI platform API calls and end user metadata queries in the core Box application.
Randall said that the enhancements will be a welcome addition for “Box customers and prospects already considering Box. However, Info-Tech first recommends that organizations have an AI governance strategy in place to ensure that solutions like Box AI are utilized in appropriate contexts. Organizations need to review that the data Box AI is pulling from is not inconsistent, saving the solution from hallucinating or providing incorrect responses.”
An organization’s user base, he said, “should also be trained on prompt engineering and suitable use cases. The danger is that these tools are rolled out to an untrained workforce, who then become over-reliant on generative AI and lose sight of the proper use of the solution: as an assistant only.”
Adobe wants to make it easier to store, access, and “remix” marketing assets with the addition of a new content hub in Adobe Experience Manager (AEM).
The content hub is accessible as part of AEM Assets, Adobe’s digital asset management tool, and connects with GenStudio — a separate app for managing marketing content. Unveiled last year, GenStudio is currently in trial by customers.
The content hub has several main features.
Users can search and browse for assets using smart tags that automatically provide key terms for an image. Here, AI is used to detect the contents, such as objects featured, settings (such as “outdoors”), or colors.
Adobe’s lightweight content creation and editing app Express is integrated to make changes to existing assets. Express can be opened directly from within the content hub to make quick changes, creating variations to meet different use cases. This also enables access to Firefly generative AI features in Express that Adobe said will make it even easier to change content.
“That becomes a really awesome tool for marketers in downstream cases to quickly make a change…without having to flip through five different software [applications],” said Haresh Kumar, senior director for strategy and product marketing for Adobe Experience Manager. Any change made to an asset can then be sent for approval before being used, he said, shortening a process that could otherwise take days.
Within the content hub, users can also manage permissions for sensitive assets and apply governance controls to ensure AI-generated content meets brand standards. The hub also contains analytics to track asset usage across an organization and understand how content is used.
Organizations typically store 44TB of data in their digital asset management system, according to a recent IDC survey, with another 143TB scattered across individual user devices, corporate shared drives, and social media platforms, said Marci Maddox, research vice president for digital experience strategies at IDC.
“Adobe’s Content Hub addresses this issue by promoting reuse and reducing inadvertent duplication of creative efforts,” said Maddox. “By breaking down content silos and fostering collaboration, the content hub empowers teams to work more efficiently, leverage existing assets effectively, and ultimately, deliver a more cohesive brand experience with digital media.”
The creation of digital assets is vital for an organization to tell a “personalized, contextual and relevant story to an increasingly discerning audience,” said Liz Miller, vice president and principal analyst at Constellation Research. “It can also be pure chaos. This is why features like Content Hub are a proving to be a welcome resource for customer experience teams not traditionally part of a digital asset management workflow.”
Miller said that the hub complements the broader AEM Assets application, which serves as the “big firepower solution” when it comes to digital asset management.
“Content Hub acknowledges that not every nail requires the biggest hammer out there,” she said. “For informal engagement hubs, they need a hammer…, just a smaller, easier one to wield.”
The Content Hub is now generally available to Adobe AEM Assets customers.
Google has released a tool designed to allow enterprises the management the security of worker’s browser setups.
Chrome Enterprise Core, released on Wednesday, allows organisations to configure and manage Chrome browsers across their organization. The free-of-charge cloud-based utility also offers a mechanism for organisations to gain better visibility into Chrome browser deployments.
Chrome Enterprise Core (formerly Chrome Browser Cloud Management) enables IT teams to configure and manage browser policies, settings, apps and extensions from a single console.
The technology works across mobile and desktop devices, allowing management of Chrome browsers on various devices and platforms.
Policy configuration options allow administrators to set and enforce policies, such as blocking potentially problematic browser extensions.
Browser-based vulnerabilities are on the rise from threats such as phishing man-in-the-browser attacks and cryptojacking – hence the need for tighter browser security controls in enterprise environments.
“A solid browser security tool will help to harden browser settings, monitor and control the usage of extensions and plug-ins,” said VimalRaj Sampathkumar, technical head for UK and Ireland at ManageEngine. “This filters websites that are appropriate for work, and isolates malicious files, securing organizations from browser-based cyberattacks”.
A strong browser security strategy can prevent cyberattacks by removing high-risk add-ons, extensions, and plug-ins. Using management tools ensures compliance by hardening browser settings and identifying vulnerabilities, according to Sampathkumar.
Suzan Sakarya, senior manager, EMEA security strategy at web security vendor Jamf told Computerworld that browser management helps security teams avoid some of the headaches associated with administering browser extensions.
“Organisations can tailor their browsers so it meets both user experience goals and security requirements,” said Sakarya.
Security teams can set policies to gain more visibility into their browser fleet, Sakarya explained: “For example, users could be required to request and gain approval before downloading extensions. As a result, security teams know what extensions are being installed and, more importantly, can restrict or block their usage if needed.”
Browser management tools also allow organisations to see which browser versions are being used. “Security teams can then identify devices running outdated software and quickly address the problem,” Sakarya concluded.
Pushing policies from the cloud
Google’s new features mean that admins can now also push policies to users that sign into Chrome on iOS, a technology that works on both managed and unmanaged browsers.
“On an unmanaged browser, only the profile is managed, offering clear separation between a managed work profile and a user’s personal profile,” Google said, adding that this aspect of the technology supports the bring-your-own device trend common for mobile usage in many enterprises.
Other enhancements to the technology enable management of browsers by groups, with the possibility to roll out of different policies to in-house software developers or to sales teams, for example. The utility now offers the ability to deploy JSON custom configurations from the cloud.
Chrome Enterprise Core also supports an upcoming security events logging analytics tool, due to become generally available to Chrome Enterprise Core shops in July and already available to WorkPlace Enterprise customers. The technology can be used to provide early warnings about data leaks, whether they are deliberate or accidental.
“All data transfers are scanned against 50 default DLP [Data Loss Prevention] detectors scanning for sensitive content and generating insider and data insights reports on activities like users with high content transfer, domains with high content transfer, domain categories with high content transfer and most common sensitive data types,” Google explained in a blog post.
Chrome Enterprise Core also allows internal IT teams to collect crash prevalence reports, allowing teams to analyse potential browser issues within their organization.
Google has released a tool designed to allow enterprises the management the security of worker’s browser setups.
Chrome Enterprise Core, released on Wednesday, allows organisations to configure and manage Chrome browsers across their organization. The free-of-charge cloud-based utility also offers a mechanism for organisations to gain better visibility into Chrome browser deployments.
Chrome Enterprise Core (formerly Chrome Browser Cloud Management) enables IT teams to configure and manage browser policies, settings, apps and extensions from a single console.
The technology works across mobile and desktop devices, allowing management of Chrome browsers on various devices and platforms.
Policy configuration options allow administrators to set and enforce policies, such as blocking potentially problematic browser extensions.
Browser-based vulnerabilities are on the rise from threats such as phishing man-in-the-browser attacks and cryptojacking – hence the need for tighter browser security controls in enterprise environments.
“A solid browser security tool will help to harden browser settings, monitor and control the usage of extensions and plug-ins,” said VimalRaj Sampathkumar, technical head for UK and Ireland at ManageEngine. “This filters websites that are appropriate for work, and isolates malicious files, securing organizations from browser-based cyberattacks”.
A strong browser security strategy can prevent cyberattacks by removing high-risk add-ons, extensions, and plug-ins. Using management tools ensures compliance by hardening browser settings and identifying vulnerabilities, according to Sampathkumar.
Suzan Sakarya, senior manager, EMEA security strategy at web security vendor Jamf told Computerworld that browser management helps security teams avoid some of the headaches associated with administering browser extensions.
“Organisations can tailor their browsers so it meets both user experience goals and security requirements,” said Sakarya.
Security teams can set policies to gain more visibility into their browser fleet, Sakarya explained: “For example, users could be required to request and gain approval before downloading extensions. As a result, security teams know what extensions are being installed and, more importantly, can restrict or block their usage if needed.”
Browser management tools also allow organisations to see which browser versions are being used. “Security teams can then identify devices running outdated software and quickly address the problem,” Sakarya concluded.
Pushing policies from the cloud
Google’s new features mean that admins can now also push policies to users that sign into Chrome on iOS, a technology that works on both managed and unmanaged browsers.
“On an unmanaged browser, only the profile is managed, offering clear separation between a managed work profile and a user’s personal profile,” Google said, adding that this aspect of the technology supports the bring-your-own device trend common for mobile usage in many enterprises.
Other enhancements to the technology enable management of browsers by groups, with the possibility to roll out of different policies to in-house software developers or to sales teams, for example. The utility now offers the ability to deploy JSON custom configurations from the cloud.
Chrome Enterprise Core also supports an upcoming security events logging analytics tool, due to become generally available to Chrome Enterprise Core shops in July and already available to WorkPlace Enterprise customers. The technology can be used to provide early warnings about data leaks, whether they are deliberate or accidental.
“All data transfers are scanned against 50 default DLP [Data Loss Prevention] detectors scanning for sensitive content and generating insider and data insights reports on activities like users with high content transfer, domains with high content transfer, domain categories with high content transfer and most common sensitive data types,” Google explained in a blog post.
Chrome Enterprise Core also allows internal IT teams to collect crash prevalence reports, allowing teams to analyse potential browser issues within their organization.
Just because you can do it doesn’t always mean you should — and when it comes to app sideloading on iPhones and iPads in Europe, (and elsewhwere), IT must take steps to lock down their devices to ensure only trustworthy apps and data make it to Apple devices used across the company. That’s the first takeaway from my conversation with Hexnode CEO Apu Pavithran.
Pavithran recognizes Apple’s growing space in enterprise tech. “Apple has significantly transformed its footprint in enterprise IT over the last decade, with the rise of Macs and iPhones in corporate environments stemming from their user-friendly design and strong security focus,” he said. “Both are crucial for enhancing employee productivity and experience, especially with remote work.”
But, to him, the move to open Apple’s platforms to sideloading in the EU poses challenges that need to be locked down. “Forced sideloading could open the door to risks like fake apps, malware, and social engineering attacks that have long plagued the Android ecosystem,” he warned.
Pavithran also stressed that users need to be cautious in their use of any third-party stores that may emerge in Europe.
Enterprise users have to protect themselves
That caution extends also to enterprise IT, which must take time to thoroughly review these stores, the companies and the developers behind them — and pay particular attention to what permissions are requested by the stores and apps.
“Enterprises can’t afford to be complacent about sideloading risks,” he said. “Mobile device management (MDM) is now the bare minimum to block rogue app downloads and enforce strict policies. But MDMs alone won’t cut it…. We also need zero-trust security constantly verifying every user and device. Ongoing employee training is also critical to empower people to identify potential threats from third-party app stores. Only a multi-layered approach can protect enterprises in this new sideloading era.”
Users need time to learn the risks
Some might say that sideloading has always been possible on Android, arguing that the Apple ecosystem is exaggerating the threat. That claim seems to ignore the ample evidence of platform fragmentation and malware that impacts Android users.
“Android users have had years to adjust to the risks and practices associated with third-party app stores. iOS users might be less familiar with these risks, making them more susceptible in these early days,” he said. “Many users may not fully understand the risks of sideloading or how to verify an app’s trustworthiness and intentions.”
Apple’s approach to sideloading reflects the tightrope it must walk. Sure, there’s an element of struggle to preserve at least some of its lucrative App Store business, but the company also recognizes the need to ensure at least minimal safeguards are in place to protect the majority of its users who don’t have the time, knowledge, or interest to empower fully informed security decisions.
The company knows that it prevented $1.8 billion in value of App Store fraud in 2023 alone, so it recognizes the risks. It will take time for iOS users to get to understand how with sideloading at least some of the security responsibility will shift to them.
So, where does this leave enterprise IT?
A changing environment for apps
One thing we do know is that once Europe’s sideloading stores appear, the people running them will do everything they can to convince Apple’s users to purchase things from those stores.
To do so, they’ll try a range of approaches, likely including exclusive app distribution deals, discounts on sales, and focused marketing campaigns. In the first instance, these stores will be chasing users, not sales, which means convincing people to part with their credit card details to make a purchase. (They will be hoping to get those who do make a purchase more engaged over time.)
That means the environment will be both competitive and attractive, even as the users themselves might not yet appreciate what’s happening.
Enterprise IT will want to prevent a free-for-all on company-owned devices, which means they’ll use MDM systems (such as the ‘allowMarketplaceAppInstallation’ restriction) to prevent installation of unauthorized apps or from stores that haven’t yet passed corporate security review.
Vigilance is the cost of liberty
One thing that’s certain is the move to embrace sideloading in Europe is likely to add new layers of complexity to Apple’s ecosystem. IT will need to lock down access to third-party stores pending review, and will need to embrace zero-trust security principles and frameworks to minimize the available attack surface.
“Regardless of how the sideloading landscape evolves, admins must remain vigilant,” Pavithran said. “They need to keep a close eye on emerging threats and trends in the here and now. But they must also monitor regulatory developments that could dramatically reshape Apple’s mobile ecosystem and security approaches down the road. Staying on top of the immediate realities and potential future disruptions will be key for effective mobile security management.”
Just because you can do it doesn’t always mean you should — and when it comes to app sideloading on iPhones and iPads in Europe, (and elsewhwere), IT must take steps to lock down their devices to ensure only trustworthy apps and data make it to Apple devices used across the company. That’s the first takeaway from my conversation with Hexnode CEO Apu Pavithran.
Pavithran recognizes Apple’s growing space in enterprise tech. “Apple has significantly transformed its footprint in enterprise IT over the last decade, with the rise of Macs and iPhones in corporate environments stemming from their user-friendly design and strong security focus,” he said. “Both are crucial for enhancing employee productivity and experience, especially with remote work.”
But, to him, the move to open Apple’s platforms to sideloading in the EU poses challenges that need to be locked down. “Forced sideloading could open the door to risks like fake apps, malware, and social engineering attacks that have long plagued the Android ecosystem,” he warned.
Pavithran also stressed that users need to be cautious in their use of any third-party stores that may emerge in Europe.
Enterprise users have to protect themselves
That caution extends also to enterprise IT, which must take time to thoroughly review these stores, the companies and the developers behind them — and pay particular attention to what permissions are requested by the stores and apps.
“Enterprises can’t afford to be complacent about sideloading risks,” he said. “Mobile device management (MDM) is now the bare minimum to block rogue app downloads and enforce strict policies. But MDMs alone won’t cut it…. We also need zero-trust security constantly verifying every user and device. Ongoing employee training is also critical to empower people to identify potential threats from third-party app stores. Only a multi-layered approach can protect enterprises in this new sideloading era.”
Users need time to learn the risks
Some might say that sideloading has always been possible on Android, arguing that the Apple ecosystem is exaggerating the threat. That claim seems to ignore the ample evidence of platform fragmentation and malware that impacts Android users.
“Android users have had years to adjust to the risks and practices associated with third-party app stores. iOS users might be less familiar with these risks, making them more susceptible in these early days,” he said. “Many users may not fully understand the risks of sideloading or how to verify an app’s trustworthiness and intentions.”
Apple’s approach to sideloading reflects the tightrope it must walk. Sure, there’s an element of struggle to preserve at least some of its lucrative App Store business, but the company also recognizes the need to ensure at least minimal safeguards are in place to protect the majority of its users who don’t have the time, knowledge, or interest to empower fully informed security decisions.
The company knows that it prevented $1.8 billion in value of App Store fraud in 2023 alone, so it recognizes the risks. It will take time for iOS users to get to understand how with sideloading at least some of the security responsibility will shift to them.
So, where does this leave enterprise IT?
A changing environment for apps
One thing we do know is that once Europe’s sideloading stores appear, the people running them will do everything they can to convince Apple’s users to purchase things from those stores.
To do so, they’ll try a range of approaches, likely including exclusive app distribution deals, discounts on sales, and focused marketing campaigns. In the first instance, these stores will be chasing users, not sales, which means convincing people to part with their credit card details to make a purchase. (They will be hoping to get those who do make a purchase more engaged over time.)
That means the environment will be both competitive and attractive, even as the users themselves might not yet appreciate what’s happening.
Enterprise IT will want to prevent a free-for-all on company-owned devices, which means they’ll use MDM systems (such as the ‘allowMarketplaceAppInstallation’ restriction) to prevent installation of unauthorized apps or from stores that haven’t yet passed corporate security review.
Vigilance is the cost of liberty
One thing that’s certain is the move to embrace sideloading in Europe is likely to add new layers of complexity to Apple’s ecosystem. IT will need to lock down access to third-party stores pending review, and will need to embrace zero-trust security principles and frameworks to minimize the available attack surface.
“Regardless of how the sideloading landscape evolves, admins must remain vigilant,” Pavithran said. “They need to keep a close eye on emerging threats and trends in the here and now. But they must also monitor regulatory developments that could dramatically reshape Apple’s mobile ecosystem and security approaches down the road. Staying on top of the immediate realities and potential future disruptions will be key for effective mobile security management.”
