I was thinking about a pun about it being for grown-ups, but that might have been interpreted as me saying Android is all grown up. And I haven’t decided on that yet

After a slight delay Android version 4.0, code name Ice Cream Sandwich has now been launched. This is the next major iteration of the operating system, and this time it should work both on tablets and regular phone form factors. As the number indicates it is not a mix of the 2.x and 3.x branch, but the next branch. All APIs and features from 3.x is included in 4.0.

The main focus of the release is on user interface improvements, as well as general updates of the apps and polishing the OS further. You can find screenshots all over the Internet of course of this.

As usual I don’t care about these things. Well, of course, as a user of devices I care about the interface, but this blog does not concern itself with such matters. A perhaps important feature for people reading this blog is that since Honeycomb features are supported this means that you now get full device encryption on the phone devices and just not the tablets.

I like the fact that Google are pretty good at updating their SDK right after releases, and since I haven’t received an actual device yet I can fire up the emulator while waiting. The emulator is terrible to work with, at least when installed in a virtual machine (making the Android image doubly virtualized), but it will let you check the basics. I have so far only seen Samsung hardware announced, but I would suppose a couple of the other Android players will follow up soon.

You can check out this link if you want to read all the details from a technical perspective:
http://developer.android.com/sdk/android-4.0.html

If we look at the “Enterprise” section the bullet points El Goog like to point out are the following:
- Ability to disable camera through policies. (Applicable through Exchange ActiveSync one would assume.)
- Certificate management; ability to import and use client certificates. While it has been possible to import through the interface for a while it hasn’t been possible programmatically. (Samsung MDM + Sybase Afaria, and Motorola Enterprise SDK being the exceptions I am aware of.)
- VPN Services. I don’t know the specifics of how this API works with regards to different VPN protocols and types, but from the description it looks like an application-level VPN. (Should apparently support L2TP and IPSec.) So if you’re using something like a Citrix client on your tablet you can pipe that specific application’s traffic through VPN while the rest of the device is unaffected. This could be interesting, but until support is added to applications it doesn’t matter a whole lot. The enterprise admin is not able to bolt in to existing apps. (How network performance is if you have multiple apps each with their own VPN tunnel I would like to see.)

I’ll be honest – I would have liked some additional effort from the Android team on the enterprise part. But I will accept that they probably have other issues on their work list as well, and with the on-going consumerization in the market enterprises have to take the back seat when priorities are made whether we like it or not.

Oh, well, any relevant tests to show? Firing up the mail wizard, and choosing Exchange, we see that certificate support has made it into the native mail app!

After pulling off a sync and checking OWA it seems they have upped the Exchange ActiveSync protocol support at the same time with 14.1 (Exchange 2010 SP1) being reported.

I did not find a setting for S/MIME though, and I have not been able to test IRM yet either. The ActiveSync client in Android has been suffering from a couple of other issues as well, and unfortunately it’s hard to tell from the emulator whether the experience itself is improved upon. So while I do like that Android now supports the latest Exchange versions I’m not able to tell if it’s actually enterprise ready in the mail department.

The EAS implementation also support a couple of other settings like disabling sync while roaming, disabling of and/or limiting size of attachments, as well as sensible values for device type and model to be used with the block & quarantine feature of Exchange.

While not an enterprise feature by definition, but certainly valid for security minded individuals, Android is now using Address Space Layout Randomization (ASLR) as an additional protection mechanism against exploits like buffer overflow.

With the iOS 5 launch still fresh it seems Android is unfortunately still a few enterprise features behind Apple. That does of course not prevent me from wanting to get a device on the test bench and having a crack at it Might report back with more real-world experience when that wish has been fulfilled.