Someone puts CyanogenMod, someone does not feel like the owner of the device without TWRP or jailbreak.
In the case of upgrading corporate mobile phones, the process must be relatively uniform, otherwise even Ragnarok will seem fun to IT people.
Read about how this happens in the "corporate" world under the cut.
Brief Face Without
IOS mobile devices receive regular updates similar to Windows devices, but at the same time:
- updates are released less frequently;
- most devices receive updates, but not all.
Apple is rolling out the iOS update immediately for most of its devices, except for those that are being withdrawn from support. At the same time, Apple has been supporting its devices for a long time. For example, even the iPhone 6s released in 2015 will receive the iOS 14 update. Of course, it does not do without jambs, such as forced slowdown of old devices, which, it is said, was done not to force you to buy a new phone, but to extend the life of an old battery ... But in any case, this is better than the situation with Android.
Android is essentially a franchise. Google's original Android is only found on Pixel and budget devices that participate in the Android One program. On other devices, only Android derivatives are found - EMUI, Flyme OS, MIUI, One UI, etc. For the security of mobile devices, this diversity is a big problem.
For example, the "community" finds another vulnerability in Android or the system components that underlie it. Further, the vulnerability is assigned a number in the CVE database, the finder receives a reward for one of the bounty programs from Google, and only then Google releases a patch and includes it in the next Android release.
Will your phone get it if it's not a Pixel or an Android One member?
If you bought a new device a year ago, then probably yes, but not right away. Your device manufacturer will also need to include the Google patch in their Android build and test it on supported device models. Top models support a little longer. Everyone else has to put up with it and not read the CVE database in the morning, so as not to spoil their appetite.
The situation with major Android updates tends to be even worse. On average, the new major version rolls out to mobile devices with custom Androids in no less than a quarter, or even more. So the Android 10 update from Google came out in September 2019, and devices from different manufacturers who were lucky to deserve the update received it until the summer of 2020.
The manufacturers can be understood. Release and testing of new firmware is a cost and not a small one. And since we have already bought the devices, we will not receive additional money from us.
It remains ... to force us to buy new devices.
Leaky builds of Android from individual manufacturers have caused Google to change the architecture of Android to deliver critical updates on its own. The project was named Google Project Zero, about a year ago they wrote about it on Habré. The feature is relatively new, but it has been built into all devices since 2019 that have Google services. Many people know that these services are paid for by device manufacturers who pay royalties for them to Google, but few people know that this is not limited to commerce. To obtain permission to use Google services on a specific device, the manufacturer must submit its firmware to Google for verification. At the same time, Google does not accept firmwares with ancient Androids for verification. This allows Google to force its Project Zero on the market, which will hopefully make Android devices more secure.
The corporate world uses not only public applications available on Google Play and the App Store, but also proprietary applications. Sometimes the life cycle of such applications ends at the moment of signing the acceptance certificate and payment for the developer's services under the contract.
In this case, installing a new major OS update often causes such job-is-done applications to stop working. Business processes are halted, and developers are re-hired until the next jamb occurs. The same happens when corporate developers do not have time to adapt their applications to a new OS or a new version of the application is already available, but users have not yet installed it. UEM class systems are also designed to solve such problems .
UEM systems provide operational management of smartphones and tablets, timely installing and updating applications on the devices of mobile employees. In addition, they can roll back the version of the application to the previous one if necessary. The ability to rollback the version back is an exclusive feature of UEM systems. Neither Google Play nor the App Store provides such an opportunity.
UEM systems can remotely block or postpone the firmware update of mobile devices. Behavior depends on platform and device manufacturer. On iOS, in supervised mode (read about the mode in our FAQ ), you can postpone the update up to 90 days. To do this, it is enough to configure the appropriate security policy.
On Android devices made by Samsung, you can prohibit firmware updates for free or use the additional paid service E-FOTA One, with which you can specify which OS updates to install on devices. This gives administrators the opportunity to pre-check the behavior of corporate applications on new firmware of their devices. Understanding the complexity of this process, we offer our customers a service based on Samsung E-FOTA One, which includes services for verifying the health of targeted business applications on the device models used by the customer.
Unfortunately, there is no similar functionality on Android devices from other manufacturers.
You can prohibit or postpone their update, except perhaps with the help of horror stories, such as:
"Dear users! Don't update your devices. This can lead to inoperability of applications. If this rule is violated, your calls to the technical support service will NOT be considered / listened to! " ...
Another recommendation
Follow the news and corporate blogs of manufacturers of operating systems, devices and UEM platforms. Literally this year, Google decided to abandon support for one of the possible mobile strategies, namely a fully managed device with work profile.
This long name hides the following scenario:
Prior to Android 10, UEM systems fully managed the device AND the work profile (container) , which contains corporate applications and data.
Starting from Android 11, it is possible to fully manage only OR a device OR a work profile (container) .
Google explains the innovations with concern for the privacy of user data and its wallet. If there is a container, then the user data must be out of the visibility and control of the employer.
In practice, this means that it is no longer possible to find out the location of corporate devices or deliver applications that the user needs to work, but do not require placement in a container to ensure the protection of corporate data. Or you will have to abandon the container ...
Google claims that such access to personal space discouraged 38% of users from installing UEM. Now UEM vendors are left to "eat what they give".
We have prepared in advance for innovations and this year we will offer a new version of SafePhone, which will take into account the new requirements of Google.
Little known facts
In conclusion, a few more little-known facts about updating mobile OS.
- . , « Android» , « Android». , , - . , . . , Android. iOS . ( ) iOS . iTunes, Apple . iOS Apple , , , .
- At a time when the jailbreak community had not yet scattered among large companies, it was possible to change the version of the displayed iOS version in one of the system plist. So it was possible, for example, to make iOS 6.2 from iOS 6.3 and vice versa. Why this was necessary, we will tell in one of the following articles.
- The general love of manufacturers for the Odin smartphone firmware is obvious. The best firmware tool has not yet been made.
Write, discuss, ... maybe we will help.