Developing Android Apps for the Enterprise












PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free
download
.

Developing Android Apps
for the Enterprise

by Faulkner Staff

Docid: 00021154

Publication Date: 2109

Report Type: TUTORIAL

Preview

The Android operating system was first developed by Android Inc., which
was purchased by Google in 2005. Currently there are more than three million
apps available for Android devices, many distributed through Google Play,
although a significant number are available directly from their
developers’ Web sites. Because it is open source and Java-based,
application development for Android is within the reach of many enterprise
developers, particularly those who already develop for Linux.

Report Contents:

Executive Summary

[return to top of this
report]

Worldwide, Android-based devices have far surpassed the iPhone as the
most popular platform for smartphones and tablets.

Because it is open source and Java-based, application development for
Android is within the reach of many enterprise developers, particularly
those who already develop for Linux.

In conjunction with Google Play, an open service that lets developers
publish their apps to handsets, the Android software development kit (SDK)
provides the tools necessary to build and deploy apps to Android devices
of all kinds.1

Description

[return to top of this
report]

The Android operating system was developed by Android Inc., which was
purchased by Google in 2005. Currently there are over 2.9 million apps
available for Android devices, according to Statistica.com, many
distributed through Google Play, although a significant number are
available directly from their developers’ Web sites, and that number is
increasing by roughly 50,000 per month.

Even though the software is open-source (Google published it in 2008
under an Apache license), device manufacturers cannot use Google’s Android
trademark unless Google certifies that the device complies with their
Compatibility Definition Document (CDD). Devices must also meet this
definition to be eligible to license Google’s closed-source applications,
including Google Play, a publishing service operated by Google.

The Android architecture is an open source software stack based upon the
Linux kernel. In August 2019, Google reported that it would end the
confection theme for releases. The first release for its numerical order
format was Android 10, which was released in September 2019. Since then,
Android 11 has taken its place, with Android 12 expected to launch some time
later in 2021. Each Android
application runs in its own instance of a virtual machine (Davlik up to
KitKat, the ART runtime starting with Lollipop), optimized for memory
efficiency, keeping apps from interfering with each other (they can,
however, interact if need be). The runtimes include libraries offering
most of the functionality of the core Java programming language. These
include a set of C/C++ libraries used by various components of the Android
system, that are exposed to developers through the Android application
framework. Android Studio is the official IDE for Android application
development, based on IntelliJ IDEA, adding a series of features such as
code templates to help build common app features, a drag and drop layout
editor, support for the Google Cloud Platform, and app signing. Beginning
with Android Studio 3.0, it also supports the Kotlin programming language.
The Android Support Library provides backwards compatibility for apps.

Figure 1. Android Architecture

Figure 1. Android Architecture

Source: Developer.android.com

Each application (“app”) has one or more components,
which define points through which the system can interact with the app in
some way. There are four types:

  • Activities: an activity represents one screen with a
    user interface (UI), such as the screen for viewing new messages in an
    e-mail app. Each activity is independent, although they can work
    together in the app, and other apps can start an activity if its host
    app permits. For example, a camera app may be able to use the “compose”
    activity in an e-mail app to allow the user to share photos.
  • Services: Services do not have user interfaces,
    rather, they run in the background to perform long-running tasks such as
    playing music while the user interacts with another app. Other
    components can start services and interact with them.
  • Content providers: Content providers manage shared
    data, such as contact lists, and allow apps with appropriate permissions
    to interact with it. Some apps also use content providers to read and
    write data that is private to the app.
  • Broadcast receivers: A broadcast receiver responds to
    system-wide broadcast announcements, such as a low battery warning, or
    the indication that a picture was captured. Apps can also initiate
    broadcasts to let other apps know about some event that affects them
    (e.g. new data is available to them). Although broadcast receivers do not
    display a UI, they may generate status bar notifications for the user.
    Broadcast receivers can also initiate a service to perform some
    activity, based on an event.

Apps are developed using the SDK within an integrated development
environment (IDE) such as Eclipse; Google offers an Android plug-in for
that purpose. Microsoft’s Visual Studio, now including Xamarin (which it
acquired in 2016), also provides an environment for native Android
development.

To license use of Google Play for acquiring apps, a device must be
certified Android compatible after rigorous testing. The Compatibility
Test Suite (CTS) is a tool used by device manufacturers to help ensure
their devices are compatible, and to report test results for validations.
The CTS is intended to be run frequently by OEMs throughout the
engineering process to catch compatibility issues early.

The CTS currently tests that all of the supported Android strong-typed
APIs are present and behave correctly. It also tests platform permissions,
platform Intents, correct handling of platform resources, and other
non-API system behaviors such as application lifecycle and performance.
Google plans to add support in future CTS versions to test robustness
under stress and performance against benchmarks.

Current View

[return to top of this
report]

Android apps, both in and out of Google Play, have been growing in number
exponentially. However, along with the increased quantity of apps comes an
increased risk of malware. For example, more than fifty apps infected with
rootkits had to be pulled from Google Play at one time, and another batch
was downloaded by up to 4.2 million devices before being identified and
removed from the Play store. Thus, enterprises must be cautious about
which apps they allow to be installed on corporate devices.
Internally-developed apps must be built according to best practices, and
built with security in mind.

Starting with Android 10.0, the OS offered a revamped full-screen gesture
system, with new swiping features. The new “bubbles” feature can be used
to present content from supported apps in pop-up overlays. It also
features a system-level dark mode. Apps can present “settings panels” for
specific settings via overlay panels. In terms of security, apps can be
restricted by users to only have access to location data when they are
being used in the foreground. Restrictions are now offered concerning the
launching of activities by background apps. Storage access permissions
called “scoped storage” is supported on Android 10. In Version
11, Google added scoped storage as a
mandatory feature for all apps. It is designed to handle spyware and malware,
refraining them from accessing public data to ensure security.
Version 11 is also slated to add an app compatibility feature, which will
let developers simulate an environment for app testing where they do not
have to use the Android Debug Bridge (ADB) shell commands.2 Android
12, scheduled for launch some time later this year, brings additional controls
for users to apply to app permissions, including the option to limit location
tracking on only an approximate vicinity, more granular permission controls, and
other countermeasure for potentially malicious apps. Other changes are expected
to include ADB backup restrictions, limitations to motion sensor rates, data
access auditing, and more.3

Outlook

[return to top of this
report]

Android smart phones have long surpassed the iPhone as the top platform
among consumers, with approximately 85 percent market share according to
IDC. This means that the market for apps will only increase, as will
opportunities for developers. Developers need to address enterprise
concerns around manageability and security, however, to make Android
devices viable corporate tools. Samsung has pioneered in this area, with
its SAFE (Samsung for Enterprise) and KNOX technologies offering hardened
Android containing device-level encryption, VPN connectivity and advanced
Microsoft Exchange ActiveSync support. It is making a major push into the
enterprise, opening doors for developers building business apps. It also
partnered with BlackBerry to provide security and device management.

With Android for Work, available on Android 5.0 and later, the operating
system offers secure separation of business and personal data, making
Android a more viable choice for the enterprise.

Google’s attempts to foster widespread adoption of Android for Enterprise
applications must rely upon a robust strategy for countering malware’s presence
on the platform, and especially in its own official app store. If this cannot be
accomplished, few Enterprise-class customers will be willing to risk utilizing
an operating system that is insecure at such a basic level. That said, iOS has
had a fair share of its malware and unauthorized intrusion issues of its own,
meaning no platform is entirely safe without a modicum of additional security
intervention like the aforementioned SAFE solution from Samsung or a similar
offering. Google may eventually find it in its best interest to explore the
offering of a product in this category.

Recommendations

[return to top of this
report]

Developers looking to create apps for smart phones and other devices
should devote significant attention to the Android platform. With its
ever-growing market share and plethora of supported devices, Android
increasingly has become the platform of choice for consumers, who are then
bringing their devices into the corporation. Without developer attention
to the features important to the enterprise, such as security, privacy and
manageability, companies run the risk of security breaches or worse due to
improperly coded apps. 

To ensure compatibility of their apps, developers need to be sure the
hardware they work with has been certified compatible, and is therefore eligible
to license Google Play. This will become especially important in the coming
years as foldable devices become increasingly prevalent across the Android
ecosystem. Such units offer a significant advantage for Enterprise users by
potentially offering access to a tablet-class device at any moment without
taking up any more room than a standard smartphone. However, devices of this
type will add an additional wrinkle to the already extremely forked path of
developing for Android by requiring app developers to create multiple screen
layouts and profiles for a single device, not just across multiple devices. The
added difficulty and versioning is likely to cause some compatibility and
functionality conflicts in the early term, but it is an obstacle that must be
weathered in order to capture enterprise customers with BYOD foldables, as well
as any businesses that come to rely on the specialized devices.

References

[return to top of this
report]

1 Hassell, Jonathan. “Developing for the iPhone and Android:
The Pros and Cons.” Computer World. July 6, 2010.

2 Bari, Parth. “5 New Features in Android 11 that Will
Redefine Mobile App Development. “Jaxenter. February 27, 2020.

3 "Updates to Apps Targeting Android 12 and Higher." NowSecure.
July 21, 2021.

[return to top of this
report]

[return to top of this
report]