Hi All, Theoretically, personal and work profile separation is totally about safeguarding enterprise data + restrict misuse of enterprise resources (ex:WIFI) + data security + not compromising personal mobile experience (BYOD) (Ex : in case of an employee going out of the company, EMM admin should be able to WIPE off enterprise data without harming personal data). To express this story iOS has done a reasonable job in their device management protocol by standardizing the OS + coming up with clear work-personal data layer separation.
But in case of Android, OS itself lacked these features till they come up with new APIs from Lollipop OS. But currently even they don't have APIs exposed to do the REAL MDM stuff and REAL data separation. Currently we can only go up to the extent that Pasindu has described above. But in COPE mode (which has custom firmware / root access) we can go a little beyond. Till android comes up with a proper device management layer implementation (they will definitely do very soon, and currently they are improving Android for work for this purpose), we have to support what's available as of now. Actually Marshmallow APIs have some level of features exposed including cross profile intent filters etc, but still they need improvement. Thanks On Tue, Feb 16, 2016 at 3:50 PM, Milan Perera <[email protected]> wrote: > Hi Kamidu, > >> >>> 1. According to the initial example There is no restriction to the >>> web sites on personal profile, but in the enterprise profile, there are >>> some, If a user visits a certain website which result in corrupting or >>> duplicating the device storage how can we be sure the enterprise data is >>> safe? >>> >>> In the ideal situation, the browser that is pushed into the enterprise >> container should be configured for with app restrictions. For ex: we can >> set the browser to access only to certain sites, disable javascripts and >> etc. >> >> > To elaborate it more, android OS stores data in two different places for > these two containers(personal and enterprise). Theoretically, no one can > access managed profile's data without relevant access permissions. > > Thanks, > > > -- > *Milan Perera *| Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 77 309 7088 | Work: +94 11 214 5345 > Email: [email protected] <[email protected]> | Web: www.wso2.com > <http://lk.linkedin.com/in/milanharinduperera> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Kasun Dananjaya Delgolla Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware Tel: +94 11 214 5345 Fax: +94 11 2145300 Mob: + 94 771 771 015 Blog: http://kddcodingparadise.blogspot.com Linkedin: *http://lk.linkedin.com/in/kasundananjaya <http://lk.linkedin.com/in/kasundananjaya>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
