Android 15 FAQs

Enhanced employee & device protection

Android theft protection

Can phone data be reset if a device is stolen?
Yes, if you lose an Android device or Wear OS watch, you can find, secure or erase it remotely. For more information, read Find, secure, or erase a lost Android device. IT admins can also wipe company-owned devices via their EMM console.
Does theft protection require an internet connection to work?
Yes, Android theft protection requires Android 10+ and an internet connection. For Offline Device Lock, the device’s screen automatically locks when it loses network connectivity for a set period of time.
What if I forget my phone number or can't access android.com/lock?
You can use the “Secure Device” feature to lock your device and you will be signed out of your Google account on the device. After the device is secured, you can still locate it. For more information, read Find, secure, or erase a lost Android device.
What management sets can this feature be used for?
Theft protection is disabled by default. Users in any management set where access to device settings are permitted can enable theft protection.

Private space for personal profile

How does a user set up their private space?
To find out the requirements and steps for setting up a private space, read Hide sensitive apps with private space.
What management sets can this feature be used for?
Private space is available on the personal profile of Work Profile devices. On Work Profile on company-owned devices, private space is  subject to the same security requirements as the personal profile. IT admins will be able to block the user from having a private space and remove an existing private space on Work Profile on company-owned devices but not on employee-owned devices. However, device wide app restrictions such as blocking the install of apps from unknown sources also apply to the private space.

NIAP Audit Logging Requirements

What is NIAP?

The National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial Off-The-Shelf (COTS) Information Technology (IT) products for conformance to the international Common Criteria. This program includes the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme), a national program for developing Protection Profile, evaluation methodologies, and policies that ensures achievable, repeatable, and testable security requirements.

All products evaluated within the Scheme must demonstrate accurate compliance to the applicable technology Protection Profile. NIAP assesses the results of the security evaluation conducted by the lab and, if the evaluation is successful, issues a validation certificate and lists the product on the U.S. NIAP Product Compliant List and the international CCRA Certified Products List.

What is the specific NIAP requirement that prompted this change?
Protection Profiles are the NIAP requirements that prompted this change. These are standardized security requirements for specific types of IT products. NIAP develops them to ensure consistency in evaluating IT products for security compliance.
Will there be any changes to existing security policies or procedures due to this improvement?
Yes, there are slight changes through Security Technical Implementation Guides (STIGs).

Stronger management of company-owned devices

eSIM management for managed devices

Does eSIM management support both company-owned and employee-owned devices?

Yes, eSIM management on Android helps to seamlessly provision and remove eSIMs on both company-owned devices and employee-owned devices. On employee-owned devices, users can additionally delete the eSIM at any point.

What if an employee loses their device with an active eSIM?
IT admins have the option to delete the eSIM during factory reset. Additionally, they can contact their carrier to get the eSIM reassigned.
Does eSIM management affect data roaming charges?
No, eSIM management is independent of roaming controls. IT admins can disallow data roaming on company-owned devices.

Security restrictions for apps outside the Work Profile on company-owned devices

How can IT admins apply existing personal app policies outside the work profile?

IT admins can set personal app allowlist and blocklist policies through managed configurations on the personal Google Play store app. This feature is only available through the Android Management API. Contact your EMM to determine if they support this feature and to know how to set these managed configurations in their solution.

What control do IT admins have over apps in the private space?
Existing personal app allowlist or blocklist policies also apply to the private space.
What management sets can this feature be used for?
This feature is available from Android 15 onward and only on Work Profile on company-owned devices.

Enforce the default app selection for calls, messaging, and web browsing when setting up company-owned devices

Can I enforce the default apps for a company-owned device that’s already been set up?

The default messaging app can be set at any time. To enforce OEM defaults for dialer and browser after set up, this control must be combined with an app allowlist.

Controls for Circle to Search on Android Work Profile

Can I enable or disable Circle to Search for specific apps?

No, but it can be disabled within the Work Profile or on the entire device for fully managed devices.

Does this feature require an internet connection?
Yes, Circle to Search requires internet connection.
What management sets can this feature be used for?
Circle to Search is available on Work Profile and fully managed devices.
On what devices is this feature available?

Circle to Search is available on the following devices:

  • Pixel 8, Pixel 8 Pro, Pixel 6 series, Pixel 7 series, Pixel Fold, and Pixel Tablet
  • Samsung S24 series, S23 series (incl. FE), S22 series, S21 series, Z Flip 3, 4, and 5, Tab S9 series, and Tab S8 series

Screen brightness & timeout controls for company-owned, personally enabled (COPE) devices

What management sets can this feature be used for?

IT admins can set screen brightness and timeout controls on Work Profile on company-owned devices, fully managed devices, and dedicated devices.

Related links

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
6602361858686676256
true
Search Help Center
true
true
true
true
true
108584
false
false