[Day 1] Mobile Devices With a Sixth Sense: What Android Can Learn From Detection Dogs
Good afternoon everyone! Intro Alongside my passion for Android, which I’ve also made my profession, I spend a lot of my personal time working on scent detection training with dogs. Over the years I’ve trained my own dogs to search for items such as data carriers, phones, cannabis, and most recently one on cash. I wanted to participate in the festival because I had to skip the opportunity last year. But to contribute meaningfully, I wanted to create something that connects both worlds, Android and my other interests. This article is the result of that cross-pollination. The article is just a different perspective to discuss, a thought I had and a look in to what I think could be a good future. Android & detection / search dogs Enterprise mobility is still too often reduced to policies, profiles, and compliance checkboxes. A device shows compliant, an app is locked down, and the job seems done. But anyone who has worked with a well-trained detection dog knows that control is only half the story. The real value comes from analyzing behavior and context, and the ability to anticipate on what’s coming. Fun fact: Our nose, and a dogs nose, contain olfactory receptors, nerve cells that detect odor molecules, which is what we use to recognize a scent. An average human has around 2 to 6 million of those. A dog’s nose has around 250-300 million. They are capable of detecting so much more scents than we do. A detection dog doesn’t just smell an object. It smells the contents, the ingredients of what it’s made of and It detects deviations. It recognizes not only what is present, but also when a situation doesn’t match the pattern it expects. If something has disturbed the soil, it will recognize that. And as a handler you should be able to read to signals and act on it. If you want to go right, and the dog is showing that it recognizes a scent on the left, you should really go left and trust the signals your dog is sending you. As a dog handler I’m trusting my dog to make the right decisions, I just follow and guide the dog where needed. Lift him to higher grounds, or maybe mark areas of extra interest that I can see and I’ve been told to search. Its teamwork. Devices as Sensors Imagine a device that doesn’t only enforce policy but also understands what normal looks like in its environment. Not only checking whether something is allowed, but noticing when something is unexpected. A phone that has spent months connected only to Wi-Fi inside the warehouse but suddenly appears on 4G at two in the morning in another city, that may not be a direct policy violation, but it is something you and I would ask questions about. Any detection dog would pause, tilt its head, and quietly signal that something’s off. The ingredients to make devices smarter already exist. Smartphones capture motion, location, battery patterns, network behavior, app usage, and user interaction. Individually these are datapoints, but together they form a pattern, just like scent particles form a track for example. The interesting part is: the hardware has been ready for years. What we lack is interpretation. Fun fact: Did you know that when a dog is searching/sniffing, it can inhale and exhale up to 300 times per minute? If we would do this, we will start hyperventilating within seconds. I think Android could evolve in the same direction by learning baselines of enterprise-normal rather than relying solely on static policies. Once a baseline exists, devices can flag changes proactively, early before things escalate. An example Consider a warehouse worker scanning goods along the same aisle, during the same shift, using the same three apps every day. Android sees that, learns it, and identifies it as normal. But one Monday everything is different: roaming is active, a new route is taken, unfamiliar apps are running. Instead of asking only is this allowed?, the device could ask is this unusual?, should I report this?, is this risk or intentional deviation? As an IT admin, you could check those signals and take appropriate action. But maybe we want Android Enterprise to take their own actions up to a certain degree? This isn’t just security, it also improves stability, efficiency and less downtime. Combine all these and you might even have an employee who is actually happy with the work IT is doing. Instead of being the team who keeps blocking things, you become the IT admin that makes the devices just work when they need to. Closing note I am aware of different MDM’s providing such solutions such as WS1 and Knox Asset intelligence. But I think it could and should be so much better than that. It should be part of core Android OS, present for everyone, not just the one who can afford it but also the smaller companies with less budget. It shouldn’t be depending on a third party whether or not this works. Android Enterprise has matured. Policies are essential, but they’re not the finish line. The real opportunity lies in devices that understand normal, and detect subtle deviations before users even notice. Maybe it’s time our Android fleets developed a sense of intuition. Maybe it's time for Android fleets to develop their own sixth sense like a detection dog that quietly sits, nose raised, because it notices something no one else does yet.
[Day 2] Mission Intune : When Migration Becomes a Mission (Almost) Impossible
Good Morning Everyone 🕵️ Deep within the digital infrastructure, a high-stakes mission is being prepped. Five mobility experts have been deployed to solve a massive puzzle: migrating tens of thousands of smartphones to Microsoft Intune. The Goal: Ensure a fluid, secure, and uninterrupted transition for thousands of users. The Battlefront: A complex landscape filled with legacy policies, mixed configurations, and strict deadlines. It’s a race against the clock where one wrong move could start a domino effect. From scripts to security protocols—nothing is left to chance. Failure is not an option. Following Broadcom’s acquisition of VMware in 2023, the Workspace ONE product is now owned by Omnissa. Broadcom’s commercial strategy, which has influenced its spin-off companies, had become highly aggressive toward all customers. Consequently, we have decided to migrate the management of our Android and iOS tertiary fleet to Microsoft Intune.. While we are familiar with Intune, several limitations should be noted: Reporting: Intune offers basic reporting through Microsoft Endpoint Manager and Power BI integration, but lacks the advanced, customizable dashboards available in Workspace ONE. Deployment Performance: Application and configuration deployments can be slow, with status updates often delayed due to Intune’s reliance on periodic device check-ins rather than real-time communication. iOS Management: Intune provides full functionality only for devices enrolled via Apple Business Manager (ABM). Non-ABM devices have restricted supervision capabilities, limiting advanced configuration and app deployment. Error Handling: Intune does not display granular error codes in its console. Troubleshooting often requires log collection from the device or use of Microsoft Support tools, increasing diagnostic complexity. Conditional Access & Compliance: Intune integrates tightly with Azure AD for conditional access policies, which is a strength, but requires additional configuration and licensing for advanced scenarios. App Protection Policies: Strong for Microsoft 365 apps, but less flexible for third-party apps compared to Workspace ONE. Migration Strategy Overview The project aims to migrate the entire mobile fleet—a few tens of thousands Android and some iOs devices—between September 2023 and December 2024. Cybersecurity requirements mandate a shift from COBO (with personal Google accounts allowed) to COPE, reinforcing corporate control and reducing exposure to security risks. Key Challenges Technical Constraints: Devices incompatible with Android 13 require hardware replacement. For most employees, migration involves full device reset and Intune re-enrollment—a complex, time-consuming process. Security Limitations: Backup tools cannot be authorized, increasing the risk of data loss and user errors. A recurring issue is failure to remove Microsoft Authenticator configurations, creating significant support overhead. Performance Impact: The Samsung Galaxy A32, previously adequate under COBO, performs poorly under COPE, affecting user experience. Status and Strategic Decision By June 2024, progress is far below target. To mitigate operational disruption and support overload, the strategy shifts: forced migrations are discontinued. Migration now occurs only during: Hardware replacement (obsolescence, failure, or breakage) Voluntary device reset This approach prioritizes stability and resource optimization while maintaining compliance with security standards. We’ve been with Intune for almost two years, we make do with it and we are hardly surprised anymore when something doesn’t work. If you have any questions, don't hesitate to reach out via the comments below KrisDo certifications matter when researching new devices?
Hey everyone, Episode 3 of The Secure Element went live last month! Bigdogburr (our go-to security expert) sat down with Brian Wood from Google’s Device Security and Privacy team to unpack how devices get approved for use in the US federal government. Spoiler: it’s not simple! From government-approved labs running tests, to annual re-certifications, to the role of NIAP (National Information Assurance Partnership) — there’s a lot going on behind the scenes to make sure devices are truly secure and trustworthy. When you’re looking at new devices, do you pay attention to security certifications or accreditations? If so, what certifications are you most interested in your region? Or do you focus on something else entirely? Let me know your thoughts below — I’d love to hear how you approach this! Chat soon, Emilie
Restoring Data on a Fully Managed (Device Owner) Android Device During Enrollment
Hello everyone, I’m testing the setup (enrollment) of a Device Owner / Fully Managed Android device, and I’ve run into a question about restoring data. When setting up a personal Android device, you typically get the option to sign in with a Google account and restore apps/data from a backup. However, when I try this on my test device with the fully managed (Device Owner) enrollment flow, it goes straight into the MDM provisioning process. I don’t see the Google sign-in page or any option to restore data from my Google backup. My questions: Is this the expected behaviour for Device Owner (fully managed) setups? Are there any official guides or best practices for restoring user data in this scenario (if supported)? Thanks in advance for any guidance or documentation links!Share your deployment experiences with Android zero-touch enrollment
Hey everyone, In ‘5 Overlooked Benefits of Android Enterprise’, we touched on Android zero-touch enrollment, and it’s something many of you are actively using to streamline your device rollouts. For those in IT, Android zero-touch can be a powerful tool - see our handy guide to learn more. It’s about getting devices to your users ready to go, automatically enrolling in your EMM and pulling down all the right policies as soon as they connect. That means less hands-on time for your team and a smoother experience for end-users. We know real-world deployments always have their nuances, but it would be great to hear about your deployment experiences using zero-touch enrollment: Did you overcome any unexpected hurdles? What was the scale of your deployment - a few devices for new joiners, or hundreds for a company-wide refresh? If you could share one key tip or best practice for someone looking to nail their next zero-touch deployment, what would it be? We’re all here to learn from each other’s stories, and your insights are super valuable. I’m looking forward to reading your stories! Chat soon, EmilieWhat security threats do you experience the most?
Hey everyone, Stop what you’re doing - episode 2 of The Secure Element is out now! Tune in as Bigdogburr and Theresa Lanowitz, Chief Cybersecurity Evangelist at LevelBlue, dive into achieving cyber resilience in an era of boundaryless computing. Their discussion truly reinforced for me just how vital a holistic approach to securing all end-user computing is - from laptops to mobiles, and everything in between - especially with cyberattacks becoming so sophisticated. The role AI plays in crafting these increasingly targeted attacks was a real eye-opener! This episode got me thinking about the real-world threats we’re all facing. What are the kinds of cyber threats you are most confronted with? Cast your vote in the comment section below: Phishing / Quishing/ Smishing (Email, SMS, or QR code tricks) Deepfakes (Convincing fake video/ voice calls) Malicious apps (Apps designed to steal data/ compromise devices) Network attacks (Rogue or Spoofed Wi-Fi, man in the middle, etc.) Other (please share more details in the comments!) And share some wisdom! Do you have some tips on how to identify a cyber attack? If you’ve been targeted, what’s one key lesson learned that you think everyone should hear? Looking forward to reading your stories. Chat soon, EmilieWhat OS rel. your Android fleet is running ?
I'm just curious to know how other corporates doing OS patching. We at SAP only allow 2 latest OS versions which means today we only support Android 14/13. Our Android fleet is approx. 10 000 devices. Mixed Samsung and Google Pixel, no other manufacturers allowed. 70% of our Pixel devices running already Android 14 11% of our Samsung devices running already Android 14 How about yours?Share your AI Success Story: Android Enterprise customer testimonials & quotes needed!
Hey everyone, I hope you are having a good week. AI is evolving fast, and we're curious how it's starting to shape your work on Android. Has your company embraced it wholeheartedly or are you finding people more reserved when implementing AI? As part of our end of year festival, we had a brilliant community post by BenMcc all about the hopes and pitfalls of AI so far (well worth the read if you haven’t already), and we’re keen to keep the conversation going - what do you think of his observations about ownership/accountability and the future of AI? Whether you're a seasoned AI user or just dipping your toes in, we'd love to hear your experiences—even if they're initial observations or pilot projects. We’re looking for real-world examples and specific, impactful quotes that can be featured across our channels (or we could just have a great conversation below! 😀). It would be particularly interesting in learn about: Specific AI Use Cases: How are you leveraging AI tools in your daily work on Android? Google AI Tools: Are you using Gemini for Google Workspace, Circle to Search, Gemini models, on-device AI tools on Pixel, or other AI tools? Organizational Impact: How has AI improved your productivity, reduced costs, or streamlined processes? For example: "Gemini for Google Workspace has saved our team [X] hours per week by automating [specific task]." "Circle to Search has improved our ability to [specific action] while on the field." "On-device AI on Pixel allows us to [specific task] without needing constant internet access." Thank you in advance, Lizzie (and the Android Enterprise Team)
[Day 4] Community festival : Introduction to a mobile only strategy in a large company
Hello all, We are pleased to share with you some insights and achievements of our mobile only strategy. But first, I am really not sure sure you have heard about Thales ! Thales’s mission is to empower customers to face their decisive moments with confidence. Some key figures and core business below : What is our main idea ? Android devices are enough mature to start creating a working environment in Mobile Only strategy which means replacing PCs when they are not relevant. Which leads to: - Increased end users productivity - Reduced business and IT costs - Reduced carbon footprint - Better attractiveness and digital modernity for end users What we have achieved since 2021? The 1st step of this long journey - An agile project method focusing on the end user, really - A configuration designed, built and maintained WITH security officers from day 1. - An end-to-end solution imagined for the last step. - A 1st macro use case frontline workers, focus on logistics and production Just have a look on this video released in 2022, showing our fisrt production line in with our new digital workplace ! I hope you liked it! 2 years ago already… What are our next steps ? - An extension to other use cases. - A pedagogy for the entire "Android OS" ecosystem: Employees, vendors, customers to foster activities & new stuff - The pleasure of exchanging with you all. Vincent Turquet Yann Roland
