What is app separation and what problem can it solve? A short introduction.
The full management mode is created by Google to manage company owned devices that will be used in a work only manner. An important characteristic is a lack of separation or isolation between apps. All apps are allowed to intercommunicate and can access data on the device. In contrast to the BYOD or personally enabled deployment modes there is no Work Profile “container” available to isolate the work apps.
The problem lies in a situation where you have to allow “less” trusted apps. Apps that need access to contacts, email addresses or maybe ask for access to the gallery or other folders on the device. Think of ride sharing apps, airline apps or even (work related) social media apps.
If there are no boundaries between apps and data on the device how do you provide access to less “trusted” apps without risking corporate data?
Here comes KNOX app separation into play. By using App separation you create a sandboxed environment for the less trusted apps where the apps cannot (inter)communicate with apps outside the sandboxed folder and cannot access data outside the sandboxed folder. To distinguish these apps from the other apps the separated apps are presented to the user in a “separated apps” folder.
This concludes the introduction. In future blogs I will post more about app separation.