Carrying two phones is often inconvenient, but everyone wants — or needs — to be able to work on a smartphone without putting business data at risk or giving up personal privacy. For years, highly mobile companies have used Android’s work/home model, which splits a smartphone down the middle, separating work apps and data from personal apps and data.

IT managers who haven’t adopted Android work/home capabilities may not realize the features have changed. An active community of Android Enterprise users have been in dialogue with the development team, and the Work Profile in Android 12 is the result of the latest thinking on how to keep work and personal data separate and safe.

The Android team at Google has been conducting research with the Android user community specifically in the area of work/home smartphone use. Some features of Work Profile, such as the ability to pause the Work Profile, turn off notifications and work apps, are key elements in maintaining control of a good work-life balance.

What’s in a Work Profile?

The Work Profile feature of Android is designed to create security and privacy by partitioning your mobile device into work and non-work sectors. With Work Profile, a smartphone can become a true dual-use device, with an isolated workspace and a private personal space.

1. Apps

When your Work Profile is active, specific apps are loaded into the work side, and they’re marked in the Android graphical user interface (GUI) with a small briefcase icon. You can even have two copies of the same app, such as Microsoft Outlook, to use one for work and one for personal use.

2. Data

Another key part of Work Profile is the data partition that keeps the work and personal sides from interacting unless specifically configured to do so. Social networking apps, for example, often want access to your entire contacts list. With Work Profile, you can have your company directory available in Contacts on the work side, but LinkedIn on the personal side won’t be able to see that information.

Shop special offers

Find out about offers on the latest Samsung technology.

see deals

Speak to a solutions expert

Get expert advice from a solutions consultant.

Talk to an expert

Full customization is available, and IT managers can allow connections between the two sides when there’s a business reason for it. A good example is the Calendar app: If you allow work and personal sides of the device to communicate, the smartphone user can see their work and personal events together.

The goal of Work Profile is not just to keep enterprise data secure: It’s also to define privacy boundaries for the personal side. When Android Work Profile is in place, the user’s personal data and applications are kept private, outside of IT control.

3. Smartphone settings

The third major part of the Work Profile is device and OS settings. In general, when a work profile is created and linked to an enterprise mobile management (EMM) tool, the company’s IT team has full control over what’s inside the Work Profile and in device-wide settings, but only limited controls on the personal side.

How your settings configurations work will depend on how you choose to deploy the Work Profile. This is an area that changed in Android 11 to put greater emphasis on personal privacy. In the newer versions of Android, there are strong controls to limit what the company can do to preserve user privacy on mixed-use devices. For example, the company can’t see which apps are installed on the personal side of the smartphone.

IT managers essentially have three different models to work with. (You can find more details in Android Enterprise documentation.)

If it’s an employee-owned device in a Bring Your Own Device (BYOD) configuration, then the company can only see data and settings within the device’s Work Profile. You’ll see this called “Work Profile for Employee Owned Devices” in Android documentation.

If it’s a fully managed device with a Work Profile, the company has some more control over the device than with BYOD — but the personal privacy features of newer versions of Android limit your ability to see and control the personal part of the device. You’ll see the acronyms COPE (Company Owned, Personally Enabled), WPoCOD (Work Profile on Company Owned Device) and WPoFMD (Work Profile on Fully Managed Device) in older documentation.

The third model doesn’t include a Work Profile. That’s a device that is fully managed by the company, and isn’t intended for any type of personal use. You’ll see the acronyms COBO (company-owned, business-only) and COSU (company-owned single-use) used to describe this model.

How to set up Work Profile

There are many different paths to setting up a Work Profile on company-owned or personally owned devices, but they all have the same major steps.

The first step in setting up Work Profile is non-technical. It begins with deciding how Work Profile will support your security requirements and mobility strategy. You also need to be sure you’ve got an updated and accurate policy that covers the rights and responsibilities both of individual users and of the company when it comes to a shared-use device, no matter who owns it. (Samsung Insights has a number of articles on this, including example BYOD and CYOD policy templates, to help you get started.)

Next, your business will select an EMM or mobile device management (MDM) tool. You can pick any MDM you want: simple and easy to use or powerful with lots of features, standalone or tightly integrated with your company directory, focused on smartphones or inclusive of laptops and desktops — there are plenty of options. With a solid policy in hand, you can make short work of selecting your MDM tool.

Once your MDM tool is up and running, your IT team should define the policies that will be applied to your devices. These effectively define the Work Profile and whatever other settings can be pushed to the device, based on the model you selected: fully managed with a Work Profile or employee-owned (BYOD).

Mobile device management for beginners

White Paper

Get started with MDM so your organization can spend less and do more — securely and efficiently. Download Now

At this point, users can begin to enroll their devices in the MDM. This has two steps: downloading the MDM client, and then authenticating and linking that particular device to the company MDM and the user.

You might want to build a very user-friendly path, linking your MDM download and enrollment to automated device deployment, for example. Or, you might have users simply go to a website to start the process of downloading the MDM client and enrolling the device. If you pick Samsung as your smartphone supplier, you can also take advantage of the Knox Solution Set, designed to simplify and manage device configurations, MDM enrollment and firmware management.

When devices are enrolled in your MDM, the policies will automatically be applied, including creating and managing the Work Profile. As your needs change, whether you need new business apps or different security settings, your policy can be updated centrally, and changes will automatically be downloaded by all devices and enforced by the MDM client on the device.

The final step is user training. Although Work Profile is pretty self-explanatory, a few minutes of training — on the privacy features of Work Profile, and how to pause it — will help give end users a better experience and more confidence in their new dual-use smartphone.

Get our comprehensive guide and template for developing a BYOD policy tailored to your organization. And find out more about how Samsung Knox Suite provides an end-to-end solution for complex mobility needs.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder