With heavy fragmentation essentially being not a side effect but a feature of Android, Google's operating system certainly isn't near the top of the list of platforms anyone would think of in association with timely security updates, rare exceptions (mostly developed by Google itself) notwithstanding. Yet that didn't stop Gartner from concluding the world's most popular mobile OS is also one of the most suitable ecosystems for enterprise use.
The market research company released a new, subscriber-only report this week, discussing several dozen points that administrators and other decision-makers ought to consider before pulling the trigger on a specific setup or part thereof. Ultimately, Gartner concluded that as of the latest stable build of Android, the ecosystem checks out on 26 out of 30 points it deems crucial for determining the security value of a tech platform, as well as 12 out of 13 categories identified as being of particular importance for enterprise management. The paper, titled "Mobile OSs and Device Security: A Comparison of Platforms," hence praises Android's focus on encryption, as well as Google's approach to its development and scalability in overall.
Android did fail to meet the strictest expectations in the network encryption and secure remote access segments, yet Gartner did change its requirements for both of those since its 2018 report. OS access and default access controls are much more problematic categories seeing how Google is still unable to fulfill the criteria established years ago. Project Treble did help improve things a bit, especially in terms of major software upgrades, yet the number of devices that actually receive "monthly" security patches every month is in the single digits; that luxury is reserved only for a handful of handsets released as part of the Android One program, as well as Google's own series of Pixel-branded smartphones.
A "perfect" (read: impregnable) security solution doesn't exist and never will but as far as best practices aimed at risk mitigation are concerned, Android comes very close to being the ultimate option for the security-conscious among us, especially when disregarding alternatives that aren't easily scalable, which is of even greater importance - small security holes can be patched up but the inability to maintain effectiveness across a variety of organizational units of different sizes is something that's much harder to compensate for, not to mention largely pointless; if you can't scale effectively, shouldn't you be rethinking your entire approach to doing business instead of forcing the issue and risking a catastrophe?
That's pretty much the bulk of Android's enterprise pitch right now; it's certainly not without issues but looking at the bigger picture, one can do a lot worse and is most likely to should they opt to ditch Google's ecosystem entirely. That kind of it's-something victory certainly doesn't inspire confidence the tech giant will be able to continue impressing the enterprise segment in the long run but seeing how it's been investing in improving the frequency of third-party updates via all indirect means available over the last several years, it appears it's well-aware of Android's major issues.