But Google is also working with its wider partner ecosystem to expand its support for the Zero Trust security model on Android. This means, for example, working with partners like Okta, Ping and ForgeRock to move their authentication workflows from WebView to Chrome Custom Tabs on Android. Google has long argued that developers should use Custom Tabs whenever they render content from outside of their own domain, in part for performance reasons, but also because Chrome’s Safe Browsing features provide additional security.
Android 12 is currently available for Google’s Pixel phones and will be gradually rolled out to others over the next few months. You probably think of Android as a consumer product, but over the last several years, Google has worked hard to make it a corporate tool as well. With the release of Android 12, which already contains a number of new corporate capabilities by default, Google is also unveiling a handful of new security-focused efforts centred on Android Enterprise. This includes a new bug bounty programme called the Android Enterprise Vulnerability Program, which offers up to $250,000 for a complete vulnerability of a Pixel smartphone running Android Enterprise.
Google is also extending its Android Management API to make it easier for companies that use Enterprise Mobility Solutions from the likes of Microsoft, Citrix or Google itself to ensure that users “receive the fastest delivery of all of our enterprise features, with best practices and Android Enterprise Recommended requirements set by default.”
“While WebView is a flexible and powerful component for rendering web content, Custom Tabs are more modern and full-featured, allowing identity providers to gather device trust signals, improve employee security and enable single-sign-on across apps and the web,” explains Rajeev Pathak, a senior product manager at Google, in today’s announcement.