Besides offering a host of cloud applications, one of G Suite’s key features is the ability to manage a fleet of employee devices. Today, the service is adding new protections to ensure enterprise data isn’t compromised on insecure Android and iOS devices.
Administrators can set security policies, like strong passwords, on devices that are signed into work accounts and have access to corporate data. On Android, phones and tablets that don’t adhere to an organization policies will be locked out of non-critical applications.
With that in mind, the Device Policy app will now disable access to non-critical apps* on any work profile or company-owned Android device that it determines is non-compliant. Users will see a notification informing them that their device violated a security policy and some apps may be disabled. Those apps will be re-enabled when their device complies with all of the organization’s security policies.
This disabling of apps like Gmail, Calendar, Contacts, and Hangouts is handled by that Device Policy app that is installed on these managed devices. However, apps like the Dialer or Messages that are “required for a device to function” will remain accessible to users of non-compliant devices.
Meanwhile, on iOS, Google Mobile Management will allow admins to block corporate data from syncing on jailbroken iOS devices. This requires the installation of an app that will regularly check if a device has been jailbroken. Just this week, a Google security researcher released an exploit for iOS 11.1.2 that could be used to compromise a device.