This page provides an overview of the new enterprise APIs, features, and behavior changes introduced in Android 12.
The following new features are available in Android 12 for work profiles.
Security and privacy enhancements for work profile
The following features are available in Android 12 for personal devices with a work profile:
- The password complexity feature sets device-wide password requirements in the form of predefined complexity buckets (High, Medium, Low, and None). If required, strict password requirements can instead be placed on the work profile security challenge.
- Work profile security challenge onboarding has been streamlined. Setup now takes into account whether device passcode meets admin requirements, and makes it easy for the user to choose whether to increase the strength of their device passcode or to use the work profile security challenge.
- An enrollment-specific ID provides a unique ID that identifies the work profile enrollment in a particular organization, and will remain stable across factory resets. Access to other hardware identifiers of the device (IMEI, MEID, serial number) are removed for personal devices with a work profile in Android 12.
- Company-owned devices, with and without work profiles, have the option to adopt the features listed in the preceding list items, but are not required to adopt in Android 12.
The following section describes changes in enterprise APIs that are not specific to work profiles or company-owned devices.
Unmanaged device certificate management
Devices without management are now able to take advantage of Android’s on-device key generation to manage certificates:
- The user can grant permission to a certificate management app to manage their credentials (not including CA certificates).
- The certificate management app can use Android’s on-device key generation.
- The certificate management app can declare a list of apps and URIs where the credentials can be used for authentication.
New APIs provide new functionality:
- Check if the the existing device-wide password is compliant against explicit device password requirements.
- Check whether a certificate and private key are installed under a given alias.
Android 12 includes the following notable API deprecations:
getPasswordQuality()are deprecated for setting device-wide passcode on work profile devices that are personal devices rather than company-owned. DPCs should use
getOrganizationColor()are fully deprecated in Android 12.