Welcome to Android 12 Developer Preview! Please give us feedback early and often, and help us make Android 12 the best release yet!

What's new for enterprise in Android 12

This page provides an overview of the new enterprise APIs, features, and behavior changes introduced in Android 12.

Work profile

The following new features are available in Android 12 for work profiles.

Security and privacy enhancements for work profile

The following features are available in Android 12 for personal devices with a work profile:

  • The password complexity feature sets device-wide password requirements in the form of predefined complexity buckets (High, Medium, Low, and None). If required, strict password requirements can instead be placed on the work profile security challenge.
  • Work profile security challenge onboarding has been streamlined. Setup now takes into account whether device passcode meets admin requirements, and makes it easy for the user to choose whether to increase the strength of their device passcode or to use the work profile security challenge.
  • An enrollment-specific ID provides a unique ID that identifies the work profile enrollment in a particular organization, and will remain stable across factory resets. Access to other hardware identifiers of the device (IMEI, MEID, serial number) are removed for personal devices with a work profile in Android 12.
  • Company-owned devices, with and without work profiles, can adopt the features listed in the preceding list items, but are not required to adopt them in Android 12.
  • You can set and retrieve work profile network logging. You can delegate network logging on the work profile to another work application. You can't use network logging to monitor traffic in the personal profile.

Company-owned devices

The following new features are available for company-owned devices. The term company-owned device refers to both fully managed devices and work profile devices that are company-owned.


The following section describes changes in enterprise APIs that are not specific to work profiles or company-owned devices.

Unmanaged device certificate management

Devices without management are now able to take advantage of Android’s on-device key generation to manage certificates:

  • The user can grant permission to a certificate management app to manage their credentials (not including CA certificates).
  • The certificate management app can use Android’s on-device key generation.
  • The certificate management app can declare a list of apps and URIs where the credentials can be used for authentication.

New APIs provide new functionality:


Android 12 includes the following notable API deprecations:

  • setPasswordQuality() and getPasswordQuality() are deprecated for setting device-wide passcode on work profile devices that are personal devices rather than company-owned. DPCs should use setRequiredPasswordComplexity() instead.
  • setOrganizationColor() and getOrganizationColor() are fully deprecated in Android 12.

Learn more

To learn about other changes that might affect your app, read the Android 12 behavior changes pages (for apps targeting Android 12 and for all apps).