Employee Experience Workspace ONE Unified Endpoint Management

Protecting user privacy with Android Enterprise and Workspace ONE

Employee privacy is a key consideration when implementing an enterprise mobility strategy in your organization. It’s important to safeguard personal data, especially as uncertainty over how user data is managed can discourage users from adopting enterprise mobility management (EMM) solutions on their devices.

This is especially relevant given the ubiquity of remote work. Last year, Google and Qualtrics conducted a study of more than 3,000 employees about their use of mobile devices for work. Eighty percent of respondents relied on a single device for both personal and work uses.

Even with corporate-owned devices, organizations are working to ensure employee privacy. In 2020, Omdia and Google partnered on a survey of 700 IT decision makers. They found that 80 percent of respondents believed personal data should be kept private from IT on a company-owned device.

Android has made privacy a top priority in recent releases, with particularly heavy investments in Android 11 and 12. Android’s Work Profile – both on employee-owned and corporate devices – is central to this effort by offering separation of personal and work data and applications. Let’s take a look at these improvements and how to leverage them through Workspace ONE UEM.

Renewed personal usage experience on COPE devices

In Android 11, the corporate-owned, personally enabled (COPE) mode was revamped to boost employee privacy while retaining the necessary controls to ensure compliance with organizational policies. Employees have more control over features on the personal side of the device, including VPN settings, personal applications, and device passcodes. Workspace ONE UEM supported this new model with Hub 21.01. For more information on these changes, see our Android Series video on this topic.

Organizations prefer to avoid factory resetting COPE devices unless absolutely necessary. Employees have personal data on the device, so a full device wipe is disruptive to the personal usage experience. In 2022, Workspace ONE UEM is introducing two new features to address this.

Workspace ONE UEM 2203 supports a new “Forgot my Passcode” button to allow resetting the Work Profile passcode in cases where the Work Profile is locked in Direct Boot mode. Previously, if a user forgot their Work Profile passcode and the Work Profile was in this state, administrators would have to factory reset the device. This meant wiping all personal data and applications.

Workspace ONE UEM will also support a new Enterprise Wipe action for COPE that will only remove the Work Profile. This gives organizations the ability to transfer ownership of a COPE device to the end-user without having to wipe their personal apps and data.

BYOD privacy improvements

Google has taken strong steps to enhance privacy on personal devices in recent OS releases. One area of focus has been preventing tracking of user activity based on hardware identifiers.

With Android 10, Google introduced MAC address randomization. This anonymizes the device when connecting to WiFi networks by providing an artificial MAC address instead of the factory MAC address. EMM solutions like Workspace ONE UEM only collect the factory MAC address of corporate-owned devices.

In Android 12, Workspace ONE UEM only collects non-resettable (hardware) identifiers like IMEI and the serial number on corporate-owned devices.

Privacy enhancements for EMM permissions

In all management modes, recent Android versions have added more transparency to how EMM solutions manage permissions.

Android 11

Users now have greater awareness of how Workspace ONE UEM manages location permission. End users are notified when Workspace ONE UEM:

  • Enables location services on their corporate-owned device
  • Grants an app location permission on a personally owned device

If an organization installs a permissions profile that automatically approves all runtime permission requests, the end-user is notified when an app requests and is granted location permission because of this policy.

Android 12

Only the end-user can grant sensor-related permissions, such as location and microphone, to applications in Work Profile and COPE modes. As with other solutions, Workspace ONE UEM administrators can no longer silently grant these permissions to work applications.


We believe that companies can meet their enterprise mobility goals without compromising employee privacy. Knowing how Google and Workspace ONE protect user privacy can help promote adoption of EMM in your organization. For more information on how we accomplish this, see these resources:

Product page: Workspace ONE Privacy Guard 

Google documentation 

VMware documentation 

VMware EUC blog: 3 Things You Need to Know About Workspace ONE Intelligent Hub & Employee Privacy