Mobile Device Security: How Encryption Protects Your Company’s Data
The massive adoption of remote work and the widespread use of mobile devices in corporate environments have exposed new security vulnerabilities. The recent "Threat Landscape 2023" report by Kaspersky reveals that Brazil leads in mobile device attacks across Latin America.
This scenario reinforces a known reality: protecting your company’s data is essential. Information such as names, emails, passwords, and banking data is constantly at risk. As a result, cybersecurity has become a top priority in corporate strategies.
Urmobo: Experts in Android Device Security for Enterprises
Urmobo specializes in managing Android devices in businesses and protects corporate data stored on smartphones through encryption, ensuring information security from the moment a device is enrolled.
What Is Data Encryption?
Encryption on Android devices adds an extra layer of security by converting all stored data into an unreadable format, which can only be decrypted with a password or an authorized recovery key.
Android provides two types of encryption:
🔒 Full-Disk Encryption (FDE)
Available starting from Android 5, but deprecated as of Android 10
Uses 128-bit AES (or 256-bit on some devices)
The main encryption key is stored in a Trusted Execution Environment (TEE)
🔐 File-Based Encryption (FBE)
Introduced in Android 7, and mandatory from Android 10 onward
Uses unique encryption keys per user, with AES-256 encryption
Keys are protected in a secure environment, just like in FDE
How Does Urmobo MDM Protect Your Data?
Any Android device running version 7 or higher with GMS (Google Mobile Services) is ready for encryption — the minimum requirement to use Urmobo MDM.
As an official Android EMM partner and Android Enterprise Recommended solution, Urmobo integrates Android Enterprise capabilities natively — including encryption protocols. So, even if the device doesn't come encrypted from the factory, encryption will be automatically enforced during enrollment via Urmobo MDM.
Security Beyond Encryption
An EMM solution like Urmobo MDM goes beyond just encryption:
Blocks malware and unwanted apps
Remotely wipes data in case of loss or theft
Enforces password policies
Ensures compliance with the company’s security policies
At enrollment, the device automatically receives a DPC (Device Policy Controller) — an app that enforces the policies configured in the MDM console, ensuring alignment with corporate guidelines.
What About Personal Use (BYOD)? How Does the Work Profile Work?
The Work Profile allows secure isolation of corporate apps and data from personal data on the same device.
In this model, the DPC is installed only in the Work Profile, which is managed by Urmobo MDM. Data separation is based on Android’s multi-user architecture.
Even if the personal part of the device (e.g., Android 6) isn't encrypted, the Work Profile will be automatically encrypted when created via Urmobo MDM.
Additionally, File-Based Encryption (FBE) — mandatory from Android 10 — enhances this separation by applying distinct encryption keys for each profile.
Summary
Android uses AES-256 encryption
FBE is mandatory and automatic from Android 10
Devices enrolled with Urmobo MDM (Android 7+, GMS) are automatically encrypted
An EMM solution ensures, via the DPC, that devices comply with the company’s security policies
🔒 To learn more, see the Android Enterprise Security White Paper (PDF)