Getty Images/iStockphoto

Tip

Does Apple offer work profiles for iPhones?

Apple uses data and device containerization -- instead of the Android Work Profile model -- to split work and personal information on iPhones and support BYOD deployments.

Apple does not offer work profiles for its mobile devices, but the vendor employs mobile containerization to keep personal and corporate data separate and secure. 

A work profile is a distinct area of an Android device solely dedicated to saving work data and apps, differentiating them from users' personal information. These are clear-cut domains that enable platform-level separation of work data and applications, allowing organizations to administer control over professional apps, data and security policies within a work profile.

Apple handles corporate mobile applications and data for its iOS devices somewhat differently. Through Apple's containerization technology, IT teams can separate corporate data into a single business container. The business container manages data movement between business-approved applications, accounts and unregulated apps.

How does Apple's data container system work?

Since Apple introduced its mobile device management (MDM) protocol in 2010, iOS has been at the forefront of mobile operating systems for enterprise use. The MDM protocol allows IT administrators to send administration commands to managed iOS and macOS devices. This allows Apple to run its enterprise container system on iPhones and work with third-party MDM software providers.

The goal of a container system is to prevent employees from moving data from a work program into an unregulated app. Before Apple, many enterprise software companies created independent container applications that sat above operating systems and prevented users from sharing corporate data.

The goal of a container system is to prevent employees from moving data from a work program into an unregulated app.

Because Apple owns the operating system for iOS devices, the company has built its native container system right into its baseline code. The system allows users to share data using native and other trusted third-party programs that an enterprise's IT team has vetted. This means that the IT department can select a group of apps, as well as approved content downloaded via email and the web, that the iOS container system can access.

IT departments can also work with security teams and users to select preferred apps and data for the iOS business containers to support and trust. IT can push out applications to users or users can select them from a dedicated enterprise app catalog, which delivers a protected environment for users to work in.

With Apple's iOS framework, IT teams can secure corporate data with either Apple or third-party MDM software.

Capabilities of business containerization

Apple's system of mobile containerization enables IT teams to manage BYOD units that employees bring into the corporate sphere or use remotely in work-from-home scenarios.

To secure the most vulnerable and valuable corporate data, IT departments can apply restrictions available via the container system. Some useful restrictions IT may implement include the following:

  • prevent unmanaged apps from reading managed contacts;
  • prevent unregulated sources from opening work documents;
  • stop managed documents from being shared through Apple's AirDrop wireless file-sharing system, which runs over Bluetooth and can be a security risk; and
  • prevent work data from synchronizing with Apple's iCloud software.

Enabling or disabling Touch ID in an enterprise environment is possible with containerization and MDM software as well. Apple says that its Face ID facial recognition feature is even safer than Touch ID for security, and this biometric authentication option can also be enabled or disabled by an organization's MDM software.

Android work profiles vs. Apple containerization

The work profile software on Android smartphones differs from Apple's corporate container system in a few major ways. The Android Enterprise platform looks different, marking work items on a user's device with blue suitcase icons to distinguish them from personal apps. Users can also turn off the Android work profile at the end of the business day.

In iOS, however, the enterprise container runs in the background at all times. So if Microsoft Word is designated as a business app in the container, for example, users would need to download another word processing application if they wanted to use their device for personal writing purposes. This is an inconvenient aspect of the Apple container system for end users.

For greater separation of corporate and personal data, organizations can enroll devices with Apple User Enrollment. This MDM option further ensures that user information is secure on BYOD iPhones, limiting IT's supervision of personal apps and data on enrolled devices.

While Android work profiles have been available since 2014 and might appear more straightforward to users, Apple's container system is considered more secure overall than the Android alternative. This is because Apple holds tighter control over its operating system, app store and devices.

This reputation for device security has led U.S. organizations to rely on Apple for their enterprise smartphones, with Apple holding about 57% of the U.S. market share of mobile OSes in 2022. Meanwhile, Android rules the mobile OS scene worldwide with around 71% of the global market share.

Both Android and Apple provide effective options to separate work and personal data. While Apple devices might offer security benefits, IT teams must understand how to use native tools, deploy configuration profiles and integrate MDM software into a mobile strategy in order to successfully meet corporate and end-user needs.

Next Steps

How to detect and remove malware from an iPhone

Dig Deeper on Mobile application strategy