A work profile is a managed profile that has separate app data from the primary user profile but shares some system-wide settings, such as Wi-Fi and Bluetooth. The primary goal of a work profile is to create a segregated and secure container to hold managed data. The administrator of a work profile has full control over the scope, ingress, egress, and lifetime of data. Following are some characteristics of work profiles:
Creation. Any app in the primary user can create a work profile. The user is notified of work profile behaviors and policy enforcement before creation.
Management. Apps known as profile owners can programmatically invoke APIs in the
DevicePolicyManagerclass to restrict use. Profile owners are defined at initial profile setup. Policies unique to work profiles involve app restrictions, updatability, and intent behaviors.Visual treatment. Apps, notifications, and widgets from the work profile are badged and typically made available inline with user interface (UI) elements from the primary user.
Implementation details
Work profiles are implemented as secondary users, such that the apps running in
the work profile have a UID of uid = 100000 \* userid + appid. These profiles
have separate app data (/data/user/userid), similar to primary users.
AccountManagerService maintains a separate list of accounts for each user.
Account differences between a work profile user and a regular secondary user
include the following:
The work profile is associated with its parent user and is started with the primary user at boot time.
Notifications for work profiles are enabled by
ActivityManagerService, allowing the work profile to share the activity stack with the primary user.Additional shared system services include IME, A11Y services, Wi-Fi, and NFC.
Launcher APIs enable launchers to display badged apps and allowlisted widgets from the work profile next to apps in the primary profile without switching users.
Data segregation
Work profiles use the following data segregation rules.
Apps
When the same app exists in the primary user and work profile, apps are
scoped with their own segregated data. Generally, apps act independently and
can't communicate directly with instances across the profile-user boundary
unless they hold
INTERACT_ACROSS_PROFILES
permission or App-ops.
Accounts
Accounts in the work profile are unique from the primary user and credentials can't be accessed across the profile-user boundary. Only apps in their respective context are able to access their respective accounts.
Intents
The admin controls whether intents are resolved in or out of the work profile. By default, apps from the work profile are scoped to stay within the work profile exception of the Device Policy API.
Device identifiers
On personal devices with a work profile, Android 12 or higher removes access to device hardware identifiers (IMEI, MEID, serial number) and provides a unique, enrollment-specific ID that identifies the work profile enrollment for a specific organization. The enrollment ID remains stable across factory resets, enabling reliable inventory tracking of devices with work profiles.
Personally owned devices with a work profile must use the enrollment-specific ID; company-owned devices, including both work profile and fully managed devices, can also opt in to use the ID. To use the enrollment-specific ID, EMMs must set the organization ID for each device they manage, after which they can read the enrollment-specific ID on that device and handle it as a serial number. For more details, refer to Security and privacy enhancements for work profile.
Settings
Settings enforcement is scoped to the work profile, with exceptions for lockscreen and encryption settings that are scoped to the device and shared between the primary user and work profile. Other than these exceptions, a profile owner doesn't have device admin privileges outside the work profile.
Device management on devices with a work profile
Android 5.0 and higher supports device management for work profiles
on Bring Your Own Device (BYOD) personal devices using the
DevicePolicyManager
class. Additionally, Android 11 introduced the concept of work profiles on
company-owned devices. Device management capability inside the work profile
remains the same for both BYOD and company-owned device cases, however work
profiles on company-owned devices might provide additional capabilities/policies,
such as installSystemUpdate,
setScreenCaptureDisabled,
and
setPersonalAppsSuspended,
that can extend admin policy enforcement beyond the work profile for certain
device-wide policies.
Work profile on a personal device (BYOD): The device is a personal device and contains a work profile managed by an IT admin associated with the employer.
Work profile on a company-owned device: The device is provided or owned by the employer and contains a work profile managed by an IT admin associated with the employer. Apps can call
isOrganizationOwnedDeviceWithManagedProfile()to determine if the device was provisioned as an organization-owned device with a managed profile.
For more information on work profile creation and device policy API usage, refer to Create a work profile.
Profile owners
A Device Policy Client (DPC) app functions as the profile owner when a work profile is created. The DPC client app is typically provided by an enterprise mobility management (EMM) partner, such as Google Apps Device Policy, and is capable of enforcing policies when set as the profile owner. The work profile has badged instances of apps that are visually distinct from personal instances of apps; the badge identifies an app as a work app. The EMM has control only over the work profile (work apps and data) and not the personal space. Device policies are enforced only on the work profile with some exceptions, such as enforcing the lock screen which is applicable across the device.
Work profile user experience
Android 9 or higher creates a tighter integration between work profiles and the Android platform, making it easier for users to keep their work and personal information separate on their devices. Work profile changes appear in the launcher and provide a consistent user experience across managed devices.
Users can toggle the work profile from settings or the Quick Settings
menu. In Android 9 or higher, device implementations might include a toggle in
the work tab footer for users to enable or disable the work profile. Toggling
the work profile is done asynchronously and applied to all valid user
profiles; this process is controlled by the WorkModeSwitch class.
Devices with an app tray
In Android 9 or higher, the work profile UX changes for Launcher3 help users maintain separate personal and work profiles. The apps drawer provides a tabbed view to distinguish personal profile apps from work profile apps. When users first view the work profile tab, they're presented with an educational view to help them navigate the work profile.
Users can switch between the different profile views by using profile tabs or similar user interface at the top of the app drawer:
Figure 1. Personal tab view
Figure 2. Work tab view, work profile toggle
The tabbed view is implemented as part of the
AllAppsContainerView
Launcher3 class. For a reference implementation of the tabbed profile indicator,
refer to the PersonalWorkSlidingTabStrip class.
User education message in devices with a work tab
Android 9 or higher supports an educational view that informs users of the purpose of the work tab and how they can make work apps easier to access. Using Launcher3, an educational view can be shown in the work tab screen when users first open the work tab, as shown in the figure:
Figure 3. Educational view
Devices without an app tray
For launchers without an app tray, it's recommended to continue placing shortcuts to the work profile apps in the work folder.
Custom launcher implementations can use
getProfiles()
and
getActivityList()
to retrieve a list of apps with a launcher icon for the work profile user.
In devices that implement a work folder, users can access work profile apps by opening the work folder:
Figure 4. Closed work folder
Figure 5. Opened work folder
User education message in devices with a work folder
For launchers without an app tray, where a work folder contains work apps the work profile education message might be shown in the form of a dismissable tooltip when the user opens the work folder for the first time:
Figure 3. Dismissable tooltip
Validate work profile user experience
The simplest way to test the work profile user experience is by setting up a work profile using the Test DPC app. The following steps describe how to setup a work profile on a personal device (BYOD scenario):
Start with a factory reset device and complete personal profile setup using a personal Google Account or alternatively use a device with a personal profile as the starting point.
Install the Test DPC app from the Google Play Store.
Open the launcher or app drawer and select Set up Test DPC.
Follow the onscreen instructions to set up a work profile:
Figure 4. Set up work profile
Figure 5. Add accounts
Figure 6. Setup completeOpen the launcher or app drawer and verify that the work tab is present and contains a work profile footer. Alternative device manufacturer implementations can contain a work folder instead of a work tab.
Verify that you can toggle the work profile from Quick Settings (or settings) by confirming that the work profile apps (apps with the briefcase badge) are enabled and disabled as expected. In certain device implementations, work apps might be grayed out when the work profile is disabled while others, such as implementations with a work tab, might display an overlay with a message informing that the work profile is off. The following figures show examples of enabled and disabled work profiles on a device that implements a work tab:
Figure 7. Toggle on, work profile enabled
Figure 8. Toggle off, work profile disabled
Work profile app badge
In Android 9 or higher, for accessibility reasons, the color of the work badge is blue (#1A73E8) instead of orange.