Reference
Glossary
Plain-English definitions for Android and Device Management terms you'll encounter — from ADB to Zero-Touch Enrollment.
65 terms
A
ADB (Android Debug Bridge) A command-line tool that lets you communicate with an Android device from a computer. Used by developers and IT admins to run commands, install apps, and debug devices over USB or a network connection.
androiddeveloper
AES-256 Encryption A symmetric encryption standard that uses a 256-bit key to secure data. Considered one of the strongest encryption methods available and is widely used to protect data stored on managed devices. securityencryption
AMAPI Android Management API — Google's cloud-based API for enrolling and managing Android devices. googleapi
Android Device Admin A legacy Android API that allowed apps to enforce device policies such as password requirements and remote wipe. Deprecated by Google in favor of Android Enterprise and the Android Management API. androidlegacy
Android Device Owner A device management mode in Android Enterprise where a single app — typically an MDM agent — has full control over the device. Used for company-owned devices that require strict management and security policies. androidenterprise
Android Enterprise A set of tools, APIs, and management capabilities provided by Google for deploying and managing Android devices in a business environment. It supports multiple device modes including fully managed, dedicated, and work profile. androidgoogle
Android Management API (AMAPI) A cloud-based API from Google that allows MDM platforms to enroll and manage Android devices without requiring a local agent app. AndroidNexus is built on top of AMAPI. googleapi
AOSP (Android Open Source Project) The open-source version of Android maintained by Google. AOSP devices do not include Google Mobile Services by default, which can limit MDM functionality. Common in custom hardware and purpose-built devices. androidopen-source
API (Application Programming Interface) A set of rules and protocols that allows software applications to communicate with each other. In MDM, APIs are used to connect management platforms to device operating systems, app stores, and third-party services. developmentintegration
App Allowlist A policy setting that defines which applications are permitted to be installed or run on a managed device. Any app not on the allowlist is blocked, giving IT admins granular control over device usage. policyapps
App Blocklist A policy setting that explicitly prevents specific applications from being installed or run on a managed device. Identified by their package name, blocked apps are automatically removed or prevented from launching. policyapps
App Pinning An Android feature that locks the screen to a single app, preventing users from navigating away. Useful for shared or public-facing devices where you want to restrict access to one application. androidkiosk
B
C
CI/CD (Continuous Integration / Continuous Delivery) A software development practice where code changes are automatically built, tested, and deployed. In device management, CI/CD pipelines are used to automate the release of firmware updates, app versions, and configuration changes.
developmentautomation
Compliance Policy A set of rules that define the minimum security and configuration requirements a device must meet to be considered compliant. Devices that fall out of compliance can be automatically flagged, restricted, or wiped. policysecurity
Configuration Profile A file that contains device settings and policies which are pushed to a managed device by an MDM platform. Profiles can configure Wi-Fi, email accounts, VPN settings, restrictions, and more. policyconfiguration
Console The web-based dashboard used by IT admins to manage their device fleet. From the console, admins can enroll devices, create policies, deploy apps, run remote commands, and monitor compliance status. platformadmin
COPE (Company Owned, Personally Enabled) A device ownership model where the company owns the device but allows the employee to use it for personal purposes. COPE deployments typically use a work profile alongside personal apps on the same device. policyenrollment
Corporate-Owned Device A device purchased and owned by the organization that is issued to employees or deployed for a specific business purpose. Corporate-owned devices are typically subject to stricter management policies than BYOD devices. ownershipenrollment
D
Dedicated Device A corporate-owned Android device configured for a single purpose or set of tasks, such as a kiosk, scanner, or shared fleet device. Dedicated devices run in a locked-down mode with no personal use intended.
androidenterprise
Device Compliance The state of a device as it relates to an organization's defined security and configuration requirements. A compliant device meets all policy requirements; a non-compliant device may be restricted or flagged for remediation. securitycompliance
Device Fleet The total collection of managed devices within an organization. Fleet management involves enrolling, configuring, monitoring, and maintaining all devices from a central platform. managementadmin
Device Lifecycle The full lifespan of a managed device from procurement and enrollment through active use to eventual retirement and decommissioning. Effective lifecycle management helps organizations track assets and maintain security at every stage. managementadmin
Device Policy A configurable set of rules applied to managed devices that defines security requirements, app permissions, device restrictions, and other settings. Policies are assigned to devices or groups and enforced by the MDM platform. policyconfiguration
Device Policy Controller (DPC) An app installed on an Android device that enforces the policies set by an MDM platform. The DPC acts as the bridge between the management console and the device operating system. androidenterprise
Device Provisioning The process of configuring a device for use within an organization, including enrolling it in an MDM platform, applying policies, and installing required apps. Provisioning can be done manually or automated using methods like QR code or zero-touch enrollment. enrollmentconfiguration
E
Encryption The process of converting data into a coded format that can only be read by authorized parties. Managed devices typically enforce full-disk encryption to protect sensitive data in the event of loss or theft.
securitydata
Enterprise Enrollment The process of registering a device with an organization's MDM platform so it can be managed, secured, and configured remotely. Enterprise enrollment methods include QR code, zero-touch, and NFC-based provisioning. enrollmententerprise
Enterprise ID A unique identifier assigned to an organization when it registers with Google's Android Management API. The Enterprise ID links the organization's MDM platform to Google's device management infrastructure. googleenterprise
Enterprise Mobility Management (EMM) A broader category of device management that extends beyond MDM to include mobile application management, mobile content management, and identity management. EMM provides a more comprehensive approach to securing mobile workforces. managemententerprise
F
Factory Reset The process of wiping a device back to its original out-of-the-box state, removing all data, apps, and configurations. Used to prepare devices for enrollment, reassign them to new users, or remotely wipe lost or stolen devices.
securityenrollment
Factory Reset Protection A built-in Android security feature that requires the original Google account credentials to set up a device after a factory reset. MDM platforms can configure FRP settings to prevent unauthorized reactivation of corporate devices. securityandroid
FOTA Update (Firmware Over-the-Air) A method of remotely delivering firmware updates to devices without requiring physical access. FOTA allows IT admins to keep device operating systems and firmware current across an entire fleet from a central console. updatesmanagement
Fully Managed Device An Android Enterprise enrollment mode where the organization has complete control over the entire device. Used for corporate-owned devices where personal use is not permitted. Admins can enforce all policies and restrictions across the full device. androidenterprise
G
Google Mobile Services (GMS) A collection of Google apps and APIs including the Play Store, Gmail, Maps, and Google Play Protect that are pre-installed on certified Android devices. GMS certification is required for full Android Enterprise functionality.
googleandroid
Google Workspace Google's suite of cloud-based productivity and collaboration tools, including Gmail, Drive, and Calendar. In an MDM context, a Google Workspace account is often required to set up Android Enterprise and link an organization to the Android Management API. googleenterprise
I
K
L
M
Managed Google Play A version of the Google Play Store designed for enterprise use. IT admins can use Managed Google Play to approve, distribute, and silently install apps on managed devices without requiring users to have personal Google accounts.
googleapps
Mobile Device Management (MDM) A category of software that allows organizations to remotely enroll, configure, monitor, and secure mobile devices such as smartphones and tablets. MDM platforms enforce policies, deploy apps, and provide remote actions across a device fleet. managemententerprise
N
O
OAuth An open authorization framework that allows third-party applications to access a user's resources without exposing their credentials. MDM platforms use OAuth to securely connect to services like Google Workspace during enterprise setup.
securityauthentication
Onboarding Token A secure credential generated in an MDM console that authorizes devices to enroll into an organization's enterprise. Onboarding tokens are typically represented as QR codes and can be configured with expiry dates, usage limits, and policy assignments. enrollmentprovisioning
OTA Update (Over-the-Air Update) A method of wirelessly delivering software or operating system updates to a device without requiring a physical connection. MDM platforms can manage and schedule OTA updates across a fleet to ensure devices stay current and secure. updatesmanagement
P
Package Name A unique identifier for an Android application, typically in reverse domain format such as com.example.app. Package names are used in MDM platforms to add apps to allowlists or blocklists and to manage app deployments.
appsandroid
Password Policy A set of rules enforced by an MDM platform that defines the complexity, length, and expiry requirements for device passcodes. Password policies help ensure devices are protected against unauthorized physical access. securitypolicy
Private App An internal application that is not publicly available on the Google Play Store. Private apps can be distributed through Managed Google Play to managed devices within an organization, making them visible only to that organization. appsenterprise
Q
R
RBAC (Role-Based Access Control) A security model that restricts system access based on a user's role within an organization. In MDM platforms, RBAC allows admins to assign different levels of access such as view-only or full admin to different team members.
securityadmin
Remote Device Management The ability to monitor, configure, and control devices from a central platform without requiring physical access. Remote management actions typically include locking, wiping, pushing policies, and deploying apps. managementremote
Remote Lock A remote action that immediately locks a managed device, requiring a passcode to regain access. Used when a device is lost, stolen, or needs to be secured quickly without performing a full wipe. securityremote
Remote Wipe A remote action that erases all data on a managed device, returning it to factory default settings. Used as a last resort when a device is lost, stolen, or being decommissioned to prevent unauthorized access to sensitive data. securityremote
S
Screen Lock A security feature that requires a user to authenticate via PIN, password, pattern, or biometric before accessing a device. MDM platforms can enforce screen lock requirements and set auto-lock timers as part of a device policy.
securitypolicy
Self-Service Kiosk A purpose-built device or station that allows users to complete tasks independently without staff assistance, such as check-in terminals, ordering stations, or information displays. Self-service kiosks are typically managed in dedicated or kiosk mode. kioskdedicated
Sideloading The process of installing an app on an Android device from outside the official Google Play Store, typically using an APK file. MDM platforms can restrict or block sideloading to prevent the installation of unauthorized or potentially harmful applications. appssecurity
Silent Install The automatic installation of an app on a managed device without requiring any action from the user. Silent installs are triggered by the MDM platform and are possible because of the elevated permissions granted during enterprise enrollment. appsmanagement
Single App Mode A device configuration that restricts a managed device to running only one designated application. Used for purpose-built deployments such as kiosks, digital signage, or dedicated scanning devices. kioskpolicy
Single-Board Computer (SBC) A complete computer built on a single circuit board, containing a processor, memory, and I/O interfaces. SBCs are commonly used in IoT and edge computing deployments and may be managed through MDM platforms depending on their operating system. hardwareiot
SSO (Single Sign-On) An authentication method that allows users to access multiple applications or services with a single set of credentials. MDM platforms often integrate with SSO providers to simplify device enrollment and app authentication for enterprise users. securityauthentication
Supervised Mode A high-trust management state available on iOS and Android devices that grants the MDM platform additional control over the device. Supervised mode enables restrictions and management capabilities not available on unsupervised devices. iosandroid
T
U
W
Z