Skip to main content
Comparing iOS and Android MDM Protocol Design Philosophies

This post is from the Apperian blog and has not been updated since the original publish date.

Last Updated Mar 11, 2014 — App Management expert

Comparing iOS and Android MDM Protocol Design Philosophies

App Management

Mobile Device Management (“MDM”) is an infrastructure protocol for executing privileged commands on mobile devices. At Apperian, we view MDM as infrastructure technology that enables administrators to take full advantage of features already included on devices. The MDM specifications are provided by operating system designers, for example Apple and Google, and include guides on how to implement them. MDM is not the silver bullet for enterprise mobility but one piece of many. Advanced Enterprise Mobility Management platforms such as Apperian EASE use MDM as one the technological approaches for securely managing and deploying apps to employee devices. The two dominant mobile platforms, iOS and Android, each have an MDM specification but they are entirely different.


  • Uses configuration profiles to define an MDM administrator
  • One MDM administrator per device
  • MDM commands use a well defined protocol over APNS (push notifications) and HTTP
  • Commands are executed by the operating system
  • Voluminous amount of MDM commands covering various aspects of the system
  • MDM command list is defined by Apple and works on all of their iOS devices

Android MDM

  • Uses an Android application as the MDM administrator, by requesting additional Android permissions
  • Multiple MDM apps are allowed per device
  • MDM commands are included as Android library functions. Deciding when to execute those commands (in response to polling, in response to a push notification, etc.) is left up to the MDM spec implementer (the programmers)
  • Commands are executed by the MDM app whenever it decides to
  • Small amount of MDM commands covering security features
  • MDM command list has been expanded by various manufactures using proprietary specifications (SAFE, KNOX, etc.)

The differences between Google’s and Apple’s design philosophies become apparent when looking at their MDM specifications. The most fundamental one is how MDM gets enabled. On Apple, a config profile is delivered and installed on the device. This gives a remote server additional capabilities. Apple views the MDM administrator as a miniature version of Apple themselves. For example, Apple retains the ability to execute all sorts of unique commands on your device, from location tracking (Find My iPhone) to deleting App Store installed apps off your device if a security flaw is discovered. The MDM administrator gets a subset of Apple’s command list to send to the device. The device recognizes the MDM backend as a privileged user (just like Apple), and executes those commands. Google sees MDM capabilities as app library functions to execute commands, enabled with the inclusion of additional Android permissions. For instance, when you install an Android app, the operating system explains what permissions the app wants. This includes access to contacts, location information, etc.

The MDM app has additional MDM permissions, such as device lock and device data wipe (factory reset). The large difference in the number of MDM commands also reveals philosophical differences. Apple provides over one hundred MDM commands, and are constantly adding new ones. The Google MDM spec has about ten, and over the past two years have only added two new commands. However, Google allows their device manufacturers to extend the protocol and add their own. Samsung SAFE has hundreds of additional MDM commands, from deleting apps to controlling which bookmarks are in the web browser. Similarly, Intel’s recently announced Device Protection Technology (DPT) Management Extensions provide another very large number of additional MDM commands. Apple likes to maintain full control of their software and hardware, while Google’s hands-off approach encourages their hardware partners to innovate. Who got their MDM specification “right”?

As it currently stands, Apple is clearly dominating. For customers that want full control over as many aspects of a device as possible, iOS has the most MDM features and is arguably a more secure protocol, as it’s well defined and relies heavily on security certificates for authentication. MDM vendors have little room for accidentally creating security flaws, even with sub-par implementations. Google allows each MDM provider to make up their own implementation, which allows for varying degrees of security. Google allowing their manufacturers to make up their own MDM specifications also encourages fragmentation, as each MDM vendor will have to write code to support each competing protocol. For example, engineers would need to write additional code to support SAFE devices, while adding a new iOS MDM feature automatically adds the feature of all iOS devices, if limited to Apple’s spec.

In any case, regardless of what devices your company wants to manage, Apperian’s industry-leading Enterprise Mobile Management platform simplifies the complexity of all these MDM nuances. Apperian combines MDM, App Wrapping, Mobile Dynamic App Policies, App Inspection, and App Deployment technologies to allow your company to take full control of your mobile app lifecycle and the mobile security of your organization. These capabilities are fruit of our own innovation as well as the extensibility of our platform that enables the integration of market-leading solutions from our partners, such as Mocana and Appthority. This post originally appeared on Carlos Montero-Luque's From the Office of the CTO on Monday, March 10, 2014.

More from the Blog

View more
Apr 30, 2020

Mobile Application Management: A Forward View

App Management
  IT Is Adapting in the Midst of the COVID-19 Pandemic The Coron ...
Read More
May 19, 2019

Sneak Peek: How Are IT Leaders Driving Mobile App Adoption?

App Management
Apperian conducted the The Mobile Enterprise Application Survey to fin ...
Read More
Dec 27, 2016

Predictions for 2017 - Where is Enterprise Mobility Headed?

App Management
The new year is around the corner and as we look back at 2016 it was a ...
Read More
Aug 02, 2016

Best Practices for BYOD Policies and Programs

App Management
This is the second blog post in a series providing guidance on rolling ...
Read More
Contact Us