I've had to provide secured smartphones to an organization, and unfortunately they needed to use Android devices for a specific mission critical application.
iPhones are easy to setup and hard to fuck up. You use DEP and it arrives from the factory with a signed profile for your organization. You deliver it to the user, they sign in, and the MDM takes it from there.
With Android, forget it. They were at the time using LUKS for FDE, and there's no segmentation in the OS. So you need need a third party container solution (either from Samsung or another vendor) to protect your data. So you need a pre-boot password, device passcode, a container password, and possibly more. It's a real shitshow.
Apple lets you take the same level of control that a company would have for free with the Configurator app as well.
iPhones are easy to setup and hard to fuck up. You use DEP and it arrives from the factory with a signed profile for your organization. You deliver it to the user, they sign in, and the MDM takes it from there.
With Android, forget it. They were at the time using LUKS for FDE, and there's no segmentation in the OS. So you need need a third party container solution (either from Samsung or another vendor) to protect your data. So you need a pre-boot password, device passcode, a container password, and possibly more. It's a real shitshow.
Apple lets you take the same level of control that a company would have for free with the Configurator app as well.