Auto factory-reset AMAPI issue

JilaniShaikh
Level 1.5: Cupcake

We are facing auto hard reset issue on multiple Android manufacturer like oneplus xiomi samsung redmi oppo vivo. We are android gold partner and managing more than 7lakh plus devices via zero touch enrollment and tried contacting enterprise support but getting no proper resolution. can some one please help to find what is the reason behind auto hard reset. 

8 REPLIES 8

Moombas
Level 4.1: Jelly Bean

Auto hard reset normally only occurs if devices are enrolled without using Zero-Touch after 2 hours but as you describe it, it happens at your end to already and long time enrolled devices?

MagicLocker
Level 1.6: Donut

We have validated our policies and other given factors also the devices which are in fully compliance are getting hard reset. We can see in GCP console in Android Management API device.delete command is getting call'd in bulk below is the screenshot for reference

AVCos.png

MagicLocker
Level 1.6: Donut

But not able to figure out from where and why delete method got triggered

jasonbayton
Level 4.0: Ice Cream Sandwich

I saw similar when I was trying to handle duplicate device records, have you isolated all calls to device.delete in your codebase and ruled them out?

MagicLocker
Level 1.6: Donut

We removed and commented out "device.delete" method from the plugin's code. Despite removing the method, mass hard resets continue to occur.

 

But disabling the associated service account stops these reset requests. Re-enabling the service account results in the resumption of the "delete" API executions.

 

Now not sure how to get out of this. Just curious to know do DPC android app has a control to execute device.delete command. And who else other us can execute device.delete command with our service account.

 

Below are the few this which i'm suspecting.
1. zero touch
2. DPC Google Mobile App

Moombas
Level 4.1: Jelly Bean

Zero-Touch will only execute factory reset devices when not enrolled using Zero-Touch during enrollment but devices have an assigned configuration in the Zero-Touch-Portal (ZTP). This happens as soon as a device get'S a internet connection and receives that information. Then you have up to 2 hours before a wipe is forced.

I can't say anything to the Google DPC app, as i never used it yet.

If you enroll devices inta an MDM, every user with access to the MDM and relevant permissions in it can send a wipe to (a) device(s).

Minkhant23
Level 1.6: Donut