Accessibility Service with Managed Configurations not possible due to possible Work Profile bug?

tommed
Level 1.5: Cupcake

ℹ️This is my first post on these forums, so apologies if this is in the wrong place, or directed at the wrong crowd.

 

We have an accessibility service which we use for government agencies in the UK. We deliver this through a Private Managed Play Store (using their Organisation ID for sharing). It is delivered by their MDM, which is usually MS Intune.

 

One of our customers has asked us to provide support for Managed Configurations so they tie the device with the owner - information which can be provided into Managed Configurations via Intune variables , which seems like a great idea. However, I believe their may be an issue with the Work Profile and applications which offer an Accessibility Service - in that, when you install the app on the Work Profile (required to use managed configurations), our accessibility service does not appear in the list in the Settings menu.

 

If you install the app on the Personal profile, it does show. I suspect whatever container-isation (is that a word?) is at play on the Work Profile, is concealing the accessibility service from the settings menu and therefore it cannot be used.

 

Presumably this is not intended?

4 REPLIES 4

Moombas
Level 4.1: Jelly Bean

Even I don't know it really but i guess this is as intended as otherwise the work app would effect the personal profile which is not allowed (please correct me here if I'm wrong @Lizzie or anyone else).

tommed
Level 1.5: Cupcake

Hi @Moombas, that makes a lot of sense - I hadn't considered it in that way, thanks.

 

Although, if you put the accessibility service in the Personal profile and activate it, it sees the Work Profile fine, so if one doesn't work, the other probably shouldn't either! (Thankfully to us, it does)

 

I guess ideally it would only work against apps which are running in the same container, but given that it works in the public profile, it should probably work in the work profile too no? Otherwise companies cannot distribute these apps via their EMM.

Moombas
Level 4.1: Jelly Bean

No, i think it works as it should.

If the app is in work profile on private device (BYOD), work apps shouldn'T take affect on the DEVICE behavior which accessibility is part of.

If the app is on the personal profile this should affect the entire device (also the work profile regarding accessibility) as this is a system functionality somehow.

 

And yes i agree that such kind of apps won't work in BYOD. Not sure about COPE but definitely in fully managed (COBO).

Not sure if one of those is a possible use case on your end but otherwise you may need to provide it via apk/public maybe locked with a password/serial or similar.

tommed
Level 1.5: Cupcake

Ok thanks for clarification. Going back to my original post, does that we can't use Managed Configuration in our app? Or is there a way to use Managed Configuration, Intune variables and install the app on the Public profile? Thanks again,