Questions Regarding Fully Company-Owned and Managed Devices with AMAPI
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I have a few questions regarding the capabilities and limitations of AMAPI for fully company-owned and managed devices:
Granting System-Level Permissions:
- Is it possible to grant system-level permissions (protected permissions) through AMAPI? Alternatively, can the companion app be converted into a system app via policy?
- Use Case: Enabling call recording, which requires the CAPTURE_AUDIO_OUTPUT system permission.
- Current Solution: Rooting the devices and making the app a system-level application.
Granting Special Permissions to Applications:
- Can special permissions like AppUsage, System Alert Window, Notification Listener, Full Storage, Screen Capture, or Accessibility be granted via policy?
- Use Case: Features like monitoring, productivity analysis, and remote control rely on these permissions.
- Current Solution: Using su commands and an extension app to manage these permissions.
Enforcing Default Applications:
- Is there a way to enforce and set default apps (e.g., default dialer / phone) via policy?
- Use Case: Setting a specific default dialer for call recordings.
- Current Solution: Disabling all other dialers or setting the default app using accessibility (automation) if not already set.
Disabling Wi-Fi/VoIP Calling:
- Can policies enforce turning off Wi-Fi or VoIP calling?
- Use Case: Calls made via Wi-Fi are not recorded unless the call uses the telephone network.
- Current Solution: Checking and disabling Wi-Fi calling with a READ_PRECISE_PHONE_STATE elevated permission through the system companion app.
Freezing System Updates:
- Is it possible to indefinitely freeze system updates via policy?
- Use Case: Preventing loss of root access caused by system updates.
- Current Solution: None, span freeze period during predicted high traffic and sales.
- Device ID:
- How can the device ID be retrieved from an enrolled device?
- Use Case: Improved authentication mechanisms.
- Current Solution: AMAPI appears to use the GSFAndroidID as the device ID. This identifier is relatively easy to extract and requires the READ_GSERVICES permission.
Any insights or suggestions regarding the above use cases would be greatly appreciated!
0 REPLIES 0
Related Content
- [Day 3] Community festival: The AI Renaissance: Building us up & making us laugh in General discussions
- Confusion on Android Enterprise / Intune in General discussions
- [Community survey] Android Enterprise training / certification in General discussions
- Device Check-in and Status Report Frequency in Android Enterprise in General discussions