User Profile
Alex_Muc
Level 3.0: Honeycomb
Joined 3 years ago
User Widgets
Contributions
Default browser app not resettable
Hey! We are currently testing a few apps in Work Profile, for which we need 2FA. The second factor is a FIDO2 token that can be used via NFC or USB. If you have a FIDO2 token with USB-C, everything is fine. But we also have some with USB-A. If you don't have an adapter, you're more likely to resort to NFC. Chrome supports FIDO2/NFC directly, which makes logging in quite easy. However, most web views cannot do this, and a passcode must be entered manually. The pure FIDO2 NFC tag basically contains a URL with the passcode. You open the webpage via NFC, copy the passcode, and enter it when logging in. So far, so good. However, we encountered a problem that prevents us from using the FIDO2 token via NFC in the Work Profile properly. There are default apps for different categories such as browser, wallet, caller ID, etc. If you need to launch one of the app categories and there are several apps available, you will be asked which app you want to use and just for once or always. The app preferences can be reset via the settings so that the query will reappear the next time. This works without any problems with “Home app,” for example. But the Default Browser? No. The Browser app default remains after the reset. Even if a browser was set as the default and was deleted, it will just switch to another app and won't ask. The problem with a permanently set default browser is that links from NFC tags are immediately opened in the personal space. If there is a copy & paste lock on the work profile, you cannot use the code. (Unless you type >40 characters) If you are asked for an app to open the URL, you can also select the browser in Work Profile. Can anyone reproduce this behavior? Or does anyone know if something has changed for the Browser-Default in Android 15/16? On a device running Android 13, resetting the app defaults works reliably. It doesn't seem right that the browser default cannot be reset properly with Android 15/16.Re: Food: Pizza guide
Wow! I'll try to follow the guide next time I make pizza. In my standard recipe, I use a little less water, but add a little olive oil. I'm already curious to see what the difference will be. 😀 I was surprised by the W values. I had never heard or seen them before in Germany. I always buy special flour and paid attention to the protein amount. I have used Type405 in the past, but you definitely notice differences with higher protein/gluten content. If you don't have more precise information, a flour with 12g protein / 100g should be quite suitable.Re: Tech Newbie interested in mobile cyber security, after multiple hacking events, seeking suggestions, tips, advice etc, to get involved.
Hey, we sometimes notice problems that could theoretically be exploited with some effort. However, we simply open tickets with the developers so that they can fix it. For ethical hacking, you should have a broad knowledge of networks, scripting, and operating systems. To encounter issues or vulnerabilities, one should think outside the box and approach topics in an unconventional manner. When I looked at CVE-2025-22442, I thought to myself, “Of course it's possible!” I just hadn't previously considered that the mechanism could be exploited. https://bayton.org/blog/2025/04/cve-2025-22442/ Scripting in particular is a very important tool. On the one hand, you may not be fast enough with commands yourself. On the other hand, you want to test various commands automatically. I have heard that forced application crashes can be an indication of security vulnerabilities. But first you have to find out how/whether you can exploit this for your own purposes. Presumably, one can learn a lot from old security vulnerabilities by studying how each vulnerability worked and how it could be exploited. When testing IT systems for vulnerabilities, you should first find out whether or not this violates any laws. If you encounter vulnerabilities in the future and report them, don't exaggerate. And certainly don't try to make it as media-effective as possible. They become media-effective all by themselves when the vulnerability is really significant. Very often, reports from white hats are very welcome and are usually taken seriously by companies. If you don't communicate on an eye-to-eye level, it can damage your reputation.Re: Question to Enterprise Factory Reset Protection
We had a few discussions about the EFRP. I can't think of any KB articles specifically related to the changes in Android 15 at the moment. problematic re-enrollment following smartphone reset under Android 15 | Android Enterprise and ChromeOS Customer Communities - 12217 All accounts must be Google accounts, but no additional rights are required in the accounts. If FRP is triggered, you must log in locally on the device with one of the accounts to unlock it. You can specify multiple accounts. How/how many accounts you configure the FRP policy depends on your workflows. You can definitely use secure passwords and 2FA for your accounts. But remember: you have to log in to your accounts directly on the device. If you frequently use devices with FRP enabled, extremely long passwords could become a pain.Re: Need explaination of following feature implementation for AER -3.19. Application track management
What is your role? EMM customer or EMM developer? What exactly do you want to do or achieve? The AMAPI documentation on test tracks: https://developers.google.com/android/management/apps#distribute_closed_tracks_to_users If there is no release available in the test track (e.g. stopped or promoted), there is a fallback to the productive app version. I know of two types of feedback: Check the installed app version (However, this requires knowledge of whether the reported version number comes from a test track) If there are multiple assignments for an app: A list view of the devices to which the app is assigned. A column with information about which assignment (or track) is used. However, this information does not guarantee that an app from a test track is currently installed.Re: problematic re-enrollment following smartphone reset under Android 15
To all customers with Omnissa WorkspaceONE: Factory Reset Protection can be disabled for devices. The configuration does not help with devices that are already locked. But it does help prevent devices from ending up in FRP. Requirements: Android 11 or higher WS1 Hub 24.09+ CustomDPC (not AMAPI) Currently, a profile with custom settings must be created for this purpose. Custom settings: <characteristic type="com.airwatch.android.androidwork.app:com.google.android.gms" uuid="352d91a3-c4de-4821-b01d-f450ca474ba5"> <parm name="disableFactoryResetProtectionAdmin" type="boolean" value="true"/> </characteristic> Source: https://docs.omnissa.com/bundle/android-device-managementVSaaS/page/AndroidProfilesCustomDPC.html#disable_factory_reset_protectionRe: [Feedback] App installs: share your experiences & suggestions
I agree with the others, especially on those points: App versions can be managed per MDM App-Op Permissions can be allowed for Work Managed per policy We primarily use COPE devices and prohibit sideloading, as this is one of the highest security risks. A few users are bothered by this because they would like to install apps from the F-Droid store in a private context. At the end of July, a “southern German” newspaper wrote about european (/open source) solutions. Almost half of the article was about Google Play (vs. F-Droid) and Android (vs. e/OS). Unfortunately, the article treated “open source / data protection” as synonymous with “security” and made some interesting statements like "Safer app store: F-Droid instead of Google Play". When people read something like this, they tend to believe the statements at first and don't question them. Currently, sideloading can only be generally allowed or prohibited. If you wanted to offer alternative app stores, you would have to be able to whitelist individual apps for sideloading/app installations. However, this still presents a chicken-and-egg dilemma, because the store itself must first be installed via sideloading. This installation in particular must be trustworthy, otherwise someone could slip in a manipulated app and cause a lot of damage. I can't think of a good solution, but we keep getting questions about the F-Droid store. I get why people want open source apps without tracking or ads. But for security reasons, we always have to say no to these requests.Re: Play Store number of downloads counter
In addition to the lack of insight into real installs for developers, I see another problem. A low number of downloads also sends a signal to companies that want to use apps like this. “What, only 45 users? Maybe we shouldn't buy such a niche product. Who knows how long it'll be supported if the developers aren't making any money.”Re: problematic re-enrollment following smartphone reset under Android 15
I'm a little late to the party on this one. Android 15 introduced changes to Factory Reset Protection. With Android 15, FRP has been integrated “deeper into the system.” In the past, the setup wizard took care of FRP, but it could be circumvented by third parties with a few tricks. The FRP can be seen in the photos in the post. It can be recognized by the lock icon in the upper left corner. Enhanced Factory Reset Protection in Android 15 | Android Enterprise and ChromeOS Customer Communities - 9493 Up to and including Android 14, KME was able to remove the FRP. The KME client removed the FRP flag from the device before enrollment when resetting the device. This no longer works as of Android 15. Before Android 15, it was ideal that a tool for automatic business enrollment could remove these tags. Now, FRP protection must be enforced with admin accounts via MDM policy, otherwise you need the device passwords that users had assigned. Although the FRP only intervenes when devices are reset to factory settings via unusual methods, unfortunately, devices are often returned in a switched-off state, still enrolled, and unable to be reset via normal methods.Re: How do we see apps whose work profile consumes battery?
furkaneroglu I checked on various Samsung devices with Android 15, 14 and 12. In fact, I don't see any work apps in the Battery activity. Only apps from the primary user are listed. I thought I once saw Work Apps (grouped together as “one app”) in the activity. But that may well have been with even older Android versions or another OEM. Google Pixel devices list all apps with battery usage in the battery activity. (Pixel 4a / Android 13, Pixel 8a / Android 16)Re: InTune Android connection "unexpected error"
I recently created a Google account with one of our email addresses for an Intune test. Apparently we have a Managed Google Domain, which I don't have access to. During the Managed Google Play setup from Intune, I was able to enter the email address. Then I had to enter Android Enterprise as a subscription and assign a password for the “new” account. In my case, the (managed google domain-)account creation then fails and only then can I perform the old registration without a Managed Google Domain. With an external account apart from sdube_idc's domain it should probably work.Re: Reverting Play Store Layout After Using Collections in Intune
If an EMM provider uses the EMM API, they can directly modify the store layout for the customer. As far as I am aware, AMAPI does not currently offer this option. Microsoft would therefore have to open a ticket with Google for the customer with the OrgID so that the layout can be changed. At least that is the official way. For my taste, Microsoft too often refers customers directly to Google, because as an EMM vendor they are always the point of contact for support requests. On this topic, I can really understand if an EMM vendor doesn't want to open a Google ticket for every store layout change. In the long term, I would see the topic as a feature request for the MGP Collections: Customize the StoreLayout yourself in the iFrame.Food: Sushi Guide
Two months ago, the community members were asked HERE about their favorite food. 🍕Pizza was the clear winner! But nobody said anything about 🍣sushi. Because it's expensive and far too complicated? No, sushi is not that complicated! 🤩 A few years ago, I bought a “sushi box” with all the basic ingredients. Just buy some vegetables and fish and you're good to go. So I dared to try it with two friends and... the result was pretty adventurous. There were no instructions or tips in the box, just ingredients and tools. Although we did almost everything wrong, I didn't let that daunt me. I picked up tips here and there and experimented myself. Anyone can prepare good sushi - with a little patience. With a little practice, perhaps even at the first attempt, you can make much better sushi than what you can buy in the supermarket. This guide will focus on Maki and California rolls (“inside-out rolls”). Main ingredients and tools 1 Salt and sugar to flavor the rice 2 Nori sheets For the sushi rolls 3 Rice vinegar to flavor the rice 4 Sesame Decoration and extra flavor for California rolls 5 Wasabi For seasoning and extra spiciness when eating 6 "Sushi" Rice The main ingredient for sushi 7 Soy sauce For that extra taste when eating 8 Sushi rolling mat Tool for rolling. (left is my favorite, but right is fine) The ingredients often keep for several months. The spiciness of wasabi decreases over time. The packaging of nori sheets often contains silicate packets to prevent the nori from attracting moisture after opening. If you buy “sushi rice” in the supermarket, you are on the safe side. But it should mainly be short-grain rice. Pudding rice is therefore also very suitable. 💡 On the left is pudding rice, on the right sushi rice. You need to cut the nori in half for maki and California rolls. The best way to do this is with clean kitchen scissors. 💡 The nori have a flat and a rough side. The rough side is for the rice. Popular, fresh ingredients I definitely recommend Japanese mayonnaise from Kewpie. It gives maki with avocado or cucumber an extra kick. I also much prefer to use this mayonnaise in California rolls instead of cream cheese. 💡 Cucumbers are a classic for maki! Quarter the cucumber lengthwise. (1) Then remove the inner, softer part (2) and cut the quarter in half again. (3) The diameter of these eighths is ideal for maki! Avocados are perfect for makis and especially in combination with salmon. Salmon is great for makis and California rolls. You can also experiment with other types of fish. Personally, I sometimes find tuna too sour. Cook and flavor the rice If you have a rice cooker, sushi is even easier (and faster!). The rice/water ratio for a rice cooker is 1x rice to 1.5x water. If you have to use a cooking pot, it is best to follow the instructions on the rice pack. You should rinse the rice 2-3 times before cooking Sushi rice is cooked without salt. How much rice you need to cook depends on the number of people and how hungry you are. These are my approximate recommendations per person: Small 100g rice Medium 150g rice Large 200g rice As soon as your rice is cooking, you should take care of the most important part of sushi: The seasoning for the rice. After all, sushi directly translates as “sour rice”. 💡 The seasoning really plays a key role in whether the sushi tastes good or bland. You can experiment with more or less flavor, but the amount is my personal recommendation. 😃 100g Rice 200g Rice 400g Rice Rice vinegar ~14,6g ~29,25g 58,5g (= 4,5 tablespoons) Sugar ~10,5g ~21g 42g (= 3 tablespoons) Salt ~1,3g ~2,6g 5,2g (= 1,5 teaspoons) Simply place the ingredients in a bowl and mix for a few minutes until the salt and sugar have dissolved in the vinegar. Add the liquid to the rice as soon as the rice is done and stir everything very well. The rice must now cool down. Do not try it in the fridge! (This does not work well 💡😅) Spread the rice evenly on wooden or cutting boards. The rice will then cool down relatively quickly. As soon as the rice is no longer warm, it can be used. Let's roll! Maki Lay the mat down so that the cords are pointing upwards. Place the nori almost at the bottom of the mat. Place the rice on the rough side of the nori. Prepare a bowl of water. You can use the water to moisten your hands so that the rice doesn't stick to them as much. Spread the rice thinly and evenly over the nori The upper edge must remain free at least as thick as a finger Now add the filling to about the middle of the rice. (If you fill the maki too full, you won't be able to close it! 😀 ) Tip for fish: Take some wasabi on your finger and spread it on the rice where the fish is lying Tip for vegetables: Add a little mayonnaise Wet your finger and moisten the nori on the top edge where no rice has been spread. Now roll up from the bottom with both hands. Fold in to where the rice ends. (So don't roll it up completely!) Then carefully press the maki tight. Then roll the pressed part over the moistened area. California Rolls In a California roll, the whole nori is covered with rice. Additional rice is added to the top edge. Then turn the nori over. If rice falls off the top edge, you can stick it back on. You can easily get three times the content of a maki in a California roll. Now roll up from the bottom with both hands. Then carefully press the roll tight. Then let it roll in the mat, to get a round shape. You can then roll the roll in sesame or sprinkle it with a teaspoon. Cut it! No matter if Maki or California Roll: Cut the roll in half Lay the two pieces parallel divide the pieces by three and then place them upright That's it! The process may seem like a lot, but it's actually quite simple: Cook the rice Flavor the rice Cut the fresh ingredients roll cut You need the most patience when rolling because of the sticky rice. And with a little practice, you will become more skillful and faster 😀 150g of rice is enough for about 3 maki and one California roll. 🍣 Have fun trying it out. 😎Re: [Fixed] Outage impacting Managed Play and Android Managed API
Oddly enough, 8 hours before the outage yesterday, I was asked if there was any information online about the health of Managed Google Play or Android Enterprise. I have referred to the Google Cloud Status Page: https://status.cloud.google.com/index.html Because if there are major problems with Google Cloud, MGP and AE will probably also be affected. I didn't want to open a separate topic for this, but coincidence is ideal. Hence the question: Is there a health check of Android-related services? (ZeroTouch, MGP, etc.) Samsung has something like this in case there is a problem with KME, for example: https://status.samsungknox.com/Re: Managed Google Play API Error
Nico47 I wanted to make some basic Android configurations for an Intune PoC today. During the Managed Google Play setup, the redirect from the Google EMM registration to Intune failed twice. (on Intune's side) After some time, the setup in Intune was suddenly done after all. In the end, I couldn't continue testing because I couldn't select an app in the iFrame. Intune simply doesn't do anything after you select an app. To me, it looks more like Microsoft has problems with Intune/AndroidEnterprise. But regardless of my experiences today, there is one fact: Microsoft has to look into the problem and then open a ticket with Google if necessary. This is - officially - not the job of EMM customers. Please remind them with the link here: https://support.google.com/work/android/answer/10107746?hl=en And please do not remove your Managed Google Play registration in any case. This will only cause more problems and you will end up having to re-enroll all devices.Managed Google Play Collections
The Managed Play Store and the Google Play iFrame play a major role in Android Enterprise Management and the Collections are important for managing and displaying apps in the Managed Store. Basically, the collections work well, but I also see room for improvement there. These would not only be useful for admins, but also for users. But first a step back: There are two different layouts: Basic and Custom. A collection (or ‘cluster’) can have up to 100 apps. Basic is a single collection Custom allows up to 30 collections Easier sorting in the iFrame The apps are sorted in the iFrame using arrows next to the app icons. Especially with large collections, it becomes a task of patience when an app has to be sorted to the back. A drag & drop feature would make customisation much more convenient. Backup / restore of collections A restore function for collections was asked for in another topic. In addition to ‘edit’, ‘delete’ and ‘duplicate’, “export” and ‘import’ would also be useful in the iFrame. (see above screenshot) Collections could be backed up and restored in this way. Be it to have only one backup, to configure a collection in a test environment exactly as in the production environment or to design a collection externally with tools and then upload it. (e.g. manual customisation of the json data of a backup) More variation for collections in the custom layout In the ‘Custom’ store layout, the collections are displayed one below the other. The mixture of vertical (between the collections) and horizontal (within the collection) scrolling can become somewhat confusing. In addition, you cannot recognise at first glance whether it is a very large or rather small collection, as usually only 3 apps are displayed. As long as you don't have many apps, the basic store layout is often much cleaner. It could therefore be useful to define a number of (app) lines per collection that are displayed in the MGP. (with 1 line as default) Or an option where a collection is displayed completely in MGP instead of scrolling sideways. There are different types of collections in the normal Google Play Store. It would be useful to be able to choose between the different variants. (See ‘Popular apps’ / Business tools") Do you have any other ideas and suggestions for MGP Collections? 😃Re: Intune Managed Google Play Store Risk
With the EMM API, something like this might have been achievable. But on the one hand, as a cloud customer, you won't have direct API access for your environment. Furthermore, I would not recommend deviating from the iFrame under any circumstances. I like the idea of importing/exporting Google Play Collections. 😄 Especially with larger collections, I would export the collection temporarily, add a new app at the end and then import it again. Especially with large collections, you might have to click a lot to get an rather unimportant app to the end. Import/export would fit in well with edit, delete and duplicate.Re: Using paid apps in corporate environments
A few weeks ago, we had a meeting with a small developer from which we'd like to use a purchase app. I mentioned three possibilities in the Meeting: Switch from the buy model to in-app purchases, since paid apps cannot be managed. Implement an app config, where a volume license can be specified and checked by the app backend to unlock the app. Provide APKs that are distributed via MDM. Upload an alternative, free private app in the Play Store that is explicitly assigned to users or company IDs. Points 2 and 3 have significant problems. Not every MDM can distribute APKs directly. In addition, there is no useful overview for developers as to whether customers are exceeding their purchased licenses. In addition, the developer must also distribute the app via alternative channels or regularly invest additional effort. An AppConfig+volume licenses is the best option. But even here, a developer has to put in a bit of effort. Be it to put content behind a paywall or to build in a mechanism for license verification. The topic of paid apps is something that “the other brand” is very good at. It would be nice if there were improvements in the Play Store in the future. 😀
