[Community survey] Android App Management features and security
Hello everyone, We've had a couple of surveys this month, so I hope you don't mind another. Here in the Customer Community, one of our most popular topic areas is on app management, so I'm hoping this survey is an interesting one for you all. 🤞 It would be great to hear your thoughts and ideas on ways you would like application management features and security to develop further. If you have a spare moment, please take the short survey below and if you have any additional questions, please to reply to this topic below (by clicking 'Reply'). All of the feedback will be passed over to our Product team. Feel free to share this with any colleagues or others working in this area, as it would be great to get a good amount of feedback around this. Thank you in advance for taking the time to do this. 😀 Lizzie Loading… Interested in other surveys? It would be great to hear your feedback on AE secure logs.
[Enhancement Request] Allow push notifications during OOBE setup process
Android does not allow any push notifications during the OOBE (out of box experience) setup process. This presents challenges during Intune enrollment because we require users to satisfy MFA (SMS or MS Authenticator) in order to complete Entra AD device registration and device enrollment. The inability to receive push notifications on the new Android they are configuring requires users to configure their MFA on a secondary device before starting the setup of the new device, or obtain a temporary access pass from our Security Team. If OOBE supported push notifications it would resolve this and provide a much simpler and easier enrollment/user experience.
(COPE) Hide app in work profile
Hello, I have a small case I'd like to submit to the community for help please. A customer use Mobile Iron, and use Zero Touch to enroll our Android 14 products. In their DPC extras, they enabled the system apps and need to keep that way: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "workProfileEnabled": true, "quickStart":"true" } Now after the device is enrolled, the Work profile is filled with bunch of apps including unwanted ones like Netflix, Adobe, YT kids, ... From Mobile Iron, they want to hide/disable some apps, using "setApplicationHidden" but it doesn't work. At OEM side, we tested this API with the Test DPC and it works properly. My thinking was that as we are in COPE, and the apps that the customer wants to remove are from the Personal space, then this is not working as the MDM cannot interact with Personal space content. Does this make sense? Are there a way to hide the unwanted apps from the Work profile, despite having "leave all system apps" enabled from the ZT DPC extras? Anyone has any suggestions please? Thanks!
Enhancing Android Enterprise OS Update Management
Hi, The way the Android API implements OS update management on Android Enterprise devices is not particularly useful for devices with user affinity. Are there any upcoming API changes for EMM solutions like Microsoft Intune? From my experience with the current API: AUTOMATIC – The OS update is installed as soon as it becomes available via OTA, which is not practical for real-time scenarios. WINDOWED – Similar to AUTOMATIC but with the limitation that OS updates can only be installed within a defined maintenance window. This means that if a user needs to update their device due to a software bug fixed in the latest OS version, they may not be able to do so immediately if the maintenance window is set outside working hours. Source: https://support.google.com/work/android/answer/13791272?hl=en#zippy=%2Cmanaging-system-updates-using-system-update-policies Suggested Improvements: Provide an option to control OS updates on BYOD (Work Profile only). I understand that when enrolling a device through Work Profile, only the work container can be managed via EMM. Google may need to reconsider this approach. It would be beneficial to have an approach similar to Apple’s, where EMM admins can manage OS updates (e.g., push specific updates, set deadlines, etc.) through DDM (Declarative Device Management - Source: https://support.apple.com/en-gb/guide/deployment/depc30268577/web ), even on BYOD devices (Device Enrollment) — without requiring supervision like DO (Device Owner mode). I’m aware that Samsung Knox E-FOTA exists, but it is limited to Samsung devices. Expanding this capability to all Android devices (like Google Pixel devices) would greatly improve update management in enterprise environments. BR, Marco
requirements for provisioning an app on android 13
I have an app that I designed private for my company .... which gets permissions imei android ID block the use of factory restore unlock OEM unlock lock and unlock screen kiosk mode , and I install it by adb command and work perfect with all devices I have more than 170 devices made in this way and takes a lot of time , I would like to provision my app and placed as device owner through the QR the problem is that I do not know how to do it correctly try many things I saw on the internet , like for example the signed app get the sha256 from the apk and pass it to base64 make the json but I don't understand if I have to configure something else in the app for the provisioning I tried to scan a generated qr with everything correct and it didn't work it says contact your IT support for more information if someone can guide me it would be great, android 12+ a friend sent me some java and kt files for provisioning that worked for him, but for my app it doesn't work. my app has no icon because I need to pass silently and already does but as I say the problem is that I do not know if I am missing a file or a specific configuration I am missing only this and I would be grateful if someone can help complete it or guide me, I saw options like google workspace but I could not modify the block screen to be customized, try with the api google managament android and also does not let you create the company by command then I'm desperate and do not know what to do Thanks for read
Audio management in Android Enterprise
From the feature list in Android Enterprise from https://developers.google.com/android/work/requirements#4.25.-system-audio-management_1, I want to discuss the feature 4.25.2. IT admins can prevent users from modifying device volume settings (go to adjustVolumeDisabled). This also mutes the devices. In theory a very good feature, in certain areas when you want to block users from either changing the volume to silent or the other way. Our goal was to use with Samsung Service Plugin where you can set the default volume, but since blocking the volume buttons on the phone, you are also stuck with a mute device. So my feature request would be to have the feature without muting the device.
Enabling Location Accuracy via EMM
Hi, Does anyone know whether or not it should be possible to turn location accuracy (within location services) on via EMM on a Fully Managed device? Or is it a decision placed in the hands of the user for privacy reasons? We use WS1 - there is a "high accuracy" setting in the restriction profile but the wording on that seems to correlate with Android 4.4-8.1 when you look at this document - https://support.google.com/nexus/answer/3467281 It feels as though "high accuracy" and "location accuracy" are two seperate things.ZTE don't enroll the device
Hello, I using ZTE to enroll all of our Android devices into our MDM Meraki. But I've noticed that I have to perform a manual action each time to complete the enrollment : Why ZTE don't enroll automatically the device into my MDM ? Regards, **Code hidden for security reasons
