4

I was going through the new Android Management API.

Now, Google has their own app called Android Device Policy which acts as an MDM app but MDM apps don't require a factory reset but why do we have to factory reset the device when enrolling with AFW using Android Management API.

Can't the Android Device Policy be manually installed and set as the device administrator?

Andrii Omelchenko
  • 13,183
  • 12
  • 43
  • 79
Thunder Kay
  • 143
  • 13

3 Answers3

2

May 2019 update

Now Android Management Api and Android Device Policy (the Android app that acts as DPC) supports both Work Profile and Device Owner modes. There are also more enroll methods, one of the most easy is using QRs.

To manage the devices, create/assign policies, etc. you can interact with the API just with Google API Explorer but it's better to use an EMM console of sort. I'm working on a very simple interface, I think I'll publish it on Github when ready.

I've tested only with a Samsung A5 2017 with Android 8.0.0 and an Android 9.0 device...not an extensive tests suite!

Punkman
  • 554
  • 6
  • 15
  • well i have a question does android management api enrolls chrome devices? – twana eng Apr 15 '20 at 14:33
  • 1
    As far as I know, you cannot install the "Android Device Policy" app on ChromeOS so I think the answer is no. To enforce policies on Chromebooks you can use the "Google Apps Device Policies". I don't have access to a Chromebook at the moment and I didn't tested it extensively in the past so take it with a grain of salt. – Punkman Apr 15 '20 at 14:45
  • i am working on my custom MDM for my compnay . I have few questions. Do u have few minutes. I will be very grateful – twana eng Apr 15 '20 at 14:47
  • all the MDMs which entertain chrome devices too. How does they enroll chrome devices. Do you have any idea – twana eng Apr 15 '20 at 14:54
  • 1
    Sorry but I'not an expert with ChromeOS and in general with MDM solutions. Almost every MDM vendors use custom DPCs that use the APIs exposed by the OS (at least for Android devices, iOS has an integrated way and receive the settings from EMM via APNs). I think that ChromeOS has got some sort of API for the management but I think it's not public. If you search for Chrome Enterprise management is described but there are listed only "selected EMM providers". Or simply they use some sort of bridge through GSuite that allows managmement of Chrome devices. – Punkman Apr 15 '20 at 15:39
  • ok thank u for your valuable information but when we enroll a android mobile device through android management api where does this actually data stores. When we want to fetch the list of devices we get the devices but from where does this data coming from? Where is actually data stored ? – twana eng Apr 16 '20 at 07:49
  • Do u have any idea of report and directory api – twana eng Apr 16 '20 at 14:51
  • Surely the data is stored on Google's server because they provide the Android Management API. All the operations are done with that API, check enterprises.devices.list to get a list of devices after you have enrolled an Enterprise https://developers.google.com/android/management/reference/rest/v1/enterprises.devices/list – Punkman Apr 17 '20 at 15:37
  • I have enrolled the devices with dpc enrollment but what i am not able to understand nfc enrollment yet. I need your guidence – twana eng Apr 17 '20 at 16:35
1

The Android Management API currently only supports the Device Owner mode, which has to be set during device setup after factory reset.

The Device Administrator mode, which doesn't require factory reset, is not supported by the Android Management API (at least not for now). You could manually set Android Device Policy as a device administrator but you wouldn't be able to use the API to manage the device.

Device Owner was introduced in Android 5.0, it gives much more capabilities than Device Administrator but requires factory reset as a security measure to prevent someone from taking full control of an existing device and its data.

Fred
  • 2,191
  • 1
  • 12
  • 14
  • What are the advantages of device owner mode over device administrator mode? – Thunder Kay Dec 08 '17 at 09:50
  • Device Owner mode gives full control of the device, you can control almost everything, for example: lock the device on one or multiple apps, control WiFi, Bluetooth, roaming, accounts, app configurations, etc. – Fred Dec 08 '17 at 11:38
  • Why can't the Settings app act as a device administrator like it does in iOS? – Thunder Kay Dec 10 '17 at 11:40
  • I am trying to impliment the Device owner mode using Android Management API without using another Work Profile.How to do that? – Suvarthee Chakravarti Apr 18 '19 at 10:03
0

Currently Android Management API only supports "Fully Managed Mode" & "Dedicated Device". Google has merged the work profile in these in such a way that it doesn't look from UI that is has two modes in it. So, for these two mode works only for Factory reset or First time boot only.

Vinith Jain
  • 35
  • 1
  • 8