Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Sep 16, 2019
6 min read
Google’s Device Admin (DA) API was made available in Android 2.2, back in the year 2010, to provide enterprises with a device management solution. Almost a decade later, with the release of Android 9.0, Google announced the deprecation of some of the Device Admin policies. What has changed so much over the years that these policies are going to be entirely scrapped with the release of Android 10.0?
Well, enterprise requirements have changed drastically over these few years due to increased use of mobile devices, both for personal use and for work. With organizations handling more and more confidential resources, the hard-lined approach of DA which seeks entire administrative permissions to manage a device poses a huge security risk. The number, kind, and needs of devices have evolved so much that DA falls short to meet them all.
Ever had an app seeking admin permissions in your device? Were you too apprehensive about switching the toggle? So, you’ve met DA indeed. Good thing you never switched the toggle. Had it been a malicious app trying to sneak into your device, your device would’ve been as good as dead.
Device Admin APIs are quite powerful and are used to create admin apps that users can install on their device. The app enforces the desired security policy, like a password, on the device. The user must install the app and allow admin permissions for the restriction to take effect on the device. Otherwise, the app simply remains dormant. Device management apps, security apps, email clients and even malware make use of DA policies. If malware is given admin permissions, it can easily tamper with your device and data.
Some of the policies supported by device admin APIs are
So, this is how device management using DA works
There are several drawbacks associated with DA.
Now let’s see what’s being nipped off.
In Android 10, these policies will be marked as a SecurityException when invoked.
With Android 5.0 Google released its Android for Work API, now known as Android Enterprise (AE), as an effort to offer better device management features and meet enterprise requirements. Has this effort led to fruition? Yes! Android Enterprise brings with it a fully-fledged management solution for enterprises.
Behold! AE brings to you …. The Work Profile and Device Owner!
If you are currently managing your devices by having them enrolled into an EMM which uses DA, pack your bags! now is the time to migrate your devices. With the deprecation, EMMs will not be able to manage your Android 10+ devices using DA. Hence, it will be long gone and soon AE will be the default device management program supported by EMMs. So, move your devices if you are targeting Android Q features, out of DA and into AE now, to have them managed smoothly in the future.
You must be having cold sweats by now. Fear not! help will be provided in every step you make towards AE.
First, evaluate your enterprise requirements, map them and then adopt either one or both the migration strategies suggested by Google. They are called as Big Bang and Phased adoption.
Your personal devices can be set up with a work profile and company-owned devices as fully managed devices. For this, you’ll need an EMM provider that best suits your needs. You will also need a corporate Google account to set up managed Google Play.
Don’t forget to test your requirements before you finally deploy.
The steps you’ll need to follow are right here.