Flashing a custom ROM to an Android device with Hexnode MDM as a system app is a foolproof method of enrollment. This enrollment method is used by Enterprises collaborating with OEM vendor. Here, a device is manufactured with specially configured ROM (Android firmware) with all permissions and privileges granted to Hexnode MDM. This device will be automatically enrolled in Hexnode MDM when the user powers on the device for the first time. Hexnode will act like a normal system app in this device.
Step 1: Setting up the Android firmware
This process needs to be carried out by the device manufacturer.
Setting up Hexnode MDM app
- Build your own custom ROM using Android Open Source Project (AOSP) or download one tailored to meet your needs.
- Edit the ROM image and copy Hexnode MDM APK to the system/priv-app folder.
- Within the ROM image, grant the following permissions for Hexnode MDM app:
- Usage Access
- Draw Over Other Apps
- Modify system properties
- Camera, contacts, phone, storage and location access permissions
- Set Hexnode MDM as a device owner
- Set Hexnode MDM as a Device Administrator
- Block deactivating Device Administration for Hexnode MDM app
- Set Hexnode MDM as the default launcher (Home app)
- Turn “Install from Unknown Sources” option On by default.
[Optional] Installing Hexnode Remote View
To enable Remote View, make sure Hexnode’s Remote View app is installed on the device.
[Optional] Setting up Vendor-specific service app (Recommended)
Hexnode MDM might call in for additional permissions as newer features are released.
To supply these permissions to Hexnode MDM automatically, we recommend Hexnode System Agent app to be signed by the OEM vendor.
Make sure that
- The Hexnode System Agent app is set as a Device Administrator, and
- The ability to remove Device Administration is blocked for Hexnode System Agent.
Place the Hexnode service app in system/priv-app folder.
Step 2: Installing configuration file
Before moving on, let’s see what happens when the device is turned On for the first time after this set up is complete. The device starts up in ‘Lost Mode’ with nothing but several options to connect to the internet. While in ‘Lost Mode’, the users are restricted from accessing anything else on the device. The device gets enrolled in Hexnode MDM once the device establishes a connection with the Hexnode MDM servers over the internet.
Let’s head back to the original topic. Here’s how to install the configuration file to the device:
- Open your Hexnode MDM portal and navigate to Enroll > Platform – Specific > Android > Android ROM / OEM and click on Generate a new configuration file button.
- Provide a password at the bottom of the screen. If the user finds a way to get past the ‘Lost Mode’ without connecting to the internet, this password can block that attempt.
- Download the ROM configuration file by clicking on the Generate a new configuration file button just below the password field.
- Copy the file hex_rom_config.txt to “system” folder on your Android device.
Step 3: Flashing the new ROM
Before flashing the new ROM, make sure the Hexnode MDM app can communicate with the Hexnode service app. Now, flash the newly deployed firmware on to the device, and… done.