Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. Android

Category filter

How to Enroll Android Devices by Configuring ROM

Jump To

Android ROM enrollment is a high-privilege enrollment method used by enterprises collaborating directly with OEM vendors. By flashing a custom ROM (firmware) onto the device, Hexnode UEM is installed as a system or privileged app.

This ensures that the device is automatically enrolled into Hexnode UEM the moment the user powers it on for the first time, offering a seamless out-of-the-box experience.

How it Works


  • Custom Firmware Creation    : The OEM vendor manufactures devices with a specially configured ROM.
  • System Level Access: The Hexnode UEM app is embedded in the /system/app folder, granting it elevated permissions and making it non-removable.
  • Auto-Enrollment: When the device is powered on, it connects to the internet and enrolls automatically without user intervention.

Managing App Updates on Custom ROMs

Because the Hexnode app is part of the system firmware, updating it can be challenging.

  • Standard Method: You cannot update the app manually. The OEM vendor must re-sign the APK, and the ROM might need re-flashing.
  • Recommended Method (Hexnode System Agent): To avoid the re-signing bottleneck, enterprises should opt for the Hexnode System Agent app. This agent facilitates silent updates of the Hexnode UEM app without requiring manual intervention from the OEM vendor.

Benefits of ROM Enrollment

Installing Hexnode UEM as a system app on custom ROM devices unlocks advanced management capabilities that are not available in standard enrollments:

  • Silent App Management: Install, update, downgrade, or remove apps silently without user prompts.
  • Bloatware Removal: Remove unwanted pre-installed apps to declutter the device.
  • Enhanced Security:
    • Non-Removable MDM: Since the app resides in /system/app, users cannot uninstall Hexnode UEM.
    • Lost Mode: Secure lost or stolen devices instantly by locking them remotely.
  • Remote Power Controls: Execute power off and reboot commands remotely.
  • Kiosk Mode Customization: Enable or disable system bars (status/navigation bars) seamlessly.

Frequently Asked Questions (FAQs)

Q1. How can I prevent users from flashing new ROMs on managed Android devices?

Administrators can lock down devices to prevent users from altering the operating system or flashing unauthorized ROMs. This is achieved by restricting developer access.

Steps to restriction: Create a policy in Hexnode and associate it with the target devices containing the following Advanced Restrictions (under Android > Restrictions > Advanced):

  • Disable Developer mode.
  • Disable USB debugging.
  • Disable Factory reset.

Q2. Who decides which apps become “System Apps”?

The Original Equipment Manufacturer (OEM) determines the system apps. Since system apps are embedded directly into the ROM (firmware) during the manufacturing process, only the OEM has the authority to place an app (such as Hexnode UEM) into the system partition.

Need more help?

If you are facing specific errors or need further details, check out these dedicated guides:

For detailed steps on configuring Android ROM enrollment or to coordinate with your OEM, please contact the Hexnode Support team:

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices
Managing Android Devices