SOTI Pulse Logo

Android Silent install not so Silent

PC
Paul Courtney
nokiantyres

We are converting all of our zebra devices to SOTI from Intune (yay).  We have setup a lock screen and authentication.  During the install we keep getting requests for the user to allow MobiControl some permissions.  

Modify System Settings

Device & app notifications

In order to do this, the user would have to exit the lock screen, which would require the admin password, which sort of defeats the entire purpose of the lock screen.  Many of our warehouses do not have any local IT support so we are stuck enrolling devices only when a remote SOTI admin is handy.

There is a script command 'afw_set_permission_policy grant' which seems to work.  However it is always the last thing to be installed and only after someone has intervened and set the above permissions.

Is there a way around this?  Can the script be set someone to be the first thing installed, or another way to eliminate these permissions to be required?

Thanks.

mobicontrol android enrollment
8 months ago
SOTI MobiControl
ANSWERS
MD
Matt Dermody Diamond Contributor
8 months ago

Congrats on moving off of Intune. You'll find SOTI is significantly more adept at handling line of business Zebra Android devices over Intune.

The requirement for those permissions and subsequent prompting that occurs during enrollment is something that is defined in your Enrollment Rule for the devices. There may be different opinions here on the forum but from my perspective I never enable any of those permissions in Enrollment rules for Zebra devices in SOTI. I haven't found that I need any of them to effectively manage the devices comprehensively. 

If you did end up needing one of the permissions you could use Zebra MX to grant the dangerous permission silently to the agent. I have done this in the past to silently grant the usage stats permission to the agent and to avoid having the end user prompted for those run time permissions.

https://developer.zebra.com/blog/auto-grant-android-dangerous-permissions-zebra-devices

High level recommendation:
- Disable all permission prompting within your Enrollment rule
- Test out the management of the devices and verify that you aren't missing any permissions that would prevent you from managing something that you need to manage on the device.
- If you do identify that you actually need one of those permissions create MX XML using the instructions above to have the missing permission silently granted to the agent. 

EG
Edgar Gomez
8 months ago

Hi Paul, 

If you enable the Deploy latest plugins to device option in the enrollment policy, then the plugin will grant those permissions when installed.

MD
Matt Dermody Diamond Contributor
8 months ago

I can't say I'd recommend this option any more, especially not for Zebra Android devices. The plugin is in fact breaking certain features like Remote Control on Zebra Android A13+ devices given that Zebra stopped signing and supporting it many years ago. 

PC
Paul Courtney
8 months ago

We deployed them.  The SOTI engineer had us turn them on during the POC.

MD
Matt Dermody Diamond Contributor
8 months ago

If you are on modern Zebra devices running A13+ then the plugin should not be used anymore. 

RC
Raymond Chan Diamond Contributor
8 months ago

It seems that the forthcoming v2025.1.x release of MobiControl will have some enhancements related to app permissions granting for Android device platform.   

P
PSMOD@SOTI.net
8 months ago

Hi Paul,

Thanks for posting on SOTI Pulse.  Also thanks to Matt, Edgar and Raymond for responding to the post, your expertise and willingness to help are greatly appreciated!

Paul, has your query been resolved? If this post did not assist you in resolving the issue completely and you still have additional questions, please do not hesitate to reach out or you can contact SOTI Support (support@soti.net) to raise a support case and one of our support engineer will be there to assist you.

Kind Regards,

Technical Support | SOTI Inc.| support@soti.net | www.soti.net |

Similar Discussions