SOTI Pulse Logo

Installing APKs and silently approving app permissions on Android 10

Solved
MV
Mike Vloet
Walker Environmental Group Inc.

I've read other posts about this but everything I've tried to this point hasn't worked so I figured I'd open this up to the community. Here is our scenario:

  • MobiControl Cloud instance 15.3
  • Android Classic device agents 15.0.1.1051
  • We are using Sonim XP8 devices only.
  • Devices are used in the service industry and are locked down via lockdown screen.
  • Devices have no access to apps outside of what is displayed on the lock down page.
  • Yes, I've tried Android Enterprise but it doesn't work for our environment. Especially the remote assistance part where permission is required.

Before Android 10 we were able to roll out APKs and silently install without issue. As we are all aware, when running some apps for the first time, users will be prompted for Location, Storage, Camera, etc. access before use. The problem is, when the device is Locked Down, users can't accept those permissions. Device admins must unlock the device, accept the permissions then lock the device. But even if the user could accept these permissions, they may tap the wrong answer making the apps useless, especially when it comes to location.

How do we work around this? It is imperative that when we add or update apps, that our technicians can pick up their devices and get to work without having to deal with prompts and unlocks.

If anyone can shed light on this, it would be greatly appreciated. If possible, I'd like to keep answers limited to the SOTI environment only without having to introduce 3rd party solutions mixed in.

android-plus permissions app-permissions install-apk silent
4 years ago
SOTI MobiControl
ANSWERS
MD
Matt Dermody Diamond Contributor
4 years ago

I think you have to move to Android Enterprise. I am kind of surprised you are even able to use Device Administrator based management on an A10 device at all in SOTI as that support fell off for Zebra devices back in A8 as that management API is being deprecated and discontinued by Google. 

For Remote Control to work in Android Enterprise you need to install the OEM specific plugin in addition to the base AE agent. 

Solution
MV
Mike Vloet
4 years ago

Thank you for the fast reply. And thanks for pointing me to the plugin. I'm testing this now.

During my test though, when I click on remote view, all I see is this "Waiting for Screen"

This is happening for both Web view and Legacy views. The device is prompting no notifications.

Lastly, how does going to Enterprise solve silently granting app permission issues?

MD
Matt Dermody Diamond Contributor
4 years ago

Installation of the plugin should result in Remote View changing to Remote Control, which does not require any manual user interaction for it to be granted. Note that the device does also need to be a fully managed (Device Owner) managed device under Android Enterprise for this to work. If you just installed the Agent manually on the device and enrolled it then you likely ended up in Work Profile (Profile Owner) mode which is more intended for the BYOD usecase. If you intend to manage the devices completely then Work /Fully Managed (Device Owner) based management is the way to go. You would need to start from a factory default state and use one of the AE enrollment methods like QR code DPC identifier (afw#mobicontrol) to get the device enrolled in the proper state.

I recommend that you read up on the concepts of Android Enterprise if some of this is unfamiliar to you as these are relatively universal Android management concepts not unique to SOTI.

https://bayton.org/docs/enterprise-mobility/android/what-is-android-enterprise-and-why-is-it-used/

https://bayton.org/docs/enterprise-mobility/android/android-enterprise-vs-device-administrator-legacy-enrolment/

RC
Raymond Chan Diamond Contributor
4 years ago

Hi Mike,

Could you please confirmed what are the active MDM API's reported on either the device agent's configuration tab or in the device information tab of the device view in the web console?

J
JMMOD@SOTI
3 years ago

Hello Mike,

Thank you for posting on Soti Central.

Could you please answer the question raised by Mr Raymond - "what are the MDM API's reported on the device information tab  in the web console?" This helps to verify if the remote control plugin was installed on the device successfully. 

Looking forward to your reply.

Thank you!!

MV
Mike Vloet
3 years ago

Appreciate all the feedback and suggestions. In the end, we are going the Enterprise Managed Device route. It was time to give up on the Android Classic and trying to work around Android 10's strict security.

Only issue now is factory resetting our devices to get them in Managed mode.

Similar Discussions