No Matches Found!
Try with a different search term
Is there a way to programmatically enable draw over apps permission for a third party app when it's getting installed or after it's installed? here is the app, when it installs it's in lockdown mode, i got to this screen from admin mode.
on lockdown when it installs: but i can't get to it from here, is there a way to automatically enable this or something i can do here?
According to some Samsung documents released in this month (September 2024), it is possible to use "Permission Control" feature of the free Samsung Knox Service Plugin v24.03+ app to grant the following special permissions of targeted app(s) on Android 13 (Knox 3.9) or later Samsung devices running AE work-managed mode:
Thank you, I actually found this as well and gave it a go this morning and this worked for me. Just for info, i think it's important to note that the order matters here in which you apply it. And from what i've seen i think it's best practice to apply the perm first through KSP and then apply the application. I did it the other way around and it did not pick up the change until i revoked the profile, restarted the device and reinstalled the KSP profile. When i did the perm first, it threw an error for that perm because the app wasn't installed yet (in debug mode) and then i sent the app package and from there KSP instantly updated with "successfully completed". can't attach video but here are a few screenshots of before and after the app was installed.
Hi Katie,
from what I expierenced in the last few weeks.
You can trigger the ksp plugin again after the installation of the app you need.
It should be possible to enable the permissions for MobiControl aswell.
As you can read here: https://discussions.soti.net/articles/000002579?categoryName=SOTI%20MobiControl
Maybe this helps you?
I would always recommend to use the KSP from managed google play instead of a profile.
Thank you for this! But I haven’t had much luck with GooglePlay store for KSP.
-KSP can’t be removed once it’s installed unless you factory reset the device. So trying to resync KSP causes issues for me with the play store as it doesn’t automatically remove and resync. I have to wait on Google’s timing.
The only way I’ve been able to get it to resync automatically is to update the settings but in most cases I don’t want to update, I just want it to resync so it will apply the license activation piece successfully. Which is where most of my issues come from as well. Where the settings aren’t applying because it didn’t successfully activate the license the first time. With the profile for KSP I am able to remove and resync the same settings. Play store is just not instant enough for my environment when it comes to managing KSP settings and trying to resync.
Hi Kate,
Unfortunately this isnt possible directly though a script command.
afw_set_permission_grant_state - Grants specified permissions to specified applications. You cannot grant special permissions such as Draw Over or Usage Access, to third party applications.
One option is to add a menu item for the settings app but dont create an icon in the lockdown template for this. Then the lockdown will have access to the settings when "Open Settings" is clicked and the end user can manually provide the permission. However, it will mean that any possible route into the settings menu (e.g. long press on wifi etc) will allow end users into the settings menu. For me this was not an acceptable solution, but worth you knowing.
I dont know if the activity for draw over apps is more specific or com.android.settings/.subsettings, in which case, you could provide access to that specific activity (by adding it as a menu item) which may reduce the number of ways of accessing the settings application. I will further note on this however, that once the end user accesses this, they are still free to roam the settings menu and make unexpected changes. So I still dont really like this option either.
You may need to check with the OEM of the device whether they have system integration intents available which may allow you to set that permission for you.
Thank you for your response! I did consider the lockdown item and tried it out and you are correct, in that I would need to give them access to settings for them to enable that option and that is no bueno in my environment as well. Anything that will give my users access to settings is a no go. I will check with Samsung and see if they have anything to assist. Thank you!
This is possible on some manufacturers using OEM specific management controls. For example this permission and other "dangerous" permissions can be silently granted for any app on a Zebra Android devices using their AccessMgr CSP. The process is relatively complex and involved but it is possible. I use it frequently when managing Zebra Android devices because I don't want to have to rely on end users of shared line of business devices to grant the necessary permissions correctly when prompted. There aren't any native Android Enterprise management capabilities that are universal however that I am aware of and I find it unlikely that Google would ever add native management capabilities for these permissions.
We have Samsung devices, Do you know of anything that would allow it for this manufacturer?
SOTI let me know there is nothing currently that will allow for this but I wanted to see if anyone has had luck in doing something similar to Zebra where the perms can be granted silently for an app, on Samsung devices? I have reached out to them as well and waiting to hear back.
Hi Katie,
I hope the suggestions provided by Adam and Matt have helped you answer your query. Please inform us if you require further assistance.
Additionally, if any response has helped address your inquiry, we kindly request you to mark it as "is solution" so that others may also benefit from this information.
Thank you Adam and Matt for your valuable suggestions.
Thank you for choosing SOTI.
Regards,
Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net
