SOTI Pulse Logo

SOTI Mobile Agents are updating automatically.

P
Pranay
GLS eComLab GmbH

Hi, We are facing an issue where the mobile agents are updated automatically. Recently, we updated our console to 15.6.6 and after that, we started observing this issue. In the earlier versions, we never came across this, and after the upgrade, the agents update automatically. Has anyone else faced the same issue, and how can we fix this? We do not want the agents to update automatically on the devices

a year ago
SOTI MobiControl
ANSWERS
AW
Adam Williams
a year ago

Hi Pranay,

Are you using android devices and installing applications from managed google play? Also which devices are you using?

Thanks 
Adam

P
Pranay
a year ago

Hi Adam, Thanks for your reply. yes, we are using Samsung Android devices (A32, A33, etc.). There are a few applications that we install from the managed Google Play.

Additionally, since our mobile agents were old and needed to be updated before the console upgrade, we updated them through a profile that included the agent APK.

RS
Rafael Schäfer
a year ago

MGP will update sometimes apps provided outside of MGP but availablle through it.

We see the same for Samsung KSP or Motorola's OemConfig.

AW
Adam Williams
a year ago

Hi Pranay,

So this is a frustration I have also, so the situation as far as I understand it as follows.

The agent is available on public google play store and the bundle id of the agent on playstore and the bundle id of the agent deployed by what ever your enrollment method is, are the same.

And you use managed google play, the playstore will detect that the agent has an update avaiable and apply it as per your managed google play update policy (which at best can only defer the update). Even though you haven't listed the agent as an application in the app policy or set the agent to not update via a device action / enrollment policy / update schedule.
Essentially the playstore takes charge of the update.

What I have seen available is the below legacy script which is available for Samsung devices.

app_upgrade disable <package-list>

Script Commands for Android Enterprise: Managed Devices (soti.net)

However I haven't tested this myself, so cant comment on how well this work.
For my devices, I haven't got this functionality available and so have to live in hope that the agent doesn't break something for me.
Thanks 
Adam

P
Pranay
a year ago

Hi Adam,

We used this script, but the agents were still automatically updated. :(

Our main concern is that if there is an unknown bug in the new agent, there is a possibility of a breakdown that we are not aware of.

AW
Adam Williams
a year ago

Hi Pranay,

That is unfortunate, the documentation states it requires minimum agent 15.1.5, Samsung: API Level 11 and MDM v 5.0+ and above. And so if those conditions are met then maybe worth raising a support ticket for SOTI to investigate. 

Again not so familiar with Samsung, but Knox also has the ability to disable app updates, so maybe theres something that can be configured with OEM Config Enable and disable app installation | Knox Guard | Samsung Knox Documentation

Maybe other in the forum with more experience with Samsung will be able to provide better info.

Thanks
Adam

P
Pranay
a year ago

Hi Adam,

Yes, we can restrict that through OEM Config. The only concerning thing is that we never had to do this before our console was upgraded; everything was fine previously. So, I’m wondering why we are observing this behavior now when we didn't change anything in the system.

But anyway, I really appreciate your time and valuable comments on this. Thank you so much.

AW
Adam Williams
a year ago

No problem at all, sorry I couldnt be more helpful.

Not sure why this has come to light only since youre MC upgrade, but it has been an issue for us for the last 3 years (cloud) & v14 agent.

All the best

Thanks
Adam

MD
Matt Dermody Diamond Contributor
a year ago

This is an ongoing common frustration across all of the environments that I manage. Uncontrolled upgrades to applications from Google Play even if they are not approved as managed applications. The closest I've managed to restrict the updates from happening is using a OEM specific MX based restriction on Zebra devices that is designed to block specific app updates from Google Play. Even with this restriction in place it seems to only be about 75% successful as Google Play still manages to sneak occasional updates through. It is a real risk having the agent auto upgrade and I have had multiple instances where new versions cause instability and I either have to wait for a new version to become available or factory reset and re-enroll the devices on a prior agent version and hope that the restrictions I have in place block it from upgrading to the bad version that is hosted in the public Play Store again. Background upgrades to the System WebView have also been very problematic in Android environment, especially with more and more apps migrating to a hybrid web app approach that is dependent on the System WebView component. I think Google is mostly to blame in this scenario as they don't offer comprehensive version control or restrictions on these updates natively. The nuclear option is disabling Google Play completely but you'd only realistically be able to do so if you don't have any applications that you need to have installed via Managed Play. 

RC
Raymond Chan Diamond Contributor
a year ago

Regarding restricting upgrade of the device agent,  I believe the best you can do are:

1. not to include MobiControl device agent app in Managed Google Play store/account.

2. use app_upgrade disable script command with Soti device agent as the argument.   I am not sure if it works for the device agent itself, but there no harm running it

MDM/EMM/UEM technologies are evolving all the time.   The interactions between your device firmware, Soti agent and server, and Google/OEM backend servers may occasionally have some intermittent issues that render device agent upgrade restriction failing.  However, even when that happens, I would not be too worried, as my personal experience with many tens of corporate/governmental  implementations in the last few years shows that upgraded MobiControl device agents are very unlikely to introduce big problems in most cases.

RS
Rafael Schäfer
a year ago

How about also setting up the managed Google play profile to "never update" as well (maybe in addition)?

I know this should affect all MGP provided apps but could help maybe. Do you have any experience with that?

A
ATMOD@SOTI
a year ago

Hi Pranay,

 

Thanks for posting on SOTI Pulse.  Thanks Raymond, Rafael and Adam for responding to the post, your expertise and willingness to help are greatly appreciated!

Has your query been resolved? If this post did not assist you in resolving the issue completely and you have additional questions, please do not hesitate to reach out or you can contact SOTI Support (support@soti.net) to open a new case and one of our support engineer will be there to assist you.

 

Kind Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

Similar Discussions