SOTI Pulse Logo

Allow Device Care to run but not accessible by end user.

WT
Warren T
Marston (Holdings) Limited

Hi all

We have Samsung Devices in the field that battery drain is a concern with, namely the new Samsung Galaxy Tab Active 5 SM-X306B (Android 14) that we think would benefit from the battery optimisations menu being accessible. Currently in order to stop end users from accessing their file storage directories on the tablet we are having to blacklist the Device Care service/app so that when they click it they are warned that there is no app that can be opened to access it, as they can access their file storage from that app.

On older devices, the Device Care and Battery Optimisation sections were combined into the Device Care app, on the Tab Active 5, there is a separate menu entry in settings for the Battery usage and Optimisations but this is still tied to Device Care. So if we blacklist Device Care, clicking Battery Optimisations also becomes blacklisted and not accessible.

As a result of the blacklist, I suspect that Samsung is unable to optimise apps battery usage effectively because its blocked from operating making the battery drain much faster than intended. Is there anyway to block the user accessing Device Care but allow it to continue running in the background by removing it from the blacklist? Using Soti Settings Manager is not an option for us unfortunately as a workaround. We are currently using classic enrolment (please no discussions why).

Soti Agent is Android Classic, 2024.1.0.1149

Soti Mobicontrol server: 2024.1.0.1052

Thanks

script configuration
a year ago
SOTI MobiControl
ANSWERS
RS
Rafael Schäfer
a year ago

Normally i would point to KSP but with classic enrollment there's no KSP setting available in profile and also no managed app config in policies.
And with Android 14 limitations there's also no way to provide the settings in a different way as far as i know.

So i don't see a way to do this from management side as long it's bundled as you already described.

Maybe someone else has an idea but i think your issue here is using Android Classic for latest devices (and no i don't want to discuss that either, just pointing to it).

WT
Warren T
a year ago

Hi Rafael.

Thanks for coming back. I suspected as much, if anyone else has insight then that would be good. To get our fleet of Galaxy moved to Work Managed / Enterprise would be too big a job for myself alone, as theres around 600+ users in the field (operating externalls to our offices).

I suppose I can consider better filtering options and create separate containers and have them dedicated to non classic enrolment.. it's just too big a task currently so not practical.

Thanks

RS
Rafael Schäfer
a year ago

I fully understand but you may take it into consideration that your enrollment changes to enterprise for all newly enrolled devices and step-by-step exchange the devices over a longer period of time.
Yes, it's bad to have a mix but somehow you may need to do the switch.

And as i see it in Mobicontrol 2024 there's no Android Classic anymore as an option in Profiles, Policies and Enrollment (at least in our Soti Cloud Test-Server on same version you have). This would mean in, my opinion, that you must switch to Enterprise enrollment (independent of the issue here).

And yes i know what it means to exchange a lot of devices (thousands) not located locally, we are currently replacing a large number of devices because of their age.

This would not mean that I'm not jhoping someone here providing you a possible solution but be aware that there could be no one.

RC
Raymond Chan Diamond Contributor
a year ago

Unless one has sufficient understanding about how different modules of an app support different functions and interact with each others,  it is not a good idea to use application-run-control MDM policy or other dirty workaround to attempt blocking SOME of the functions of that app but hopefully allow others at the same time.

Without sufficient tests and expertise, one may wrongly conclude that the workaround works, but the software may potentially get unstable and crash or cause unpredictable damage/data loss when some other module(s) is/are blocked from running to perform required operations.

.   

WT
Warren T
a year ago

Hi Raymond

Unfortunately we have had no choice, our field agents MUST NOT be able to access the file storage on their devices. Only the apps we install are allowed to. This is for GDPR (Data Protection) reasons. Samsung Devices where Device Care is enabled allows direct access to the file storage system even when there is a lockdown applied. This cannot happen for us under any circumstances so we have had no choice, and yes I understand the implications of this but this has been a blacklisted app for some time now with the only thing affected is battery optimisations.

S
SSMOD
a year ago

Hi Warren,


Thanks for posting on SOTI pulse. Thanks Rafael and Raymond for responding to the post, your expertise and willingness to help are greatly appreciated!


Has your query been resolved? If not, or if you have any additional concerns, please don't hesitate to reach out. We are dedicated to providing assistance and support

.
Also, if this post has helped you in solving your query, I would request you to mark the particular comment as "is solution", so that others may benefit from this information.

 

Similar Discussions