Android Devices are Being Unintentionally Unenrolled

Several customers have reported Android devices being unintentionally unenrolled from SOTI MobiControl.

The issue is only reported on versions 2025.1.1, 2025.1.2, 2026.0.0 and 2026.0.1, in conjunction with Android Enterprise Agent version 2026.0.3.  Both cloud and on-premise environments are impacted. 

In some circumstances, devices are unenrolling without any explicit actions being taken to cause this to occur.

As of March 3, 2026 a patch has been developed and rolled out to all SOTI MobiControl cloud instances having one of the affected versions.  This patch prevents the unintentional device unenrollment, however it is not a full resolution to the underlying issues.

As of March 5, 2026 Google Play was updated to halt the distribution of the version 2026.0.3 MobiControl Android Enterprise agent.

Until this issue is fully resolved, upgrading of the SOTI MobiControl server to version 2025.1.1 or later is not recommended. In addition, upgrading of the Android Agent to version 2026.0.3 is not recommended.

A change introduced in version 2025.1.1 results in the Deployment Server sending the device a command to wipe the SOTI MobiControl device agent's settings in the event that it presents an invalid client certificate during the connection authentication process.  Previous to version 2025.1.1, a wipe command was not sent.  Normally, the device agent should present a valid client certificate, but it has been discovered that in at least one case related to the renewal of the client certificate, it is possible that client certificate validation may fail.

It has also been discovered that a change in version 2026.0.3 of the SOTI MobiControl Android Enterprise Agent introduced a defect which can result in the corruption of the TLS client certificate.

As of March 5, 2026, an enhanced patch has been developed and is being rolled out to all SOTI MobiControl cloud instances having one of the affected versions. The patch addresses the known condition in which unenrollment could be unintentionally triggered and prevents the wipe action from being sent to a device when an invalid client certificate is presented to the Deployment Server. The patch also compensates for the version 2026.0.3 agent side defect.

SOTI MobiControl on-premise instances will need to be patched. If you suspect that you are having this issue, please contact SOTI Support to obtain the required patch.

Investigation and development work continues on an updated Android Enterprise agent to address the agent side issue.

This article will be updated when more information is available.

SOTI Cloud hosted instances will be patched automatically and on-premise instances will need to be patched manually. 
Upgrading of the Android Enterprise agent will be required once it has been made available.

If you suspect that your SOTI MobiControl instance is impacted by this issue, please report it to SOTI Support.