Android Devices are Being Unintentionally Unenrolled

Several customers have reported Android devices being unintentionally unenrolled from SOTI MobiControl.

The issue is only reported on versions 2025.1.1, 2025.1.2, 2026.0.0 and 2026.0.1, in conjunction with Android Enterprise Agent version 2026.0.3.  Both cloud and on-premise environments are impacted. 

In some circumstances, devices are unenrolling without any explicit actions being taken to cause this to occur.

As of March 3, 2026 a patch has been developed and rolled out to all SOTI MobiControl cloud instances having one of the affected versions.  This server-side patch prevents the unintentional device unenrollment.

On-premise customers who did not automatically receive the patch should contact SOTI Support to obtain the patch.

As of March 5, 2026, Google Play and SOTI Pulse Downloads were updated to halt the distribution of the version 2026.0.3 MobiControl Android Enterprise agent.

To avoid this issue, customers are urged to no longer use version 2026.0.3 of the MobiControl Android Enterprise Agent.

A change introduced in version 2025.1.1 results in the Deployment Server sending the device a command to wipe the SOTI MobiControl device agent's settings in the event that it presents an invalid client certificate during the connection authentication process.  Previous to version 2025.1.1, a wipe command was not sent.  Normally, the device agent should present a valid client certificate, but it has been discovered that in a case related to the renewal of the client certificate, it is possible that client certificate validation may fail.

It was also discovered that a change in version 2026.0.3 of the SOTI MobiControl Android Enterprise Agent introduced a defect which can result in the corruption of the keystore in which the TLS client certificate stored on the device.

As of March 5, 2026, an enhanced patch has been developed and rolled out to all SOTI MobiControl cloud instances having one of the affected versions. The patch addresses the conditions in which unenrollment could be unintentionally triggered and prevents the wipe action from being sent to a device when an invalid client certificate is presented to the Deployment Server. The patch also compensates for the version 2026.0.3 agent side defect.

SOTI MobiControl on-premise instances will need to be patched. If you suspect that you are having this issue, please contact SOTI Support to obtain the required patch.

As of March 17, 2026 MobiControl Android Enterprise Agent version 2026.0.4 was made generally available via Google Play and SOTI Pulse Downloads.  This updated agent version addresses the defect that was identified in the 2026.0.3 version. Customers still using version 2026.0.3 are urged to upgrade to 2026.0.4 as soon as possible.

With the MobiControl Deployment Server patched, and the use of Android Agent 2026.0.4 or later there are no further workarounds required.

Customers who are presently on version 2024.x and have had to delay their upgrade to version 2025.1 or 2026.0 because of this issue will be granted an extension to the pending end of life for version 2024.x.  Please contact  SOTI Support for additional information.