[PARTIAL FIX] Some management policies are made permanent on Android 14

Lizzie
Google Community Manager
Google Community Manager

on ‎11-30-2023 05:44 AM - edited 4 weeks ago

30th November, 2023

(Last updated 5th April, 2024 -'Notes' section has been updated)

 

We are investigating an issue making some management policies permanent on Android 14. This issue affects two sets of management policies, one set when upgrading from Android 13 to Android 14, and one set on every reboot of Android 14 devices.

 

Your EMM can provide the lists of affected policies specific to their product. We recommend reviewing the affected policies set on your Android 13 devices, and if those existing policies are unlikely to change for the lifecycle of the device then no further action is required.

 

If those policies are likely to change, we recommend the following:

  1. Consider unsetting those policies that are made permanent on upgrade prior to upgrading to Android 14.
  2. We have provided recommended workarounds to our EMM partners, and have already implemented them if they are using our Android Management API (AMAPI). Please check with your EMM to see whether they have implemented these workarounds, or are using AMAPI. We will be adding additional redundancy to AMAPI’s workarounds in the coming weeks.
  3. You can safely re-enable affected policies on Android 14 once confirming the workaround is in place with your EMM.

If your devices are already impacted and have policies that have been made permanent, the only available remediation to clear the affected policy behavior is to remove the work profile on personally-owned devices or factory reset on company-owned devices.

 

Note: If the following policies are set on a personally-owned Android 14 device, they will become permanent. The 2024-03-01 security patch includes a fix to recover devices in this state which will temporarily create a new work profile in order to remove the restrictions. The fix will be applied automatically when the security update is installed.


 

Previous update:

Read more

30th November, 2023 

 

We are investigating an issue making some management policies permanent on Android 14. This issue affects two sets of management policies, one set when upgrading from Android 13 to Android 14, and one set on every reboot of Android 14 devices.

 

Your EMM can provide the lists of affected policies specific to their product. We recommend reviewing the affected policies set on your Android 13 devices, and if those existing policies are unlikely to change for the lifecycle of the device then no further action is required.

 

If those policies are likely to change, we recommend the following:

  1. Consider unsetting those policies that are made permanent on upgrade prior to upgrading to Android 14.
  2. We have provided recommended workarounds to our EMM partners, and have already implemented them if they are using our Android Management API (AMAPI). Please check with your EMM to see whether they have implemented these workarounds, or are using AMAPI. We will be adding additional redundancy to AMAPI’s workarounds in the coming weeks.
  3. You can safely re-enable affected policies on Android 14 once confirming the workaround is in place with your EMM.

If your devices are already impacted and have policies that have been made permanent, the only available remediation to clear the affected policy behavior is to remove the work profile on personally-owned devices or factory reset on company-owned devices.

 

Note: If the following policies are set on a personally-owned Android 14 device, they will become permanent and users must factory reset their devices if they wish to clear them. We recommended backing up personal data prior to a factory reset to help mitigate data loss. There is no workaround for these policies.

We will keep this post updated as additional information becomes available.

Labels:
Comments
Magcho
Level 1.5: Cupcake
‎12-05-2023 01:55 AM

Hi, we are using Workspace One and there doesn't seem to be any workaround solution available for this issue at the moment.
https://kb.vmware.com/s/article/95776

 

Regarding the permanent fix for this issue. The VMware article says that we should reach out to the OEM to see when a patch will be released.
Do you know if the fix will be released by the OEM in a system update or is it possible that this will be released using Play services?

And if it’s only released by the OEM, how can we update to a specific patch release without using a tool like E-Fota?

 

Lizzie
Google Community Manager
Google Community Manager
‎12-18-2023 10:11 AM

Hello Magcho,

 

I hope you are doing well. 

 

I know we have spoken about this directly, but I did just want to come back here to provide a response for anyone else wondering about this. 

  • To confirm, OEMs will release patches in system updates, so this will not be carried out using Play services.
  • We also would recommend customers to contact their EMM about how to set compliance policies around system updates, if you have questions around this. 

Thank you,

Lizzie

jasonbayton
Level 3.0: Honeycomb
‎01-05-2024 10:02 AM

Hey @Lizzie is Google tracking compliance on the rollout of the respective patches here? Any metrics to share?

Lizzie
Google Community Manager
Google Community Manager
‎01-12-2024 03:01 AM

Hello @jasonbayton,

 

I know we have also spoken directly on this, but again I wanted to come back. 

 

Regarding tracking of the patches for this issue, our recommendation is still to contact your EMM to check their timeline and if you are actually impacted by this issue. There has been quite a lot of movement on this across our Partners so best to check with them directly for this. 

 

I also thought it might be useful to include the links to other EMM service announcements for this issue. If anyone comes across any others please do share below, thank you. 

 

Thanks,

Lizzie

0 Kudos
Timmy
Level 1.6: Donut
‎02-07-2024 03:42 AM

Hey @Lizzie are you aware of any place where one could find information if an OEM has implemented and released a fix ? Or do we have to just trust and hope that manufactures has implemented a fix for it if no public information is available ?

0 Kudos
Lizzie
Google Community Manager
Google Community Manager
‎02-08-2024 01:37 AM

Hello @Timmy,

 

Great to meet you and welcome to the Customer Community. Unfortunately I don't, I agree it would be very useful and it is something I have asked back to the team. If I have any more information I will be sure to update you all here.

 

If you do come across any more Service Announcements on this though, please do share the link here as it would be great to add it to the list above.

 

As the the updates and impact vary across OEMs I would recommend contacting your partner directly to find the information you need on this. 

 

Thanks so much,

Lizzie

jasonbayton
Level 3.0: Honeycomb
‎02-08-2024 05:02 AM

It really is in Google's best interest to track such a considerable platform issue all the way to resolution across - at a minimum - AER OEM vendors and publish their expected timelines. Putting the onus on partners and customers isn't a great look

Lizzie
Google Community Manager
Google Community Manager
4 weeks ago

Hello everyone,

 

An update has been made to the 'Note' section of this Service Announcement. 

 

Thanks,

Lizzie

jasonbayton
Level 3.0: Honeycomb
4 weeks ago

Will this cause data loss, or is this effectively a 2nd work profile being spun up and deleted after?

0 Kudos
Version history
Last update:
4 weeks ago
Updated by:
Google Community Manager