Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Android device management - Unable to enroll: DEVICE_MODE_QUARANTINED
Hello everyone, New to Google device management and hoping someone is able to help me out. I had tried to enroll various Android devices in COPE, Work Managed and Work Profile (BYOD) modes but each of them are failing at the "Registering profile" screen. It look like the Work Profile has been created, but does not appear to be functional and devices are not appearing in the Google admin console. Pertinent (I think) are of the logcat logs are showing: 10-09 18:06:39.752 22672 28291 I clouddpc: [PolicyLogHelper.java:logPolicies:103] Device mode: quarantined 10-09 18:06:39.752 22672 28291 I clouddpc: [PolicyLogHelper.java:logPolicies:105] Got policy. Size: 0 10-09 18:06:39.752 22672 28291 I clouddpc: [OverrideLayer.java:loadFromFile:98] No override for compliance_rules 10-09 18:06:39.752 22672 28291 I clouddpc: [EventLogManagerImpl.kt:logMessage:1641] Event logged: PolicyPulled details: [id=default, version=0, mode=DEVICE_MODE_QUARANTINED] metadata: [isNetworkConnected=true] 10-09 18:06:39.753 22672 28291 I clouddpc: [EventLogManagerImpl.kt:logMessage:1641] Event logged: PolicyPulled details: [currentPolicy=PolicyIdentifiers(policyName=default, policyVersion=0), flowId=f02e170ef5ae087b3d825321c3dbee57bb0cd4aa3b1bba061dd934da8cb7937b] metadata: [isNetworkConnected=true] 10-09 18:06:39.754 22672 28291 I clouddpc: [RestoreUtilImpl.kt:getRestoreIntent:66] Getting restore intent 10-09 18:06:39.756 22672 28291 E clouddpc: [PolicyUpdaterImpl.java:retryPullApplyAndExecuteCompliance:478] Policy update mitigation failed, 1 tries done, 0 tries left 10-09 18:06:39.756 22672 28291 E clouddpc: dbc: Device mode: DEVICE_MODE_QUARANTINED Looks like my devices are being quarantined? Not sure what this means... Is there some kind of allow-list that I need to populate? Appreciate any help you can offer![Enhancement Request] Allow push notifications during OOBE setup process
Android does not allow any push notifications during the OOBE (out of box experience) setup process. This presents challenges during Intune enrollment because we require users to satisfy MFA (SMS or MS Authenticator) in order to complete Entra AD device registration and device enrollment. The inability to receive push notifications on the new Android they are configuring requires users to configure their MFA on a secondary device before starting the setup of the new device, or obtain a temporary access pass from our Security Team. If OOBE supported push notifications it would resolve this and provide a much simpler and easier enrollment/user experience.(COPE) Hide app in work profile
Hello, I have a small case I'd like to submit to the community for help please. A customer use Mobile Iron, and use Zero Touch to enroll our Android 14 products. In their DPC extras, they enabled the system apps and need to keep that way: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "workProfileEnabled": true, "quickStart":"true" } Now after the device is enrolled, the Work profile is filled with bunch of apps including unwanted ones like Netflix, Adobe, YT kids, ... From Mobile Iron, they want to hide/disable some apps, using "setApplicationHidden" but it doesn't work. At OEM side, we tested this API with the Test DPC and it works properly. My thinking was that as we are in COPE, and the apps that the customer wants to remove are from the Personal space, then this is not working as the MDM cannot interact with Personal space content. Does this make sense? Are there a way to hide the unwanted apps from the Work profile, despite having "leave all system apps" enabled from the ZT DPC extras? Anyone has any suggestions please? Thanks!
Android Auto with COPE
We enroll devices into intune as COPE, but we are finding issues when users connect the device to android auto, any stored contacts in the work profile do not feed through. Has anybody come across this before? or know if there is a way to share contacts from work profile with Android Auto?
HELP! Enrollment Stuck on Choose Device Category
I need help. When enrolling a device on Intune, we are getting stuck on the Choose Device category page where it does not allow us to press the OK button. We have two vendors supplying us phones and the issue is happening with both vendors (devices are Pixel 8s and 9s). Please help!
