Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder[Enhancement Request] Allow push notifications during OOBE setup process
Android does not allow any push notifications during the OOBE (out of box experience) setup process. This presents challenges during Intune enrollment because we require users to satisfy MFA (SMS or MS Authenticator) in order to complete Entra AD device registration and device enrollment. The inability to receive push notifications on the new Android they are configuring requires users to configure their MFA on a secondary device before starting the setup of the new device, or obtain a temporary access pass from our Security Team. If OOBE supported push notifications it would resolve this and provide a much simpler and easier enrollment/user experience.
(COPE) Hide app in work profile
Hello, I have a small case I'd like to submit to the community for help please. A customer use Mobile Iron, and use Zero Touch to enroll our Android 14 products. In their DPC extras, they enabled the system apps and need to keep that way: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "workProfileEnabled": true, "quickStart":"true" } Now after the device is enrolled, the Work profile is filled with bunch of apps including unwanted ones like Netflix, Adobe, YT kids, ... From Mobile Iron, they want to hide/disable some apps, using "setApplicationHidden" but it doesn't work. At OEM side, we tested this API with the Test DPC and it works properly. My thinking was that as we are in COPE, and the apps that the customer wants to remove are from the Personal space, then this is not working as the MDM cannot interact with Personal space content. Does this make sense? Are there a way to hide the unwanted apps from the Work profile, despite having "leave all system apps" enabled from the ZT DPC extras? Anyone has any suggestions please? Thanks!
requirements for provisioning an app on android 13
I have an app that I designed private for my company .... which gets permissions imei android ID block the use of factory restore unlock OEM unlock lock and unlock screen kiosk mode , and I install it by adb command and work perfect with all devices I have more than 170 devices made in this way and takes a lot of time , I would like to provision my app and placed as device owner through the QR the problem is that I do not know how to do it correctly try many things I saw on the internet , like for example the signed app get the sha256 from the apk and pass it to base64 make the json but I don't understand if I have to configure something else in the app for the provisioning I tried to scan a generated qr with everything correct and it didn't work it says contact your IT support for more information if someone can guide me it would be great, android 12+ a friend sent me some java and kt files for provisioning that worked for him, but for my app it doesn't work. my app has no icon because I need to pass silently and already does but as I say the problem is that I do not know if I am missing a file or a specific configuration I am missing only this and I would be grateful if someone can help complete it or guide me, I saw options like google workspace but I could not modify the block screen to be customized, try with the api google managament android and also does not let you create the company by command then I'm desperate and do not know what to do Thanks for readBYOD AE Work Profile - Samsung Device with Android 12, 13 - Sharing Serial no/IMEI details with Intune MDM
We are observing, Intune started displaying the Serial no's /IMEI's of Samsung Android 12, 13 device and device type is BYOD -> Work Profile. did you see this in your environment? Model affected are SM-A,G,S,G,M SERIES.
ZTE don't enroll the device
Hello, I using ZTE to enroll all of our Android devices into our MDM Meraki. But I've noticed that I have to perform a manual action each time to complete the enrollment : Why ZTE don't enroll automatically the device into my MDM ? Regards, **Code hidden for security reasons
COPE Enrollment Fails for Single and Multi-Kiosk Mode
Description: We are encountering an issue with the Corporate-Owned, Personally Enabled (COPE) enrollment where single and multi-kiosk mode are not working as expected. This issue has been observed during our deployment and testing phases. Steps to Reproduce: Initiate COPE enrollment on an Android device. Complete the enrollment process. Attempt to configure the device in single or multi-kiosk mode. Expected Behavior: The device should enter the specified kiosk mode (single or multi) without any issues. Actual Behavior: The device fails to switch to single or multi-kiosk mode. Instead, it either remains in its previous state or exhibits unexpected behavior. Android Version:Android 9 and 12 GMS Device Model: Pixel 3a (Android 12 GMS), RT55 (Android 9 GMS) Kiosk Mode Setup: Just add one application in the single kiosk mode, no other setting applied Error Messages: See my screen capture below
Intune Enrollment QR Code - Two connection types
Hi, all I'm trying to modify our original enrollment token (Intune - Fully Managed Device QR Code) so that the device can enroll using mobile data OR any wifi network. I managed to add this to an existing QR code android.app.extra.PROVISIONING_USE_MOBILE_DATA":true, Unfortunately, using such a QR code on a phone that does not have mobile data transmission means that the enrollment process no longer asks for the WIFI network and ends in failure. To sum up, I want to create an enrollment code that works as follows: 1. Allow enrollment using mobile data. 2. If mobile data does not work - ask for any WIFI.
Allow only one domain in Work Profile
Hi All, We have registered Android EMM with Managed Play Account (gmail) in Workspace ONE. We use Google Workspace for Google apps like email, calendar etc. I need to allow only adding our domain (mycompany.com) in Google Apps inside Work Profile. Is this possible? If yes, please guide me. PS: We are not registering Android EMM with Google Workspace because the email domain is different from our IDP (Okta). Thanks.
