For those who don't know, I spend my working hours building an AMAPI based EMM with a small dedicated team of folks across the world.

My biggest gripe, after the ever-present lack of functionality compared to PlayEMM/on-device APIs (that hopefully extensibility will fix one day), is the absence of release notes since last year.

It is such a pain having to sift through the public docs manually before each cycle looking for new or updated (or deprecated!) functionality.. and it shouldn't be the case for such a critial solution.

So obviously, I've started a tracker:

https://bayton.org/amapi-tracker

It solves nothing of course, but hopefully highlights the issue enough that Google will sort it out 😁

#androidenterprise

It's that time of year again, the Android Enterprise Partner Summit is upon us!

Who's popping into London tomorrow then?

I'm super excited to see what's new, and look forward to catching up with some new and old faces in the ecosystem.

If you see me wandering around please feel free to say hello :)

#androidenterprise

A few new #FAQs for your Tuesday afternoon, based on a bunch of recent interactions across the ecosystem!

🔗 Configure Google Workspace permitted domains: https://bayton.org/android/android-enterprise-faq/configure-google-workspace-permitted-domains

🔗 Configure Google Chrome managed bookmarks: https://bayton.org/android/android-enterprise-faq/configure-chrome-bookmarks

🔗 Configure Google Chrome URL allow/block lists: https://bayton.org/android/android-enterprise-faq/configure-chrome-allowlist-blocklist

Happy managing!

#androidenterprise

A question popped up on the Help Community yesterday asking how one might change the Google account associated with their EMM bind.

For years this wasn't possible, so it was exceptionally important you didn't use an account you didn't want to be tied to for any extended period of time, as well as obviously ensuring it was a company-owned Google account and not Bob's personal account he'd take with him into retirement.

More recently however, a permissions system akin to that we find in zero-touch and other solutions has been implemented, allowing multiple accounts to now manage the bind complete with basic user permissions.

I popped a FAQ together to address it:

📎 https://bayton.org/android/android-enterprise-faq/manage-bind-account/

Happy Saturday!

#androidenterprise

Another quick note to cover off a gap in documentation, much like the whitelisted domains in Google Workspace I posted about some weeks back..

If you're trying to block a selection of URLs in Chrome managed config and find it's not working, add brackets:

[“http://www.bbc.co.uk”, “facebook.com”, ".example.com/?etc"]

It had completely slipped my mind brackets were needed with some EMMs when I was configuring this yesterday, and Google's documentation makes no mention of it. Everything else on that page regarding formatting and URL examples is valuable, though :)

🔗 https://support.google.com/chrome/a/answer/9942583

#androidenterprise

👀

Google I/O just got a little more exciting..

🔗 https://store.google.com/intl/en/ideas/pixel-is-open/

The proportions look more in line with what I'd consider usable vs the Fold(s) I've tried, with a properly-sized front screen the need to unfold to do anything meaningful may not be so strong.

That said, if this screen is as soft and fragile as every other foldable on the market today I'm probably going to give the Pixel a pass also. I guess we'll find out soon enough!

#androidenterprise #googleio #pixel

H/T to Mishaal for the deep dive on the fixes pushed in the May '23 SPL rolling out now.

🔗 https://blog.esper.io/android-system-app-downgrade-vulnerability-fix/

Although limited to local access with debugging enabled, it's nevertheless a vulnerability capable of being exploited, and is now one fewer avenues for attack.

Get May pushed ASAP admins! 📱

#androidenterprise

Way back in 2018 I was gifted a drone through work. a decent one at the time for someone who'd never touched a drone before, and I was excited to use it!

Except I never did. I charged everything up ready to go and popped it in the cupboard for a sunny day, and subsequently forgot about it until my spring clean this weekend.

Luckily one(!) of the batteries worked and after a quick registration with the CAA, kiddo and I had an absolute blast with it all weekend.

So much so in fact I got an itch and picked up a Mini 3 Pro today to compare the tech, and honestly I'm blown away.

This picture it captured of my neighbourhood is 🔥

To pivot back to my regularly scheduled programming, the remote controller I got with it runs Android, AOSP naturally for the use case here. It wasn't clear until a familiar chime played on boot and I'm going to dig into what and how it's running once the "new shiny" feeling wears off a bit.

I look forward to going places and capturing some of the imagery I've only seen on TV for myself 😎

#android #drone

Google have published a new article on their security blog highlighting their Play performance in 2022. It's a refreshing counter to the daily drivel oozing from tabloids about occasional apps making it through the net.

In 2022, Google Play:
• Prevented 1.43 million policy-violating apps from being published on the store
• Banned 173k bad actors from publishing apps
• Added more requirements for developer sign-up to deter the attempted publishing of bad apps
• Added more requirements for app types known for being abused
• .. and more

Tying in to the annual targetSDK requirements, and the newer changes that block very, very old apps from being installed in Android, and the last year was pretty good.

I will absolutely take a moment to call out the policies though. At least one of those 1.43m policy violations was an app I worked on that got blocked for 3 weeks across 10+ revisions and involved multiple escalations to AE and Play support because of a wording issue for a permission. Legitimate developers get caught up in Google's nondescript and super granular policies frequently, and seeing numbers like that has me wondering how many of those are genuinely bad apps..

Very good read though, check it out!

Source: https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html

#androidenterprise

It looks like Samsung has added yet another device to their lineup benefitting from 4 major OS updates and 5 years of security.. and it's the one of the most budget-friendly offerings available with that longevity!

The Galaxy A24 comes in at under $300/£240 (converted) and is pretty well-specced for the price. Regional availability is limited but honestly that makes it even more impressive to me; seeing commitment to a 5 year lifecycle for a device that isn't globally available - it's the same amount of effort to support this after all whether you sell a hundred or a million.

I am absolutely here for the consumer market setting the bar higher for security and longevity. Long may this trend continue!

Samsung: https://www.samsung.com/africa_en/smartphones/galaxy-a/galaxy-a24-black-128gb-sm-a245fzkvafc/ Source: https://www.androidauthority.com/samsung-galaxy-a24-four-years-android-updates-3317791/

#androidenterprise

FYI, there are multiple reports on the Android Enterprise Help Community (https://support.google.com/work/android/community?hl=en&sjid=8020794700293409791-EU) as well as reseller partner community of zero-touch enrolment issues at the moment.

If you see the error "Zero-touch isn't available", it's not just you.

Google haven't (that I can see) acknowledged it just yet, but it's been logged so should hopefully be resolved soon.

Edit:

Confirmed (11am GMT+1) Google are working on it.

Edit2:

Google state it is now resolved (~7pm GMT+1)

#androidenterprise

Google today announced an update to Google Authenticator - https://security.googleblog.com/2023/04/google-authenticator-now-supports.html

This is the first update in a very long time, and adds OTP account sync to your logged-in Google account (with the ability to still use it without an account if desired).

The lack of account backup is what's kept me on Microsoft Authenticator for so long; I'm terrible for swapping phones frequently and adding the 10s of accounts back in manually to authenticator is nightmare material.

I know what I'll be doing now this week :)

Grab Google Authenticator via Google Play. The update is still rolling out so may not be visible just yet - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

If you're UK based and not particularly interested in receiving emergency alerts tomorrow, there's a straightforward way to turn them off:

Since these settings can vary between OEM and Android version:

1. Head to Settings
2. In the search bar, type Emergency alerts
3. Jump in to the relevant page
4. Toggle off Allow alerts for everything, or the individual alert types as desired

1. Head to Settings
2. Tap into Safety & emergency
3. Tap into Emergency alerts
4. Toggle off Allow alerts for everything, or the individual alert types as desired

1. Head to Settings
2. Tap Sounds & vibration
3. Tap More settings
4. Tap Cell broadcasts
5. Toggle off Emergency Alerts or Extreme threats and/or Severe threats depending on your EMUI version

1. Head to Settings
2. Tap Passwords & security
3. Tap Emergency alerts
4. Toggle off Extreme threats and/or Severe threats as desired

1. Open Settings
2. Tap Notifications
3. Toggle off Emergency Alerts and/or Severe Alerts (near/at the bottom)

1. Open Settings
2. Tap System
3. Tap Messaging
4. Tap Change emergency alert settings
5. Toggle off Extreme threats and/or Severe threats as desired

As promised, here's my overview of what's new in Android 14 for enterprise:

🔗 What's new for enterprise in Android 14

Now beta 1 is up and live, the likelihood of additional features sneaking in to core Android is low, but should anything else pop up I'll be sure to add it.

What features are you looking forward to?

Today I launch notes, a social-inspired, short-form content feed that broadcasts from my website to my various social media accounts. Currently this goes out to Twitter and LinkedIn, and once I get RSS to Mastodon set up, there too.