Notes

AMAPI release notes are up for November 😊

πŸ”— https://developers.google.com/android/management/release-notes

We get some additional networking capabilities for Android 12+, and a change to how local device events are reported.

Thank you as ever to the Googlers keeping this going consistently over the past few months. Please resume adding ADP changelogs here also!

#androidenterprise

Google has acknowledged an issue with the management of Android 14 devices that renders restrictions applied to devices irremovable once set unless unenrolled and re-enrolled.

It's a significant issue for both upgraded and factory-shipped Android 14 devices with no current fix.

Unfortunately even when a fix does roll out, impacted devices will remain impacted, based on current information, and will still require re-enrolment to resolve their stuck state.

There's no public Customer Community service announcement detailing the issue at the moment, however VMware have gone into great detail on this issue, down to the degree of which configurations are affected specifically, linked below.

For now, it is advised to avoid upgrading and/or deploying 14 unless you're willing to accept a re-enrolment for policy adjustments at a later date. In any case, take the time now to review policies and ensure they're as you intend them to be for your Android 14 estate, they may be stuck this way for a while.

πŸ”— https://kb.vmware.com/s/article/95776

#androidenterprise

The Galaxy Fold 5G, the original from 2019, has been removed from Samsung's list of supported models for monthly security updates.

At a smidge over 4 years of security updates, that's not bad for the year it was released.

Like other models, I'm sure original Fold owners may see the occasional critical update, but now's a good time to start looking for a newer, supported model.

https://security.samsungmobile.com/workScope.smsb

#androidenterprise

AMAPI release notes are up!

πŸ”— https://developers.google.com/android/management/release-notes

A quiet month it seems, just the one new feature to mention.

But it's a good one πŸ‘€

Apps launched with SetupAction (with AMAPI, this would often be a Companion app) are now able to cancel enrolment. Device doesn't meet a particular criterion? Authentication issues? Fancy a big fat button that says "Cancel!"? Now you can cancel from the app and avoid the faff 😎

#androidenterprise

After more than 4 years with Social Mobile, diving deep into the waters of Android manufacturing, EMM development, and getting the opportunity to be the closest I've ever been to the "other side" of the Android ecosystem, today I'm moving on.

It's been a rollercoaster; from the ad-hoc meeting with Rob at MWC that led to a there-and-then invite to join Social Mobile, starting out with just a handful of people in the earliest days of the company's transition from consumer OEM to being the Enterprise-first services organisation it is today, I will fondly remember jumping pillar to post, touching everything from product development to enterprise strategy to IT process improvement, QA, and so many other facets of the business for which there are now dedicated teams taking care of countless customers and projects.

I'm happy leaving knowing I've made lasting contributions to the organisation, and wish them all the very best in their future endeavours.

Stay tuned for what's next πŸ™‚

This is hands-down one of the clearest, cleanest technical product posts I've read in ages, and it just so happens to be announcing the beta of AMAPI management on VMware WS1 UEM πŸŽ‰

πŸ”— https://blogs.vmware.com/euc/2023/10/vmware-workspace-one-unveils-next-evolution-of-android-device-management-with-amapi-beta.html

Like many other Custom DPC-backed EMMs running on the Play EMM API (which has rejected new applicants for some time now, directing prospective vendors to AMAPI instead), the big switch is looming as Google pushes to deprecate the Custom DPC experience and go all-in on AMAPI, with Google's native-feeling, integrated Android Device Policy baked in to many modern Android devices today.

It's a big step, AMAPI still has a lot of catching up to do in offering feature parity for vendors, but the sooner big names transition, the sooner pressure increases to fill the gaps, so it's exciting to see.

I'm going to get hands-on with this beta tomorrow and see what it's all about 😁

Again, kudos to Manuel for a great read!

#androidenterprise

Head's up for customers running Android versions 11 and below, there's a bug in Google Play affecting fully managed devices.

The full breakdown of the issue is here: πŸ”— https://www.androidenterprise.community/t5/service-announcements/mitigated-amp-researching-some-fully-managed-devices-unable-to/ta-p/1047

Google have a mitigation in place, but for devices impacted already, there's further work to be done to rectify this.

It doesn't appear to be anything too major at the moment, a version of the Play Store has been pushed with a signature mismatch to what is expected, preventing newer versions of the app from updating (package signatures must match at install time for an app to be able to update). Longer term this can pose a problem, however currently since Play is still able to perform all normal functions, you may not even notice the issue.

Keep tabs on the linked page above for continued updates, hopefully it's resolved soon πŸ™‚

#androidenterprise

Howdy ecosystem! πŸ‘‹

The Customer Community is running a poll for Financial Services customers using Android Enterprise.

Is that you? Take a look: πŸ”— https://www.androidenterprise.community/t5/general-discussions/survey-mobile-device-management-for-financial-services/td-p/1003

You don't even need to register to fill it out (but it'd be great if you did!)

#androidenterprise

Have you seen? πŸ‘€

The 2023 Android Security Paper has been published πŸ“–

69 pages of security goodness is waiting for you, right here: https://services.google.com/fh/files/misc/android-enterprise-security-paper-2023.pdf

I lean on these documents a lot to supplement my knowledge, they're fantastic resources to have to hand.

#androidenterprise

In case you missed it yesterday, AMAPI announced day-zero support for several new Android 14 features:

πŸ”— https://developers.google.com/android/management/release-notes#android-14

Expect these to show up pretty soon in AMAPI-based EMMs, vendor roadmaps permitting 😁

In related news, the AE team have popped together a handy FAQ for features just released:

πŸ”— https://support.google.com/work/android/answer/14112390

Who's seeing 14 show up in their estates already? πŸ™‹β€β™‚οΈ Conversely, who's popped in a freeze period to avoid it landing just yet? πŸ‘€

#androidenterprise

Today's the day!

Android 14 is officially released πŸŽ‰

Dev: πŸ”— https://android-developers.googleblog.com/2023/10/android-14-is-live-in-aosp.html
Public: πŸ”— https://blog.google/products/android/android-14/

I don't know about yourselves, but the 14 cycle felt much longer than previous versions. There was a delay, sure, but even so. In any case, 14 is rolling out to Pixels as we speak, with the wider ecosystem in line with their own schedules πŸš€

Need a reminder of what's new in 14 for enterprise? Say less: πŸ”— https://bayton.org/blog/2023/04/android-enterprise-in-android-14/

Looking for help & advice on Android 14 in your organisation? You're welcome to get in touch, as always :)

#androidenterprise

Hello, Chromebook Plus 🀩

Announcement: πŸ”— https://blog.google/products/chromebooks/chromebook-plus/
More info: πŸ”—https://www.google.com/chromebook/discover/chromebookplus/
In education? Check out the dedicated EDU blog here: πŸ”— https://blog.google/outreach-initiatives/education/chromebook-plus-education/

"All Chromebook Plus laptops offer faster processors1 and double the memory and storage1, giving you the power to get more done, easily. All Chromebook Plus laptops also come with a Full HD IPS display β€” which means you get a full 1080p HD experience when watching streaming content, and crisp, clear viewing for reading, creating content or editing photos and videos. Finally, there’s a 1080p+ webcam with temporal noise reduction for smoother, more lifelike video calls."

Obviously higher-end ChromeOS devices are nothing new, so Plus features will be extended to several existing devices also:
πŸ”— https://support.google.com/chromebook/answer/14128000?visit_id=638319303122892544-4063569079&rd=1

Unfortunately the Chromebooks I have don't make the cut for Plus, including the IdeaPad 5 Duet kiddo uses for school, but I know what I'll be shopping for when it comes time to replace them!

Coupled with the recent announcement of 10 years of support, ChromeOS is becoming ever-more compelling as a platform for all walks of life.

#chromeos #androidenterprise

September AMAPI release notes are live!

πŸ”— https://developers.google.com/android/management/release-notes#sep-2023

Nothing too crazy, just the coming to fruition of some previously announced features.

Nice way to close out a weekend 😎

#androidenterprise #releasenotesforever

Happy Friday folks 😊

Just in time for the weekend, Google are currently investigating an issue with applications not showing in the managed Google Play Store on devices.

Customer community πŸ”— https://www.androidenterprise.community/t5/general-discussions/service-announcement-available-work-apps-missing-in-managed/td-p/811

There's an open request in the above link for any customers experiencing the same to reach out; I don't believe it has been widely reported just yet.

If you have the opportunity, please grab a managed device with applications deployed and take a quick look in Play. If any or all of the deployed apps are missing (even if they install on-device without problems), please sound off in the community!

#androidenterprise

Happy Monday!

Last week Intune suffered a bug that saw the security patch level (SPL) of BYO (Work Profile) Android devices disappear.

Reported by Jarmo via the Android Customer Community, MS appear to have now fixed it.

πŸ”— https://www.androidenterprise.community/t5/general-discussions/the-security-patch-level-data-missing-ms-intune/m-p/704#M194

Just in case anyone noticed, but didn't opt to take action :)

If you're not perusing the customer community just yet, this is a really nice use case for it and I'd encourage more customers (and partners) to hang out there.

#androidenterprise

Chromebooks are getting 10 years of updates πŸŽ‰

"Starting in 2024, if you have Chromebooks that were released from 2021 onwards, you’ll automatically get 10 years of updates. For Chromebooks released before 2021 and already in use, users and IT admins will have the option to extend automatic updates to 10 years from the platform’s release (after they receive their last automatic update)."

Applying both to modern, and older* devices, this is fantastic news considering their prevalence in budget-constrained markets where they're already chosen for their lower cost. TCO drops even further when devices are supported longer.

πŸ”— https://blog.google/outreach-initiatives/education/automatic-update-extension-chromebook/

*On pre-2021 devices Google doesn't commit to supporting all features and functionality.

#chromeenterprise

Some interesting and valid points raised concerning WearOS.

πŸ”— https://www.xda-developers.com/relaunch-wear-os-failure/

I share the sentiment to a degree. It's a decent platform marred by at least some self-imposed fragmentation. Feature lock-in, mandated OEM apps and more make it, to me, a frustrating platform to really fully invest in.

I don't want to use TicHealth, Samsung Fit, Fitbit, or really anything outside of Google Fit and occasionally Strava for health and sport tracking, but each brand forces their bloatwear in order to get the full breadth of functionality offered, and it's annoying. More so when you have more than one WearOS device; I have collected a few over the years, so I've done the migration between OEM apps and suffered the loss of some historical data when switching to yet another walled garden one too many times.

Health Connect sounds promising, but it's several years late and not yet fully baked (IMO). It also doesn't necessarily solve the problems, just assists in helping it suck less.

The largest missed opportunity with Wear I think though was getting a foothold in the enterprise space (surprise!). Wear could have followed closely as the Android team built out Android Enterprise and thoughtfully baked in enterprise functionality from the get-go rather than only starting to look at management for the platform more recently. The enterprise wearable market is decent, and also dominated by AOSP where Android is used due to Google's restrictions with Play Protect (GMS) certification.. which means big, fat, rarely well-optimised Android builds (or completely unoptimised Android Go builds!) running on feature/size restricted hardware and all the disadvantages that come with it.

The opportunity is still there obviously, wearables are probably more in demand today than ever before, but the platform needs far more flexibility around form factors and enterprise use cases than is currently on offer (as far as I know). I have more thoughts on this, but I'll reserve them for an article another day.

#androidenterprise

Some small changes to the What's new for enterprise in Android 14 were published today that address two things -

  1. Work profile behaviour changes for when it's paused (turned off)
  2. Acknowledgement of a scenario where applications may still notify connected devices (ie, WearOS) when applications are paused

It's not often I get to take credit for something, but I may have contributed to Google adding these updates πŸ˜…

πŸ”— What's new for enterprise in Android 14 - https://developer.android.com/about/versions/14/work
πŸ”— Android's work profile gets a major upgrade in 14 - https://bayton.org/blog/2023/08/work-profile-in-14/

New in 14 update

It looks like Google has responded to the earlier-reported issues with Android devices accidentally calling emergency services frequently with a small change.

This was opt-in for me, but as I understand it the long press to initiate is default for users who have not configured their emergency SOS settings.

#androidenterprise

Spotted running the Krispy Kreme display at Cribbs today.

10 internet points for anyone able to identify the version based on the app drawer there (hint, it's a 4.x dessert).

If anyone knows who's responsible for KK's mobile/digital signage estate let me know.. I just want to talk 😁

#androidenterprise

For a couple of years I've been thinking about adding audio to my articles; some of them can be rather long and adding the option to listen to content rather than read it seems appealling.

Maybe not, I'm not committed one way or another.

Either way, I update content often to align with the latest and greatest to ensure information stays relevant - which is a quarterly job at minimum normally - meaning if I recorded my articles, I'd have to re-record them frequently.

I could swap in a TTS generator and let it do the work, but those voices - like the reddit voiceover voices you see on social media and the like - are less than desirable. Annoying, even.

Just today I stumbled upon this (beta) service below, recorded a few clips of myself speaking, and provided a snippet of one of my recent docs. The idea being an AI cloned version of my voice may bridge the gap, and allow some automation around regenerating clips on the fly when I build the site.

Here's the result, including some AI generated contextual video clips it decided to add to the content also, which has had me cackling.

I, err, might wait a bit before exploring this option any further πŸ˜…

MobileIron Core has been in the news due to some rather gnarly vulnerabilities recently.

Patches are available, though Ivanti customers probably already know, and have hopefully patched by now!

Notable from the article below is the sheer number of public facing Core instances - 5500 according to a scan undertaken by Palo Alto Networks' Unit 42 🀯.

I can't think of any MI Core deployment I'd been involved with that didn't have Core safely tucked away from public access - as it should be - but of course I can't account for all use cases and scenarios that would justify it. I recall Vodafone had some open instances back in the day due to the nature of their hosted offering, for example.

Check out the link for full details.

πŸ”— https://www.theregister.com/2023/08/03/ivanti_cisa_norway_attack/

In news that should shock absolutely no one, forced back-to-office mandates increase employee attrition and make it harder to recruit, in addition to dampening employee happiness, motivation, and excitement towards being in the office, according to studies linked below.

Flexible working is the way for organisations that want to succeed 😎

πŸ”— https://fortune.com/2023/08/01/research-damaging-results-mandated-return-to-office-worse-than-we-thought-rto-remote-work-careers-leadership-gleb-tsipursky/

Google are rolling out long-promised features to Google Play that better highlight high quality tablet apps, and optimise the store itself for tablet/foldable use.

This seems like a reasonable way of gently pressuring developers to better design for large screen form factors, and I'm here for it!

πŸ”— https://android-developers.googleblog.com/2023/07/introducing-new-play-store-for-large-screens.html

Mini OS 9, based on Android, and running on a circular display is absolutely 😍

Launching on their next gen vehicles, they've done a hell of a job on so many aspects of the UX/UI, coming from someone who likes their Android mostly unskinned!

It's not entirely clear if it's Android Automotive or "just" Android AOSP from the press it's generated so far; as it's the primary vehicle display it could be either.. but I'd lean towards AAOS based on what I've seen of BMW's strategy elsewhere. (BMW Group, MINI UK?)

Given the lack of Google apps in the promo and highlight on BM's in-house work, looks unlikely to be a Google certified OS when it comes out either way.

I don't know how practical it'd actually be, but I'd absolutely throw money at a round tablet based on what I see here.. if OEMs fancied branching out from the standard rectangles πŸ˜„

#androidenterprise #android #automotive

This is a nice, simple datasheet that offers some AE benefits while not getting bogged down with detail, provided by Ivanti.

πŸ”— https://cdn.bayton.org/download/ivi-2743-en-android-enterprise-in-supply-chain-operations.pdf

#androidenterprise

This is an interesting study, that actually doesn't come across as bad as I'd have expected.

The note on better transparency for updates is one I agree with. Release notes matter, and linking to them directly from the update prompt is unbelievably simple; it's just not that common.

πŸ”— https://www.bitkom.org/Presse/Presseinformation/Smartphone-Updates-werden-meist-schnell-installiert

#androidenterprise

From nothing to twice in two months. The team is on fire!

Check out the latest AMAPI release notes below.

πŸ”— https://developers.google.com/android/management/release-notes#jul-2023

😎

#androidenterprise

It's nice to see incremental progress, but this still doesn't go far enough.

The whole premise of requesting flexible working being able to be shot down by an employer with hollow or arbitrary justification appears like it still stands, and will continue to happen to folks today as it did to me back in ~2015 when my commute was 3 hours to the office.

Of course there's been a mindset shift since COVID and some prior objectors have seen the benefits for themselves, so it'll hopefully never go back to what it was..

But still today the mentality of a worker not being productive unless someone can see them sat in an office chair remains. The lack of trust for the adult hired to do a job remains inexplicably high, and helicopter managers feel lost if they're not hovering close by.

All said, govt could have done absolutely nothing, so credit where it's due.

πŸ”— https://www.gov.uk/government/news/millions-to-benefit-from-new-flexible-working-measures

#remotework #workfromhome #hybridwork

Android Beta 4 is live!

Here's the link: πŸ”— https://android-developers.googleblog.com/2023/07/android-14-beta-4.html

Get to testing!

#androidenterprise

I was thrilled to have been invited as Google's guest at the McLaren Paddock Club for the British GP last weekend.

And what an event it was 🀩

Thank you to Michael in the AE team for setting it up, and the Google events team for organising such a wicked day!

#androidenterprise #britishgp

Selfie at the Pit lane

The mambo EMM team got a cheeky little shoutout on the Android Enterprise blog today!

(Along with the OEMConfig-enabled tablets I developed and deployed to market as CPO, also 😁)

πŸ”— https://blog.google/products/android-enterprise/android-tablets-doordash/

The DD deployment is not insignificant in size (or demand!), and has helped us stress-test our solution considerably over time. Everything we support across the platform has been met with both very simple, but also rather complex scaling challenges. From things like how we optimise heartbeat & checkin for hundreds of thousands of devices at a time to supporting multiple concurrent remote control sessions to a location (and needing to optimise traffic accordingly to facilitate the environment).

And obviously the bigger the platform gets, the more impactful the smallest of changes become. It's a lot of fun.

The food on demand industry poses some interesting, if not entirely unique, challenges in how devices are used, secured, deployed, and supported. Being dedicated, single-use devices almost entirely remote to the DD Team, having the ability to remotely monitor, control, and if necessary quickly break devices out of their Kiosk experience on-demand is a must, and we've worked closely with them over the last few months to really beef up our Remote Control tool to facilitate smooth support experiences on the best and worst of networks.

Of course, some of the best benefits come simply from leaning on Android Enterprise, with zero-touch deployment handling provisioning and enrolment in-store, consistent management experiences across all OEMs they leverage, and OEMConfig for additional bespoke functionality on devices to name but a few.

AE deployments at this scale are exciting 🀩

Well done team! cc: Arran, Gabriela, Snehanshu, Kadir, Neha

#androidenterprise #emm #mdm #uem #enterprisemobility

AMAPI RELEASE NOTES ARE UP! Count: 6 months & 21 days after the last update in December :)

https://developers.google.com/android/management/release-notes

  • Added support for the DomainSuffixMatch field in Open Network Configuration to configure enterprise Wi-Fi networks for Android 6+. Enterprise Wi-Fi configurations without DomainSuffixMatch are considered insecure and will be rejected by the platform.
  • Added UsbDataAccess policy setting that allows admins to fully disable USB data transferring. usbFileTransferDisabled is now deprecated, please use UsbDataAccess.

EAP is a hot-topic at the moment, since either the May GPSU or June SPL has been causing a significant number of EAP policy failures following enforcement of the domain field (I found commits in both that could be related, but nothing concrete).

I guess we won't get retrospective release notes for everything up to June though?

My AMAPI tracker has been reset, either way - πŸ”— https://bayton.org/amapi-tracker

#androidenterprise

If you haven't heard, the Android Enterprise Help Community is evolving πŸŽ‰

From the end of June, the old community will go read-only for new questions. Instead, customers and partners alike are invited to join the new customer community, androidenterprise.community.

The new community boasts better separation of topics with dedicated sub-forums, a more flexible & inclusive layout catering to a wider array of content types, private messaging, and much more.

With almost 300 recommended answers and 700 replies to community questions over the last few years, I'm proud of the contributions I've been able to make in the Help Community, and look forward to continuing to support customers and peers as the new community gets up and running.

Check it out, get registered, and say hello :) - πŸ”— https://www.androidenterprise.community

#androidenterprise

We've had a Lenovo IdeaPad Duet 5 Chromebook for a little over a year I believe, primarily to support Kiddo with homework and whatnot. Because ChromeOS does Android app support pretty well it's a nice hybrid of Android tablet (wherein we lean on several apps for education) and the full device experience you only get with a "desktop operating system". Managing it is an utter nuisance since ChromeOS isn't nearly as friendly as Android for management (IMO), but for our particular use case, network-limiting it through my Ubiquiti console does the job.

Well after a valiant and unrelenting effort, it succumbed to the trials and tribulations of being used by an 8-year-old boy and the display ceased to function.

I did some calling around, but getting it repaired wasn't as quick and easy as I'd hoped. The Lenovo website was naff for trying to arrange a repair, sending me to partners instead with little success. Currys initially promised the world over the phone, but unsurprisingly fell short when I turned up with the device due to confusion over whether it was a PC or a Tablet.. and some local shops turned me away also.

Since we got it through Amazon, I reached out and requested a repair. They approved it after a quick chat and I sent it via DHL the next day.

TWO days later the device turned back up at the house working perfectly.

Honestly I would not have even considered Amazon as a route to repair before this experience, and not only was it done quickly with very little effort on my part, they assigned a human to oversee the repair process and keep me updated throughout. Credit where it's due!

So I suppose this is a PSA that Amazon do repairs (for things you order from them, obviously), and my sole experience with them was excellent. Just in case someone happens to need to get something fixed now or in future also :)

Righto, so I received the Pixel Fold this afternoon and spent a bit of time pondering whether I should keep it or send it immediately back because it's super expensive, and I still haven't made myself a YouTube channel for PR companies to lavish with swag, thus have to buy things myself πŸ˜….

Given it was in front of me I figured it worth a look either way, so cracked it open (figuratively and literally?) and had a bit of hands on.

As positives go, it's very nicely made, feels great in the hand, the stainless steel is a lovely material, the hinge works wonderfully in every angle, and from what I gathered in half an hour of fiddling, the software is quite well adapted to the form factor. The form factor itself is also massively improved over the long, slim candy bar front displays of other folds on the market and makes it much nicer to use without having to unfold the device to be productive.

But.. the plastic screen is still no better than anything else to date, which is a disappointment given we're coming up on 5(?) years of bendy screens. If anything the crease is more pronounced than any Samsung foldable I've dabbled with, and my Fold came with bonus "dimples" towards the top of the screen for additional distraction during use. The battery is far too small for the hardware as well; I 100% would not get a full day of use out of this given I struggle to achieve the same on better-equipped devices with fewer screens.

"You already said you don't like foldable displays Bayton, why even bother!?" - I hoped I might be swayed with Google's foldable, in particular the Pixel Android experience, to a point where I could overlook first gen hardware but.. nah. It's outlandishly expensive for what it is, and I won't enjoy using it based on my thoughts above.

I'll go back to waiting for a well-supported (read: not Surface) multiple glass display device to hit the market one day.. or for a foldable that figures out the creases and such.

Back to the Fairphone 4 for now :)

What's new for enterprise in Android 14?

As it turns out, a LOT more than earlier discovered, including what appears to be one of the most significant changes to Android Enterprise since inception - let me know if you see what I'm referring to :)

Check out my updated article on this here: πŸ”— https://bayton.org/blog/2023/04/android-enterprise-in-android-14

What an exciting release!

#androidenterprise

It's been a quick minute since I last shared these, but in case anyone needs them -

These two lists consist of the latest available information I've been able to gather from around the ecosystem.

If you're an EMM vendor and want your information on either of these pages, get in touch :)

#androidenterprise #enterprisemobility #emm #uem #mdm

I've shared this previously, but now I have a document covering it!

πŸ”— Application min target API: https://bayton.org/android/android-14-minimum-sdk

With platform stability achieved and general availability just around the corner, be mindful that for the first time in Android 14, applications targeting very old versions of Android (6.0) will no longer install, and there's no API or exception to this policy.

If you're running legacy Android apps, or even modern apps that target less than API 23 (6.0) for a particular reason or another (presumably avoiding newer restrictions that come with targeting newer versions of Android?) you will need to update them to guarantee they'll continue to be useful on your Android 14 fleet, as and when it gets up to that version.

#androidenterprise

There's an issue today with both AMAPI and PlayEMM API vendors struggling with application installs.

It appears applications set to either REQUIRED_FOR_SETUP or FORCE_INSTALLED are not installing.

In some cases this simply means the app doesn't silently install, but it may be present in managed Google Play for end users to install themselves manually, however for EMMs that lean on REQUIRED_FOR_SETUP specifically, this can delay or prevent enrolment of devices all together.

Google are on it, so it's a matter of time, but until they confirm a fix this'll likely have far-reaching impacts for Android Enterprise deployments.

For those with access to the EMM Partner Community, here's the link to the issue: https://emm.androidenterprise.dev/s/feed/0D55G00007stRMnSAM

#androidenterprise

I've been slowly moving some of my more important domains (I own far too many) to Google domains over the last few years.

Yesterday's news will see me moving them all back out again -

πŸ”— https://support.google.com/domains/answer/13689670#zippy=%2Cfor-customers-who-purchased-a-domain-directly-from-google-domains%2Cfor-customers-who-purchased-a-domain-in-the-google-workspace-sign-up-flow

Nothing against Squarespace, but I don't particularly want to be a customer of theirs; my existing registrars (namecheap, name) have decent track records and I'd sooner my business goes back there.

For anyone considering the same, here's the process to transfer out:

πŸ”— https://support.google.com/domains/answer/3251178?sjid=13442222087065356428-EU

LinkedIn's collaborative articles are a great idea, but not very well executed IMO.

If I don't go actively looking for them, I don't see them.

If I want to contribute to one, I have to manually browse through all the topics until I find it.

LinkedIn sent me a mail t'other day asking to do more of/with them, which I'd like to on particular topics, but the barrier for entry ATM outweighs my enthusiasm.

With better UX these would be a really nice, easy way of building excellent community articles that are always current and relevant, so I'd like to see this improved.

#linkedin #community #ux

I'm aware of a few 404's across the website at the moment, this is mostly due to reorganising content from the old tags (getting started, diving deeper, resources, etc) to a new suite of tags that better align with Android Enterprise terminology.

Until I'm finished, you'll see some tags (like fully managed) show blank/404.

I'm working on it.

In the interim, if you're looking for something that isn't where it used to be (I'll fix redirects, too) then jump over to full-text search and you'll find it quick as a flash.

Android 14 has reached platform stability with beta 3! πŸŽ‰

Now's the time to finalise app testing, enterprise validations, and anything else required ahead of general availability in the coming months!

πŸ”— Announcement: https://android-developers.googleblog.com/2023/06/android-14-beta-3-and-platform-stability.html

Have you seen what's new for Android 14 in Enterprise? I popped together an article some weeks back:

πŸ”— New for Android Enterprise in 14: https://bayton.org/blog/2023/04/android-enterprise-in-android-14/

#androidenterprise

WWDC kicked off yesterday and saw some interesting developments.

I'm looking forward to the updates to MacOS, and fair play to iOS with the contact cards and airdrop improvements, amongst other things. Google could definitely find a bit of inspiration in how effortlessly Apple's ecosystem is #bettertogether πŸ˜‰

It's the management updates that have piqued my interest though:

πŸ”— https://support.apple.com/en-ca/guide/deployment/dep950aed53e/web

In particular the updates to Watch management, which though still required tethering to an iOS device, are starting to do what Wear should have a few years ago.

I have an AE feature request list for Wear, in fact, here:

πŸ”— https://bayton.org/android/android-enterprise-feature-requests/#wear

Oh and Vision Pro is interesting, I can imagine the benefits it'll bring to my woeful posture. The form factor is a little too.. encompassing though. Give me smart glasses and I'll be happy.

#androidenterprise

For those who don't know, I spend my working hours building an AMAPI based EMM with a small dedicated team of folks across the world.

My biggest gripe, after the ever-present lack of functionality compared to PlayEMM/on-device APIs (that hopefully extensibility will fix one day), is the absence of release notes since last year.

It is such a pain having to sift through the public docs manually before each cycle looking for new or updated (or deprecated!) functionality.. and it shouldn't be the case for such a critial solution.

So obviously, I've started a tracker:

https://bayton.org/amapi-tracker

It solves nothing of course, but hopefully highlights the issue enough that Google will sort it out 😁

#androidenterprise

It's that time of year again, the Android Enterprise Partner Summit is upon us!

Who's popping into London tomorrow then?

I'm super excited to see what's new, and look forward to catching up with some new and old faces in the ecosystem.

If you see me wandering around please feel free to say hello :)

#androidenterprise

A few new #FAQs for your Tuesday afternoon, based on a bunch of recent interactions across the ecosystem!

πŸ”— Configure Google Workspace permitted domains: https://bayton.org/android/android-enterprise-faq/configure-google-workspace-permitted-domains

πŸ”— Configure Google Chrome managed bookmarks: https://bayton.org/android/android-enterprise-faq/configure-chrome-bookmarks

πŸ”— Configure Google Chrome URL allow/block lists: https://bayton.org/android/android-enterprise-faq/configure-chrome-allowlist-blocklist

Happy managing!

#androidenterprise

A question popped up on the Help Community yesterday asking how one might change the Google account associated with their EMM bind.

For years this wasn't possible, so it was exceptionally important you didn't use an account you didn't want to be tied to for any extended period of time, as well as obviously ensuring it was a company-owned Google account and not Bob's personal account he'd take with him into retirement.

More recently however, a permissions system akin to that we find in zero-touch and other solutions has been implemented, allowing multiple accounts to now manage the bind complete with basic user permissions.

I popped a FAQ together to address it:

πŸ“Ž https://bayton.org/android/android-enterprise-faq/manage-bind-account/

Happy Saturday!

#androidenterprise

Another quick note to cover off a gap in documentation, much like the whitelisted domains in Google Workspace I posted about some weeks back..

If you're trying to block a selection of URLs in Chrome managed config and find it's not working, add brackets:

[β€œhttp://www.bbc.co.uk”, β€œfacebook.com”, ".example.com/?etc"]

It had completely slipped my mind brackets were needed with some EMMs when I was configuring this yesterday, and Google's documentation makes no mention of it. Everything else on that page regarding formatting and URL examples is valuable, though :)

πŸ”— https://support.google.com/chrome/a/answer/9942583

#androidenterprise

πŸ‘€

Google I/O just got a little more exciting..

πŸ”— https://store.google.com/intl/en/ideas/pixel-is-open/

The proportions look more in line with what I'd consider usable vs the Fold(s) I've tried, with a properly-sized front screen the need to unfold to do anything meaningful may not be so strong.

That said, if this screen is as soft and fragile as every other foldable on the market today I'm probably going to give the Pixel a pass also. I guess we'll find out soon enough!

Pixel Fold

#androidenterprise #googleio #pixel

H/T to Mishaal for the deep dive on the fixes pushed in the May '23 SPL rolling out now.

πŸ”— https://blog.esper.io/android-system-app-downgrade-vulnerability-fix/

Although limited to local access with debugging enabled, it's nevertheless a vulnerability capable of being exploited, and is now one fewer avenues for attack.

Get May pushed ASAP admins! πŸ“±

#androidenterprise

Way back in 2018 I was gifted a drone through work. a decent one at the time for someone who'd never touched a drone before, and I was excited to use it!

Except I never did. I charged everything up ready to go and popped it in the cupboard for a sunny day, and subsequently forgot about it until my spring clean this weekend.

Luckily one(!) of the batteries worked and after a quick registration with the CAA, kiddo and I had an absolute blast with it all weekend.

So much so in fact I got an itch and picked up a Mini 3 Pro today to compare the tech, and honestly I'm blown away.

This picture it captured of my neighbourhood is πŸ”₯

Aerial view

To pivot back to my regularly scheduled programming, the remote controller I got with it runs Android, AOSP naturally for the use case here. It wasn't clear until a familiar chime played on boot and I'm going to dig into what and how it's running once the "new shiny" feeling wears off a bit.

I look forward to going places and capturing some of the imagery I've only seen on TV for myself 😎

#android #drone

Google have published a new article on their security blog highlighting their Play performance in 2022. It's a refreshing counter to the daily drivel oozing from tabloids about occasional apps making it through the net.

In 2022, Google Play:
β€’ Prevented 1.43 million policy-violating apps from being published on the store
β€’ Banned 173k bad actors from publishing apps
β€’ Added more requirements for developer sign-up to deter the attempted publishing of bad apps
β€’ Added more requirements for app types known for being abused
β€’ .. and more

Tying in to the annual targetSDK requirements, and the newer changes that block very, very old apps from being installed in Android, and the last year was pretty good.

I will absolutely take a moment to call out the policies though. At least one of those 1.43m policy violations was an app I worked on that got blocked for 3 weeks across 10+ revisions and involved multiple escalations to AE and Play support because of a wording issue for a permission. Legitimate developers get caught up in Google's nondescript and super granular policies frequently, and seeing numbers like that has me wondering how many of those are genuinely bad apps..

Very good read though, check it out!

Source: https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html

#androidenterprise

It looks like Samsung has added yet another device to their lineup benefitting from 4 major OS updates and 5 years of security.. and it's the one of the most budget-friendly offerings available with that longevity!

The Galaxy A24 comes in at under $300/Β£240 (converted) and is pretty well-specced for the price. Regional availability is limited but honestly that makes it even more impressive to me; seeing commitment to a 5 year lifecycle for a device that isn't globally available - it's the same amount of effort to support this after all whether you sell a hundred or a million.

I am absolutely here for the consumer market setting the bar higher for security and longevity. Long may this trend continue!

Samsung: https://www.samsung.com/africa_en/smartphones/galaxy-a/galaxy-a24-black-128gb-sm-a245fzkvafc/ Source: https://www.androidauthority.com/samsung-galaxy-a24-four-years-android-updates-3317791/

#androidenterprise

FYI, there are multiple reports on the Android Enterprise Help Community (https://support.google.com/work/android/community?hl=en&sjid=8020794700293409791-EU) as well as reseller partner community of zero-touch enrolment issues at the moment.

If you see the error "Zero-touch isn't available", it's not just you.

Google haven't (that I can see) acknowledged it just yet, but it's been logged so should hopefully be resolved soon.

Edit:

Confirmed (11am GMT+1) Google are working on it.

Edit2:

Google state it is now resolved (~7pm GMT+1)

#androidenterprise

Google today announced an update to Google Authenticator - https://security.googleblog.com/2023/04/google-authenticator-now-supports.html

This is the first update in a very long time, and adds OTP account sync to your logged-in Google account (with the ability to still use it without an account if desired).

The lack of account backup is what's kept me on Microsoft Authenticator for so long; I'm terrible for swapping phones frequently and adding the 10s of accounts back in manually to authenticator is nightmare material.

I know what I'll be doing now this week :)

Grab Google Authenticator via Google Play. The update is still rolling out so may not be visible just yet - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

If you're UK based and not particularly interested in receiving emergency alerts tomorrow, there's a straightforward way to turn them off:

Android

#

Catch-all

#

Since these settings can vary between OEM and Android version:

  1. Head to Settings
  2. In the search bar, type Emergency alerts
  3. Jump in to the relevant page
  4. Toggle off Allow alerts for everything, or the individual alert types as desired

Modern Android

#
  1. Head to Settings
  2. Tap into Safety & emergency
  3. Tap into Emergency alerts
  4. Toggle off Allow alerts for everything, or the individual alert types as desired

Huawei

#
  1. Head to Settings
  2. Tap Sounds & vibration
  3. Tap More settings
  4. Tap Cell broadcasts
  5. Toggle off Emergency Alerts or Extreme threats and/or Severe threats depending on your EMUI version

Xiaomi

#
  1. Head to Settings
  2. Tap Passwords & security
  3. Tap Emergency alerts
  4. Toggle off Extreme threats and/or Severe threats as desired

iOS

#
  1. Open Settings
  2. Tap Notifications
  3. Toggle off Emergency Alerts and/or Severe Alerts (near/at the bottom)

Windows Phone

#
  1. Open Settings
  2. Tap System
  3. Tap Messaging
  4. Tap Change emergency alert settings
  5. Toggle off Extreme threats and/or Severe threats as desired

As promised, here's my overview of what's new in Android 14 for enterprise:

πŸ”— What's new for enterprise in Android 14

Now beta 1 is up and live, the likelihood of additional features sneaking in to core Android is low, but should anything else pop up I'll be sure to add it.

What features are you looking forward to?

Today I launch notes, a social-inspired, short-form content feed that broadcasts from my website to my various social media accounts. Currently this goes out to Twitter and LinkedIn, and once I get RSS to Mastodon set up, there too.

What are notes?

These are short-form posts for small updates and quick thoughts. They are automatically published to social channels, and have their own RSS feed, too.

edit_note Edit this page.