VMware Launcher on Android Enterprise – nuances

I regularly get questions from customers and partners who used kiosk mode on older Device Admin devices with VMware (then AirWatch) Launcher, and have issues since they had migrated to Android Enterprise and Launcher 4.0+.

In this post you will learn how to:

  • Solve the most frequent (and annoying) issue when migrating Launcher setups to AE
  • Find further settings for Launcher, which are not exposed in the GUI, and apply them via custom XML
  • Control Launcher versions per OG using Settings and Inheritance.
(more…)

Remediate the Pixel4 and Galaxy S10 biometric security flaws with Workspace ONE

I am pretty sure you’ve heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches “soon” (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE and Android Enterprise is it easy!

(more…)

The shortest longest Android 10 review post

Image result for android 10 logo

I’ve been planning and preparing and researching for my Android 10 Overview post for a while now, and then I found this monster of a review from Ron Amadeo on Ars Technica (instant subscribe!)

https://arstechnica.com/gadgets/2019/09/android-10-the-ars-technica-review/

Basically, I have very litte to add. The review is huge, though and will take a while. If you want to focus, read these enterprise-relevant sections:

And then the official Android Enterprise changelog from Google, which had still not been added to the TOC on the release notes page 🙂

Once we get those new features supported in Workspace ONE (and I get an extra Android10 device) I’ll post something more detailed.

On Apple, Security by Obscurity and WS1 Trust Network.

In the last several weeks a number of bugs were found in Apple’s iOS, MacOS and protocols. This had coincided with a partner workshop last Friday, where the decisive argument was “Have you ever heard of an Antivirus for an iPhone“.

Apple is well known for refusing to publish any details behind the inner workings of its solutions, locking everything that may be locked down and suing all those who try to work around those limitations..

Despite all that, flaws are being found, iOS was jailbroken again (because Apple unpatched a fix they implemented in 12.3) and malware on App Store is just as common as everywhere else.

Security Researchers about Apple’s Security Through Obscurity
(more…)

Important enrollment switches for Samsung KNOX with Android Enterprise (VMware Workspace ONE UEM)

Workspace ONE has a ton of features built specifically for Samsung: KNOX OEM Extensions (modern and legacy), KNOX Service Plugin support (OEMconfig), E-FOTA, KNOX Mobile Enrollment, Legacy containers etc etc. There are a few switches controlling the end result. Today I want to discuss a few ones, that pop up in my practice every few months: License Key and Enable Containers, and how they make (or break) your Android Enterprise Samsung deployment.

(more…)

Future of NFC provisioning for Android (Beam deprecated in Q)?

I use NFC provisioning a lot when I work with Android Enterprise (especially, the Device owner scenarios).

Apps like AirWatch Relay or Knox Deployment make testing and playing e.a.s.y. – I don’t have to tap through the Startup Wizard, type in my 20+ char WLAN PSK, manually enroll the device etc. And I can have different profiles!

Well, boys and girls, bad news. Google has deprecated Android Beam – the technology used in those apps – in Android Q.

The good news is that reading NFC tags is still supported. So you can provision Android Q via an older phone (for now).

Or, with Android 9+ you can switch to QR code. But on Android 8 and older you’d need to type the PSK manually, since the device needs to download the QR reader library before it can read the barcode 🙂

What are your thoughts? Are you using NFC provisioning? Leave a commend below!

Android Q for Enterprise: Wi-Fi MAC Randomizaion

Continuing on the Android Q changes that affect the EMM. Today’s subject is the upcoming mandatory Wi-Fi MAC Randomization: what is it, how does this affect you, and what do you need to do now or later about it.

This article is based on my own exploration of the source code and may not be entirely correct. It may be updated when Q finally comes out and more details become available.

(more…)