The Device Owner for Android is not the same thing as the person or company that owns the physical device. The Device Owner is one type of mode a device administration app can run in. It is an important concept to become familiar with to better understand how a Device Policy Controller might interact with their application.
- [Instructor] An Android device in the workplace will be owned by one of two parties, the enterprise or an employee. And the owner of a device will directly impact how it is managed by a mobile device management system. In the instance that the device is owned by the employee, there is only so much a mobile device management system can do before it becomes intrusive and rather unappealing. I wouldn't want to give anything the power to tell me what I can and can't install on my phone or decide to factory reset it on me.
Would you? To address this concern, the device policy controller operates as a profile owner on the device. It will carve out a profile of its own that it will have control over and leave the rest of the device alone. Within this context, the device policy controller acts as the device admin. When the device is owned by the enterprise, the device policy controller is permitted far more control. In this case, the device policy controller runs as the device owner.
A separate profile is usually not allocated and it is device admin for the whole system. It is important to note that the device policy controller can only be set to run in device owner mode if it is configured during initial setup of the device. It cannot be done at any other time. It is designed in this way to prevent malware from assigning itself device administrative privileges and to mitigate potential privacy concerns if there was already user data resident on the device.
This also means that a device can only be registered with one mobile device management system at a time. In both of these cases, the device policy controller operates as a device admin. But what does that mean? As a profile owner, it means that the device policy controller can remotely monitor the device status, such as the CPU usage and system temperatures, control hardware like disable the camera or fingerprint reader, set password policies on the device, and wipe data contained within its controlled profile.
When it is running as the device owner, the device policy controller can do everything a profile owner can do, in addition to things like restricting user access to system settings, enabling or disabling radios, like WiFi, Bluetooth, and data, and initiating a factory reset of the device, among many other things.
Instructor Jon-Luke West first reviews the key concepts of enterprise mobility management in Android: important APIs, the role of the device administrator, and the types of devices you should plan to target. He reviews the three primary use cases, including bring your own device (BYOD) and corporate-owned single-use (COSU) scenarios. Then he dives straight into the code, showing how to implement three enterprise integration features: managed application configurations, app pinning, and locked task mode. Finally, he shows how to test the features on a managed device.
- Enterprise mobility management (EMM) and mobile device management (MDM)
- Android EMM APIs
- Use cases: BYOD, work-manage devices, and COSU
- Checking restrictions and restriction changes for managed configurations
- App pinning and lock task mode
- Testing enterprise integration features using Test DPC