Deploying BlueFletch Enterprise Applications on Android 10 and Android 11

With the introduction of Android 10, Enterprise devices will benefit from improved security. These improvements will have an impact on how a device is ultimately provisioned.

To find out more about Android 10 improvements review the official Android developer documentation at https://developer.android.com/about/versions/10/features.

Relevant Android 10 Security Changes

The major changes that affect BlueFletch Enterprise applications on Enterprise devices:

• Restrictions on accessing the Device Serial Number.

• Restrictions on an application's ability to start Activities from services.

Device Serial Number

For BlueFletch Enterprise applications to properly communicate the status of individual devices, the Device ID application will need to be installed and started. This application allows all the BlueFletch device applications to use the same device id. On Zebra and Honeywell devices, this application will be able to use the device Serial Number as the id.

Starting Activities from Services

As some of the BlueFletch Enterprise applications work in the background using services, these applications will need a new permission granted to them: android.permission.SYSTEM_ALERT_WINDOW. This permission will allow the applications to start activities from services.

Affected Applications:

• Enterprise Launcher

• Messaging

• Support Agent

• Remote Agent

Note: If running Android 10 on Zebra devices, the BlueFletch Launcher will set this permission, no further work is needed.

Device ID within EMM

Within an EMM Policy, ensure the following steps are completed. The Device ID application will be automatically installed and can not be removed by the user. Additionally this will prevent device setup from completing until installation is done.

1. Setup Actions

Utilize the Setup Actions feature within Device Provisioning to install the Device ID application during device provisioning. Note: If your organization utilizes Playbook within device provisioning, the latest version of Playbook will ensure the Device ID application is properly installed and running.

2. Select Application

Ensure the Device ID application is defined within the Account and App Management section.

3. Set Permissions

Within Account and App Management ensure default permissions are allowed for SYSTEM_ALERT_WINDOW.