Skip to content

Deploying EMS on Android 10 and Android 11

With the introduction of Android 10, Enterprise devices will benefit from improved security. These improvements will have an impact on how a device is ultimately provisioned.

To find out more about Android 10 improvements review the official Android developer documentation at https://developer.android.com/about/versions/10/features.

Relevant Andriod 10 Security Changes

The major changes that affect EMS Applications on Enterprise devices:

  • Restrictions on accessing the Device Serial Number.
  • Restrictions on an application's ability to start Activities from services.

Device Serial Number

For EMS applications to properly communicate the status of individual devices, the EMS Device ID application will need to be installed and started. This application allows all the EMS device applications to use the same device id. On Zebra and Honeywell devices, this application will be able to use the device Serial Number as the id.

Starting Activities from services

As some of the EMS applications work in the background using services, these applications will need a new permission granted to them: android.permission.SYSTEM_ALERT_WINDOW. This permission will allow the applications to start activities from services.

Affected Applications:

  • EMS Launcher
  • EMS Messaging
  • EMS Support Agent
  • EMS Remote Agent

Note: If running Android 10 on Zebra devices, the BlueFletch Launcher will set this permission, no further work is needed.

Device ID within EMM

Within an EMM Policy, ensure the following steps are completed. The Device ID application will be automatically installed and can not be removed by the user. Additionally this will prevent device setup from completing until installation is done.

1. Setup Actions

Utilize the Setup Action feature within Device Provisioning to install the Device ID application during device provisioning. Note: If your organization utilizes Playbook within device provisioning, the latest version of Playbook will ensure the Device ID application is properly installed and running.

Device ID Setup Action

2. Select the application

Ensure the Device ID application is defined within the Account and App Management section.

Device ID App

3. Set Permissions

Within Account and App Management ensure default permissions are allowed for SYSTEM_ALERT_WINDOW.

Permission