Deploying BlueFletch Enterprise Applications on Android 10 and Android 11
With the introduction of Android 10, Enterprise devices will benefit from improved security. These improvements will have an impact on how a device is ultimately provisioned.
To find out more about Android 10 improvements review the official Android developer documentation at https://developer.android.com/about/versions/10/features.
Relevant Android 10 Security Changes
The major changes that affect BlueFletch Enterprise applications on Enterprise devices:
- Restrictions on accessing the Device Serial Number.
- Restrictions on an application's ability to start Activities from services.
Device Serial Number
For BlueFletch Enterprise applications to properly communicate the status of individual devices, the Device ID application will need to be installed and started. This application allows all the BlueFletch device applications to use the same device id. On Zebra and Honeywell devices, this application will be able to use the device Serial Number as the id.
Starting Activities from Services
As some of the BlueFletch Enterprise applications work in the background using services, these applications will need a new permission granted to them: android.permission.SYSTEM_ALERT_WINDOW. This permission will allow the applications to start activities from services.
- Enterprise Launcher
- Support Agent
- Remote Agent
Note: If running Android 10 on Zebra devices, the BlueFletch Launcher will set this permission, no further work is needed.
Device ID within EMM
Within an EMM Policy, ensure the following steps are completed. The Device ID application will be automatically installed and can not be removed by the user. Additionally this will prevent device setup from completing until installation is done.
1. Setup Actions
Utilize the Setup Actions feature within Device Provisioning to install the Device ID application during device provisioning. Note: If your organization utilizes Playbook within device provisioning, the latest version of Playbook will ensure the Device ID application is properly installed and running.
2. Select Application
Ensure the Device ID application is defined within the Account and App Management section.
3. Set Permissions
Within Account and App Management ensure default permissions are allowed for SYSTEM_ALERT_WINDOW.