Related
Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).
Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:
What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html
How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html
How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html
Why would you want to install this?
There can be many reasons for installint TaintDroid:
- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is
What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.
Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.
BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
+1 for the idea
Sent from my GT-I9000 using XDA App
+1
Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
I can not cook Kernels, but this is something i want to use.
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
I am sure i am not the only one.
+1
Yes please... This should be in all android phones... as a security option you could turn on!!!
Antonyjeweet said:
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
Click to expand...
Click to collapse
And do some of these applications only send stuff when you open them?
--
From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
Do you know some ROM where Taindroid is included?
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
exadeci said:
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
Click to expand...
Click to collapse
glad you did that
+1 support the idea. hope some of our hardworking kernel builders will add this in.
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
I have been wanting TaintDroid built into android by default since the day it was announced, but I really do not think google cares about this, so please, please ROM cookers out there (Maybe Doc?), lets add this into our galaxy S roms.
Well, this seems to work only on android 2.1
Make it so.
+1
Combined with walldroid (or other firewall) this could put back power into users hands. Would really love to see this inside hardcores kernel. Maybe as an option for the stable releases?
+1
This should be the next standard in aAndroid
idea about spoofidroid application
how about a program to spoof or make the phone send fake:
GPS location,
IMEI,
phone number,
simcard id,
etc... information to applications that ask without permission.
this way you can feed these application with information they want but without breaking your privacy. (both end sides are more than happy)
-----
nice option to have:
1) enable/disable auto generate different id every time.
2) allow list / ban list of application to have real or fake id.
3) enable/disable notify for application request.
-----
there are all ready applications that fake your simcard PLMN mobile network codes without the need of kernel rights, but you need to enable disable the flight mode to restore the default code.
===========
good luck to spoofidroid or similar applications.
Jumba said:
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
Click to expand...
Click to collapse
I hope there will be developers out there who prioritize privacy/security over speed/battery and storage usage.
I'm the project lead of the TaintDroid system. We are currently working on a few extensions of TaintDroid but unfortunately are short on engineering resources to port TaintDroid onto other systems than Nexus One that we originally developed. We'd greatly appreciate it if XDA developers would take on this effort! Many ongoing projects would hugely benefit from having easy-to-run TaintDroid ROM available for many different devices and upcoming Android systems let alone user benifit.
Thanks,
Jaeyeon
Research Scientist @ Intel Labs Seattle
Ettepetje said:
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
Click to expand...
Click to collapse
beta2 lite? i think that was malware, make sure it came from rovio otherwise it's fake and you should delete it.
It's really scary to see with the lookout app how many apps can access to your imei, telephone number "Read Identity Info", can access your contacts, track your position, and can send out all this data.
Here a HTC Desire user, asking for some privacy.
Best regards!
I am looking at getting the Acer Iconia tablet. It would be something my wife and I would share around the house (i.e. in the living room so both of us could use it when we wish). So how does Android Honeycomb handle multiple users? I assume we wouldn't each have a 'logon' ID? But I am just wondering how my wife could keep her bookmarks, email, etc on it along with mine. For instance, I might come in, use it a bit to get email, browse the internet, run some apps, etc. Then later my wife might pick it up and want to do the same thing, but use her email and browser settings, etc.
How is that handled in Android?
/Tom (Chimp)
hi,
in the windows world we would call that profiles, as far a i know this doesn't exist (yet?) at the operating system level. I would love to have it.
Firefox mobile has a 'mobile profiles' addon but it didn't work correctly for me.
I could switch account but not switch back.
cheers
monki-magic said:
hi,
in the windows world we would call that profiles, as far a i know this doesn't exist (yet?) at the operating system level. I would love to have it.
Firefox mobile has a 'mobile profiles' addon but it didn't work correctly for me.
I could switch account but not switch back.
cheers
Click to expand...
Click to collapse
Crap... so we are saying any Android tablet is basically a one-user tablet? It's weird that Google would build it that way...
SimpTheChimp said:
Crap... so we are saying any Android tablet is basically a one-user tablet? It's weird that Google would build it that way...
Click to expand...
Click to collapse
Especially considering Linux has no issue supporting multiple users.
Well, shucks, I guess I won't be getting a tablet. I don't feel like buying two of them...
I found out that even the iPad is the same way! Bad design for tablets, Google and Apple. (Although I love my Android phone - that was why I was looking at the Acer tablet!)
Provided you're not having an affair, and email would be the main thing you'd want compartmentalized, you could just use two different email apps or no?
The current state of tablet OS's is really smartphones writ large. They're (again, currently) very personal electronics. There are a handful of Windows-based tablets which should support multiple user profiles etc, but they tend to suffer from GUIs intended for larger monitors & smaller pointers (single pixel precision mice and/or stylus.)
While linux certainly has no problem with simultaneous users, much less multiple profiles, keep in mind we're dealing with systems which have problems dealing with expandable memory (again, only at this time.) At least Android has SD card support without an external add-on.
Given enough feedback from users, eventually tablet OS makers will design in multiple user profiles, probably starting with apps & profiles loaded off memory cards or from "the cloud". But I wouldn't honestly expect it to happen until tablets became very thin internet clients.
For now the tablet market is still very much in an early adoption phase, no one's really sure of the "final" shape of tablets and their usage at this time, but coming at them from a "more portable laptop" design goal could lead to what you're looking for.
TLDR: Not yet aside from Windows tablets but eventually, maybe
This could be an interesting dev project for someone. Isn't it just a case of having an app that would remount /data depending on the selected user? Granted root would be required for it to work but it certainly sounds feasible.
I certainly don't have the time or skill to do this myself, but I will throw this around in the dev forum to see what people with actual skill and knowledge of Android/Linux think.
I saw something about multiple user handling.... It is in a "how to" document posted by L.t.r. consulting. (I'm to new on XDA to be allowed to post outside links, so you have to Google it)
It is made for the Nook Color device but could be at god starting point.
Email should be no problem. The stock Email client will allow you to link to multiple Email accounts, so as long as both have individual Email accounts, they can read them seperately. They would not be able to keep each other out of thier Email since it is in the same client. Also, if they use WEB mail, they can then read thier mail without allowing the other on thier account. As for browsing, I believe that some of the browsers allow grouping of links, so each could setup thier own group with thier own links.
This might be the answer until multi accounts are added natively to the tablets.
http://www.enterproid.com/index.html
I use my Iconia together with my wife and I just set up an extra gmail account so she can read her mail alongside mine. It's important not to want to hide anything from eachother in such a setup though. I also found a twitterclient that allows to setup multiple accounts (tweetcaster). So, in the end it's doable but not practical.
There is an issue on the Android bug tracker which you can star to help raise awareness of the lack of multi-user support
(I can't post links which is irritating, but...)
code.google.com/p/android/issues/detail?id=15030
The Viewsonic Tablet has multi-user functionality.
I would have thought it would be stock in all. Maybe it's in a custom ROM. I'll gop look.
dan
SimpTheChimp said:
Well, shucks, I guess I won't be getting a tablet. I don't feel like buying two of them...
I found out that even the iPad is the same way! Bad design for tablets, Google and Apple. (Although I love my Android phone - that was why I was looking at the Acer tablet!)
Click to expand...
Click to collapse
Lol, there is an aplication called Switch Me, here in xda in the themes forum, is in beta fase but it makes what youre looking for, an they need testers so I think you need to give a try on this.
Hi all...
I was wondering if and how could be possible to port apks built for one tablet to another of different brand, i.e. I liked a lot the email client of the Samsung Galaxy 10.1 (with multiple email selector and recycle bin emptying feature), but many others are worth a try...
When I try simply to push the email.apk to my Iconia, it won't work (the icon diasppears from apps), if I try to install it I obtain an error (app not installed) probably due to a signing mismatch... I'd like really to learn how to do this, if possible. This knowledge will complete and accomplish any further request about personalization of our tablets, could be a great improvement being capable to get out the "system" you really want...
I tried to figure out how to use apk manager, but it's quite really difficult without some good suggestion, the thread is more than 200 pages long, and I got stoned before simply find out any usefull info about "system apks"...
TIA
I would like to know also. I want the Facebook account integration from the Galaxy.
Some apps are license by that manufacurer and would be considered wares.its a gray area please be careful. And make sure the Dec of all apps you use get paid
simple answer
couple of APK for galaxy are using CORE framework of the galaxy tabs firmware itself
that will not be possible to just install those apk.
such as
touchwizUI
status bar overlay (I mean the minimode menu with quick access), the quick access settings...
Email and Social things
It's their "Marketing Strenght" so they didn't make it easy to be "stolen" by other brands
I run just the dual clock, the memo, and eReader from samsung but I am running a custom firmware so that change many things
At this moment only 1 custom firmware does use Samsung as base, Virtuous Galaxy... but I have to warn that using custom firmware without following backup steps strictly or knowing the consequence is to AVOID.
sanaell said:
...
At this moment only 1 custom firmware does use Samsung as base, Virtuous Galaxy... but I have to warn that using custom firmware without following backup steps strictly or knowing the consequence is to AVOID.
Click to expand...
Click to collapse
first of all, thanks for your answer, and your warn...
I'd like to go deep in the question, as you correctly affirmed, virtuous galaxy's based upon Unity v5 kernel, but virtuous picasso also lays on the same structure, doesn't it?
right now I'm running m-dj's picasso 1.1.0 rom, wouldn't be possible, with any required modification, to run elsewhere coming apks?
I mean, think about having two different pcs, both with the same hardware and the same linux distro and kernel, wouldn't seem wierd that on one pc you could run an application that won't run on the other?
I'm thinking, if they wanted to protect their components why they didn't simply wrote hardware oriented kernels? Therefore, its a fact that on my iconia I can run either a Samsung or an Asus based rom, according to this, where is the cross-platform limit? I mean, is there some sort of documentation defining which part of these Android system is "really" open, under GPL, GNU or whatever structured property info list? I can't find any browsing the net... or maybe I've found too much, its almost impossible to understand what you can and what you can't...
I do not know the whole answer to this question.but I do know this much.if you have any.apk application that is for sale on the market or was installed for free on any device that it was not pre installed on. I would thing it would be considered pirated. As you did not buy it.nor did the developer give permission to run the API on your device.thou some apostle you buy can be installed across the devices you have registered with Googler
if im wrong people please correct me.I just think that developers that fallow rules and write great software MUST BE PAID.
erica_renee said:
I do not know the whole answer to this question.but I do know this much.if you have any.apk application that is for sale on the market or was installed for free on any device that it was not pre installed on. I would thing it would be considered pirated. As you did not buy it.nor did the developer give permission to run the API on your device.thou some apostle you buy can be installed across the devices you have registered with Googler
if im wrong people please correct me.I just think that developers that fallow rules and write great software MUST BE PAID.
Click to expand...
Click to collapse
Right and Wrong
if the application is a paid application and wasn't preinstalled on your tablet it is not really legal
if the application is free but cannot be installed from the market and you install it from other sources it's ok
if the application is from another tablet, and exclusively on this tablet do not expect run it on the stock firmware of your tablet, you have great chance to cannot run it simply, or get some random FC (such as from GALAXY because they use another structure on the file directory... so some application try to get the path and it's return an error, Or they are implemented and integrated with the kernel and that... you can't pass throught)
On my tablet I do run
ASUS widget
Galaxy widget (dual clock)
and some other application not from ACER.
now to get back to the OP
. you are on a virtuous... why not go on the virtuous Galaxy !!! if you want galaxy application... I don't get it...
sanaell said:
now to get back to the OP
. you are on a virtuous... why not go on the virtuous Galaxy !!! if you want galaxy application... I don't get it...
Click to expand...
Click to collapse
I agree to this explanation of yours, when I flash a rom different from the original, aware that's coming from a different brand, I'm more or less conscious that I'm doing something wrong. mmmf... that's philosophy... won't lose your time
The point is, I've tried the Galaxy rom, I don't like the interface, I don't like the extra bar functionalities, in short I mostly appreciated the Email.apk, most of all because it has a convenient "select all" function, even in the recycler bin (I can't stand with an email client stupid like the one embedded in the Acer version). In any case, given the impossibility to get the Galaxy Email, I'll buy a new one on the market...
I am somewhat confused about Android's support for multiple users. The Galaxy S4 comes with Android 4.2.2. I thought the multi-user support (not just Accounts but users with separated data for apps) was part of the system. It works flawlessly on my Nexus and is easy to find in the settings. With the S4, the settings are somewhat "cleaned up" by placing them in tabs. However, I cannot find how to set up and use multiple users. It seems I can only add new Google accounts as in older versions of Android. Has Samsung disabled this feature? Or can it be found somewhere?
alex_uz said:
I am somewhat confused about Android's support for multiple users. The Galaxy S4 comes with Android 4.2.2. I thought the multi-user support (not just Accounts but users with separated data for apps) was part of the system. It works flawlessly on my Nexus and is easy to find in the settings. With the S4, the settings are somewhat "cleaned up" by placing them in tabs. However, I cannot find how to set up and use multiple users. It seems I can only add new Google accounts as in older versions of Android. Has Samsung disabled this feature? Or can it be found somewhere?
Click to expand...
Click to collapse
I beliece Samsung plans to use Knox software for user management and enterprise security. That software could not be included from the beginning, and is expected in a future update.
http://www.engadget.com/2013/04/24/full-launch-of-samsung-knox-delayed-until-a-later-date/
I though Knox was just for security and other enterprise features. So is it correct that there is no normal Android multi user support although Samsung is using Android 4.2.2? I cannot imagine that Samsung's implementation will be similar or compatible with Android's implementation. Does anybody know more?
If anyone if still interested, I found something: It seems that the multi-user feature of Android is only available for tablets at this time. Hence it is not present on the Galaxy S4. I just posted this for reference so people could find this in future.
alex_uz said:
If anyone if still interested, I found something: It seems that the multi-user feature of Android is only available for tablets at this time. Hence it is not present on the Galaxy S4. I just posted this for reference so people could find this in future.
Click to expand...
Click to collapse
Yes... but I'm having the same problem on my galaxy tab 2 7". Cant find an option to set up multiple users either
Re: Multi User support
Actually multi user is available, although hidden, for any phone with 4.2 or later. Although you need to be rooted. Add "fw.max_users 4" to the end of your build.prop and reboot. When you enter your settings you'll see clear as day "Users". Only bug I found is that you can't switch back and forth. You need the AOSP lockscreen for that.
MorrisC2010 said:
Actually multi user is available, although hidden, for any phone with 4.2 or later. Although you need to be rooted. Add "fw.max_users 4" to the end of your build.prop and reboot. When you enter your settings you'll see clear as day "Users". Only bug I found is that you can't switch back and forth. You need the AOSP lockscreen for that.
Click to expand...
Click to collapse
Where are the options for the switching?
I have the latest AOSP kitkat update and don't see how I can do it.
djboy said:
Where are the options for the switching?
I have the latest AOSP kitkat update and don't see how I can do it.
Click to expand...
Click to collapse
If you're on an aosp rom, You can switch either from the lockscreen(you may have to enable lockscreen rotation and rotate the phone sideways), the power menu, or the status bar profile icon
hi guys,
is there any possibility to use multi user without flashing a rom ?
any ideas ?
thanks
mephisto20 said:
hi guys,
is there any possibility to use multi user without flashing a rom ?
any ideas ?
thanks
Click to expand...
Click to collapse
in case anybody is interested ... her is a solution which works fine with y stock rom android 4.4.2
http://forum.xda-developers.com/xposed/modules/xposed-multiple-users-phone-t2676516
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
AccEss-dEniEd said:
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Click to expand...
Click to collapse
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Assuming you have Exchange, does this not provide the management part?
AccEss-dEniEd said:
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
Click to expand...
Click to collapse
I currently work in the infrastructure of a good sized corporation. We're using IOS with a mixture of android hardware and there's some good news and bad news for what you want to do.
Good news is, like Jpcurrie said, exchange will handle remote wiping and locking the phone down. you can require the phone to use a PIN, remote wipe and and a bit more. As for locating the phone, Google actually has finally built in remote locating of your device and remote wipe as well. There's a couple good apps out there (lookout) will turn on your GPS and allow you to locate the phone and they're free. If you happen to have a virtualized environment with VMware, you could also use VMware View Horizons which builds in a secure sector on the phone and you can remotely manage which apps and files the user can use. the best part of View is you can use a BYOD model and keep corporate data secure. The biggest issue is if you don't happen to already use a VMware architecture it gets pricey quickly.
Here's the rub now. you want to install your own logos on the bootup which you could do by installing a custom ROM. This will void your warranty on the hardware and as it isn't 100% stable you'll be spending a LOT of time trying to keep a consistent environment.
Like netsyd said, talk to management about an MDM, and the branding of the devices, maybe even talk to them about using a BYOD to reduce costs of hardware and administration of that hardware.
Isn´t Knox supposed to allow administrators to only delete the data that belongs to the Corporate account (emails, calendars, tasks, etc.), or an administrator can still force a full device wipe? Sorry if the questions is too basic, I've tried searching around for info on Knox but couldn't find anything besides press releases.
I'm not a network administrator, I'm just a user and my school secure wifi installs a device administrator.
I'm sorry to deviate the topic a little bit from the original.
At Delta we use Air Watch but it's far from free. You can however manage devices and remote wipe. You can also view installed apps and remove what should not be there. Options for device profiles also. I help maintain these devices everyday. Not Free but an MDM is your best bet.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
long time - no see
Hiya,
sorry I didn t answer - kinda was overwhelmed with this Task.
Wanted still to thank you: I did what you suggestet and wanted to let you know where I am now.
1. Meraki = implemented - now runnning 160+ devices. (at no costs)
2. CM12.1 implemented (without GAPPS/no SU)
3. Standard Image/w Apps defined. (Mostly Offline capable Tools like "here" etc.(which actually reduced costs))
4. Since Android has limited capability to be administered in a "real" professional Fashion we mitigated this issue by creating a policy to forbid the user to temper with the device (e.g. Installation of Software/SU etc) yet to allow the Installation of Software manually by us via creating a ticket. We check the Software mainly for "sanity" and malware and install it if ok.
This has been working so far like a charm for us. None of the user were happy to loose the Gapps obviously - but once they had their Software and settled in, all was ok. For the Administering part: Meraki can tell me if Software is beeing installed without our Knowledge, also we see if SM doesnt speak with us anymore. So, for now, we got the most out of the System and I am happy to say: I got minimal Control in a Quality sense. No no more "KO Critera" - and we have implemented Android. Tracking etc. is forbidden in Germany anyway - so we use Meraki mainly to wipe if lost and to check if someone goes against policy.
What is still open:
- I am still working on a way to have the user enter his credentials and automatically enter These in all respective config files. (haven't had much luck - with the absense of SU obviously.
- a Little cosmetics still open (I am still trying to figure out how the theming really works ... I usually f**k up the Pictures and sounds.... but so far making Progress
- with less and less good Android devices coming out (now, I am probably beeing flamed now ) that suits our needs (open bootloader, known/supported CPUs, removable battery, SD Card Slot) - I think we might Switch by Q4/2016.
netsyd said:
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Click to expand...
Click to collapse