get Device identifier from Android Device Policy - android-management-api

We are trying out the EMM MDM app using Android Enterprise.
So we enroll using Android Enterprise in Fully managed mode.
We'll be having a per device policy mechanism, so every device will have a separate policy.
Now at the start, we don't have any info about who's the user, so we apply the default policy and then during setup (using setupActions), we open our custom app and ask the user to log in using username and password, that way we know who's the user.
The issue is, we know the user, but we don't know on which device the user has logged into since we can't query IMEI/SerialNumber (https://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers)
The issue is we make users log in from our app but in AndroidEnterprise, the device name is different.
We want to create a mapping of username <---> device info from AE.
Can we query the Android Device Policy app someway to get any identifier so that we can map deviceId <---> username?
or any other suggested way?
We can not send deviceName or anything in Managed configuration since, at that time, the user is not enrolled in AnroidEnterprise thus, we don't have that info. see ref
Also, anyone knows how can we interact with Android Device Policy somehow? to know which policy is applied? etc.

From Android 10 to read device Identifiers numbers, it required READ_PRIVILEGED_PHONE_STATE permission. However, apps installed from the Google Play Store cannot declare privileged permissions.
If you work with Android Management API, you can set policy DelegatedScope: CERT_INSTALL for your application to have a special permission that access to certificate installation and management. So that we can use READ_PHONE_STATE permission on your app's manifest.
From your application, you can got IMEI/SerialNumber
From your default policy, you have to set delegate scopes for your application
"applications": [
{
"packageName": "your-app-package-name",
"delegatedScopes": [
"CERT_INSTALL"
]
}
]

device.list can be used to check the list of devices enrolled in a specific enterprise, while devices.get may be used to check the details of a specific device. You may want to check this link for the list information you may get using device.get.

Related

Intune Enrollment Standard Users

I am trying to enroll about a 100 systems in Intune. I want the user to be signed in as a standard user. I searched and found the only way to do this will be using AutoPilot. Thats is just not possible, It requires a factory reset device and a hardware hash for each device.
The other way they say is to run a Powershell script. That option won't work because I want only the one microsoft account on the system. Windows needs at least one Admin account.
I simply want the normal user to be a standard account and in case he needs admin privileges I can connect and type in cloud device administrator's credentials to give him access. However, I cannot find anyway to get this done, kind of hard to believe this is so difficult to do. Any suggestions?

App aproval with partner created enterprise

i'm creating EMM-managed enterprise. This is the recommended method (no signup page nor google account required)
https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises
but, with this enterprise, end user have no IT admin account to connect to managed google play on https://play.google.com/work
what is the correct way to approve applications with this type of enterprises?
EMM Managed enterprise is no longer the recommended method to create an enterprise, Instead, we suggest starting a Customer-managed enterprises.
Additionally, with Android Management API any application added under the application policy behaves based on the configured installType. The play store mode policy determines the behavior of the apps on the device play store.
You will still need to follow all of the policy distribution steps mentioned in this documentation.

windows store submission issue for privacy policy

After Submission to Windows Store I am Getting the Following Issues :-
App Policies: 10.1 Inaccurate Functionality
Your app and its associated metadata must accurately and clearly reflect the source, functionality, and features of your app.
All aspects of your app should accurately describe the functions, features and any important limitations of your app, including required or supported input devices. Your app may not use a name or icon similar to that of other apps, and may not claim to be from a company, government body, or other entity if you do not have permission to make that representation.
Your app must be fully functional and must provide appropriate functionality for each targeted device family.
Keywords may not exceed seven unique terms and should be relevant to your app.
Your app must have distinct and informative metadata and must provide a valuable and quality user experience.
Tested OSes: Windows 10 Mobile
Tested Devices: Acer Iconia W700, Lumia 650
Notes To Developer
The app contains placeholder content that impairs access to core functions of the app.
App Policies: 10.5.1 Privacy Policy
The following requirements apply to apps that access personal information. Personal information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data. Examples of personal information include: name and address, phone number, biometric identifiers, location, contacts, photos, audio & video recordings, documents, SMS, email, or other text communication, screen shots, and in some cases, combined browsing history.
If your app accesses, collects or transmits personal information, or if otherwise required by law, you must maintain a privacy policy. You must provide users with access to your privacy policy by entering the privacy policy URL in Dev Center when you submit your app. In addition, you may also include or link to your privacy policy in the app. The privacy policy can be hosted within or directly linked from the app. Your privacy policy must inform users of the personal information accessed, collected or transmitted by your app, how that information is used, stored and secured, and indicate the types of parties to whom it is disclosed. It must describe the controls that users have over the use and sharing of their information and how they may access their information, and it must comply with applicable laws and regulations. Your privacy policy must be kept up-to-date as you add new features and functionality to your app.
Additionally, apps that receive device location must provide settings that allow the user to enable and disable the app's access to and use of location from the Location Service API. For Windows Phone 8 and Windows Phone 8.1 apps, these settings must be provided in-app. For Windows Mobile 10 apps, these settings are provided automatically by Windows within the Settings App (on the Settings->Privacy->Location page).
You may publish the personal information of customers of your app to an outside service or third party through your app or its metadata only after obtaining opt-in consent from those customers. Opt-in consent means the customer gives their express permission in the app user interface for the requested activity, after you have:
described to the customer how the information will be accessed, used or shared, indicating the types of parties to whom it is disclosed, and
provided the customer a mechanism in the app user interface through which they can later rescind this permission and opt-out.
If you publish a person’s personal information to an outside service or third party through your app or its metadata, but the person whose information is being shared is not a customer of your app, you must obtain express written consent to publish that personal information, and you must permit the person whose information is shared to withdraw that consent at any time. If your app provides a customer with access to another person’s personal information, this requirement would also apply.
If your app collects, stores or transmits personal information, it must do so securely, by using modern cryptography methods.
Your app must not collect, store or transmit highly sensitive personal information, such as health or financial data, unless that information is related to the primary purpose of the app.
Your app must not collect, store or transmit personal information unrelated to its primary purpose, without first obtaining express user consent.
Tested OSes: Windows 10 Mobile
Tested Devices: Acer Iconia W700, Lumia 650
Notes To Developer
The privacy policy provided for this app fails to inform users of the personal information transmitted by your app and how that information is used, stored, secured, and disclosed. See policy 10.5.1 for details about the requirements for a privacy policy.
I have already stated the privacy policy indicating the use of names ,private data etc. What needs to be done for this type of issue? Any help. Thank you.
What needs to be done for this type of issue?
Without seeing your app, it's really hard to make detailed advice at forum. Regarding this type of question, it will be more appropriate to create a support ticket through your developer account so that support can give you specific suggestion after reviewing your submission.
You may rewrite your privacy policy following How To Add a Privacy Policy to Windows Phone Apps, which is old but you can still find some useful info within it.

How do you reparent a Windows Store Metro app to a different dev account?

I have an app that is already in the store, but I want to transfer ownership of that app to a different developer account. Is this possible?
There isn't an automated way to do this, but I believe it can be done if you contact Microsoft Support to request a transfer.
Go to http://aka.ms/storesupport and log in as the current owner account, click select your type of problem here, and set the Problem type to "Store Registration and your account". That should connect you with the right people.

Getting Windows Live Anonymous ID from PC?

Is there any way of getting the "Windows Live Anonymous ID" from a PC based on the users e-mail-adress, logged in Windows-account, registry, Zune, currently usb-connected phone or else?
I'm not sure what you mean by "Windows Live Anonymous ID", but if you mean the Windows Live ID that is associated with the device, then no there is no way to retrieve this from the device, or the other places you suggest. If you require a Windows Live ID from a user, you should ask them for it because a) it's polite, and b) they might want to use a different account for your application.
There is no way to query information on a phone from a connected PC.
Any such ability could be considered a security hole.

Resources