Guide to Device Admin Android (Usage & How To)
In 2010, Android created a feature known as Device Admin or Device Administrator. The feature was originally launched with Android version 2.2. However, while this feature gives users the ability to change settings on an administrator level, it does not work as an MDM or EMM. Users can use Device Admin with their MDM or EMM to fully take advantage of its management tools.
In this article, we’ll discuss the uses of Device Admin on Android devices and how you can use the API in your enterprise environment. We will also discuss how to enable and disable Device Admin on Android devices and answer some frequently asked questions about Device Admin.
- Part 1 : What is Device Admin on Android
- Part 2 : What Can You Do with Device Admin?
- Part 3 : How to Enable Device Admin on Android Phone
- Part 4 : How to Disable Device Admin on Android Phone
- Part 5 : Device Admin vs. Profile Owner vs. Device Owner
- Part 6 : What To Do When Device Admin is No Longer Supported?
1What is Device Admin on Android
Device Administration in Android is an API that contains administration features for Android devices. As enterprises expand and require more control over Android devices, Device Admin and its uses have changed.
Primarily, Device Admin on Android devices is a way to do basic MDM functions to restrict and customize devices through a pre-installed built-in Android API.
Device Admin is supported on Device versions from Android 2.2 up to Android 9.0.
2What Can You Do with Device Admin?
With Device Admin, you can do some of the same actions as MDMs do. You may use Device Admin alongside applications that deal with email, security applications, and device management services.
Also, you can use Device Admin to do the following functions, which are helpful for enterprise situations:
1Enroll in device management services and apps
You can use Device Admin in order to enroll in MDM or EMM. Usually, an IT admin code for Android is needed and appears in the form of a QR code.
MDMs or EMMs are then used to make more specifications for the device, including enrolling the device in a company group associated with lists of permissions, pre-downloaded apps, and security procedures that help maintain the safety of company data.
2Enforce password policies
There are many password policies that Android Device Admin can be used to enforce on a device. These policies include the following:
- Password history restrictions
- Maximum failed password attempts
- Password expiration timeout
- Minimum uppercase letters required in a password
- Minimum symbols required in a password
- Minimum non-letter characters required in a password
- Minimum numerical digits required in a password
- Minimum lowercase letters required in a password
- Minimum letters required in a password
- Complex password requirements
- Minimum password length
- Alphanumeric password required
- Password enabled mandatory
Having password policies on a device is helpful to maintain the security of the device and, therefore, the data that is stored on the device. For companies and those who are storing personal or private data, enforcing the use of secure passwords is paramount.
3Lock or wipe the user’s device
You can also use Android Device Admin to lock or wipe a user’s device. You may need to use this feature in order to protect the information on the device in the event that the device is lost or stolen. Also, this feature is useful in situations where an employee is still in the possession of a company device while no longer being employed by the company.
4Encrypt storage data
There is also a policy that requires data storage encryption on supported devices. This feature is great for devices that store sensitive work-related data. This policy is available for devices that run Android versions 3.0 and above.
5Disable the camera
Another Android Device Admin policy is one that can specify that the camera should be disabled. You may disable the camera based on time, context, and other specifications. This policy is only available for Android versions 4.0 and above.
Tip: Is it safe to use Device Administrator on a personal phone?
- It is only safe to use Device Administrator on a personal phone if you are the one who is making the changes. Never accept an invitation to join an MDM that isn’t familiar to you.
- However, it isn’t recommended to use Device Administrator on a personal phone, as the functions were not meant for personal use. The restrictions that Device Admin can make on a personal phone are unnecessary as they can be made through other device administration settings on the Android device.
3How to Enable Device Admin on Android Phone
If you want to enable Device Admin on an Android phone, you only need to follow a few simple steps. You cannot use Device Admin without it enabled through the phone itself. If a user does not enable the app, then Device Admin cannot be used.
First, navigate to the Settings app on your device.
Then, navigate to Security and privacy.
Here, you will find a section labeled Device admin apps.
Select the app you want to enable, and then select Activate.
Now, Device Admin is enabled and can be used to do any of the features or policies we listed above.
4How to Disable Device Admin on Android Phone
If you want to disable Device Admin on an Android phone, you only need to follow a few simple steps.
First, navigate to Settings > Security and privacy > Device admin apps.
Then, check which apps has activate the Android device administrator permission.
Choose the app you want to disable Device Admin. Tap Deactivate.
This will deactivate the device administrator app. While there will still be a way for the app to be reenabled, the Device Admin API will no longer be active.
5Device Admin vs. Profile Owner vs. Device Owner
There are three different modes which all allow users to make changes to Android devices. These modes are Device Admin, which was introduced in Android 2.2, and Profile Owner and Device Owner modes which are managed device modes. The Profile Owner and Device Owner modes were added in 5.0 in order to better support enterprise environments that use Android devices.
The addition of the two newer device management modes makes Device Admin a “legacy” technology for Android, and it is Android’s recommendation that enterprises use Profile Owner or Device Owner.
This change is a slow-occurring change that has been planned out over several device updates. Eventually, Device Administrators Android will be a thing of the past for Android users. Instead, they will rely on the Profile Owner and Device Owner modes in order to make similar changes.
Android is phasing out Device Admin by removing functions slowly but surely. For Android version 9.0, some capabilities of Device Admin will no longer be functional, and by the Android 10.0 update, Device Admin will no longer be able to be used.
The functions of Device Admin will then be used by Profile Owner and Device Owner modes. So, what’s the difference between Profile Owner mode and Device Owner mode?
Profile Owner is another way of referring to Android Work Profile which is part of Android’s bring your own device to work program. This allows users to create a work profile that will secure and manage the device for work purposes while allowing the device to still be used as a personal device.
The Device Owner mode allows companies to fully restrict devices, as it is meant for managed device environments where the company is the total owner of the device.
6What To Do When Device Admin is No Longer Supported?
If you find that Device Admin is no longer supported on your device, there are two steps you can take in order to enable Device Admin on the device in question.
As an IT admin, you can use an MDM to update the device to operating system 5.0 or higher, depending on your needs. Updating the device to operating system 5.0 or higher will allow the device to have access to Device Admin again.
Then, you will need to re-enroll the device to your MDM by installing an app that supports the device owner or profile owner.
Keep in mind that Device Admin will no longer be available for Android 9.0 or 10.0. Companies should instead focus on using Profile Owner and Device Owner modes in conjunction with an MDM, such as AirDroid Business.
AirDroid Business - Mobile Device Management Solution
AirDroid Business helps to manage and control the Android mobile workforce. This enables real-time monitoring of Android devices by tracking locations, geofencing, data processing and analysis, intelligent alerts, and remote maintenance.
It also provides a secure and centralized platform to manage all devices. All these make it an excellent choice to help enhance device management and security in an organization.