Possibility to activate "deactivated" DPC app on a device without a Google account?


#1

On of our goals is to provide a possibility to activate and use a device without the need of an Google account. For Samsung Galaxy Devices we will achieve this goal with the roll out of Samsung Knox Mobile Enrollment in parallel with the Android Enterprise deployment with Work Profile scenario. So the needed MobileIron Mobile@Work client will be installed on the device while activating via Samsung KME. So far so good, an it already works.

But now we ran into the following problem:
When we retire a device from MI Core, the Work Profile is removed form the device, and the Mobile@Work client is “deactivated”.
If the user now wants to activate the device again, we have the problem, that the Mobile@Work app is not visible because it is “deactivated”.
In our knowledge the only way to activate a “deactivated” app is via the Google Play Store. But as there is no Google account existing, it is not possible to get to the Mobile@Work app in Google Play. Only the Log In screen is shown.

-Does anyone have an idea how to activate a “deactivated” app on a device without a Google account?
-Is this works as designed that the DPC (Mobile@Work app) is left “deactivated” on the device after retiring the device = remove AE Work Profile, or is this MobileIron specific?
-Is this behavior the same on other MDM solutions?

thx
Franz


#2

In the case of MobileIron the DPC is only there because MI follow the bare minimum requirement set out by Google which stipulates the DPC should at the very least disable, but best practice would prompt for uninstallation entirely from the parent profile.

In this instance though it works in your favour! As the app is only disabled you can find it via Settings > Apps. You can opt to sort by disabled if you wish.

Tap the deactivated app and enable it.


#3

Sorry, i forgot to mention that we already searched for the DPC in Settings > Apps. But unfortunately it is not listed there? Not in the “Enabled”, “Disabled” or “All apps” list, even if we also turn on “Show system apps” in the overflow menu. So we can not enable it there :frowning:

The only way is to log in to Google Play Store with a Google account. There we can see that it is installed on the device, and that it is disabled. And there we can enable it again to perform a new activation to MobileIron Core.

So it looks like the DPC is set to a special “disabled” state in the parent profile.

Maybe MobileIron does not uninstall the DPC in the parent profile, because in conjunction with Samsung Knox Mobile Enrollment a uninstallation of the DPC would trigger a new KME enrollment?

I think we have to ask MobileIron, if it would be possible to re-enable the DPC in the parent profile when a retire/wipe action from Core is removing the Work Profile on the device.


#4

I haven’t seen it not present at all. It’s clearly on the device and there should be no special mode for it.

No :slight_smile:

In absence of the app appearing you could use ADB but that’s hardly user friendly.