Device Admin Deprecation - What you need to know?

Device Admin APIs were introduced in 2010 along with Android 2.2 Froyo. In device administrator mode, the device admin app seeks administrative permission for the entire device, which is a threat to the confidentiality of apps, data, etc. Eventually, this can create a huge security risk for corporate and its employees when they deploy large numbers of devices and apps in their device fleet.

The device admin APIs can be accessed by any type of application, including device admin apps, email clients, security apps, and even malware. Considering this security risk, Google officially announced that with the release of Android 10 (Android Q), they would deprecate the device admin APIs to streamline the device management experience along with Android Enterprise.

Deprecated policies

With the release of Android 10, the many policies will work and will display a security exception when invoked by a device admin as shown below.

java.lang.SecurityException: No active admin owned by uid xxxx  

The policies are:

  1. Remotely blocking camera in the device
  2. Disabling certain key-guard features
  3. Forcing the user to reset their password after a pre-defined time period
  4. Forcing the user to use passwords with specific quality guidelines, such as minimum length, complexity etc.

The following policies will continue to work

  1. Remote screen lock
  2. Remote password reset
  3. Remote data wipe of the device

How did we do?

Google Workspace and Codeproof

Paid Apps and Managed Play Store