If your company needs to manage quite a lot of smartphones and tablets for its employees or customers, then this article is the right thing for you. As long as you administer a couple of dozens of devices, you can get by with one of the mobile device management (MDM) provider services on the market. When you cross this threshold, it’s time to think about building your own Android MDM system.
The first MobiDev project for the development of the Android MDM system was launched back in 2012. Since then, we have gained extensive expertise and practical knowledge we would like to share in this article.
Android Mobile Device Management System: Highlights
Mobile Device Management or MDM deals with the deployment, integration, monitoring, and security of a corporate or client network of smartphones or tablets. Administering devices through MDM makes it possible to distribute software packages, set permissions, adhere to certain policies, and optimize device functionality.
MDM solutions exist for all mobile operating systems, including cross-platform. However, it is Android that occupies a prominent place in managing mobile devices. Android not only has the largest market share and is open-source, but also offers fully-fledged customization in terms of MDM. The experience we want to share also applies to this mobile operating system. So, we will focus this article exclusively on Android MDM development.
MOBILE DEVICE MANAGEMENT SYSTEM USE CASES
We can divide all the variety areas of use of Android MDM software into two main types:
- For company staff (MDM as an internal corporate system)
- For clients (MDM for a product features management)
For each of these usage areas, there are many possible scenarios that make the Android MDM solution an indispensable tool for many companies.
Here are some examples of options that Android MDM systems provide for customer interaction:
- A telecommunications company can manage users’ access to services and networks
- The seller of devices on credit or with installments can administer customer payments and manage the ability to use smartphones or tablets
- A B2B provider can provide MDM service to companies with a few devices, which makes it impractical for them to create their own mobile device management system. Such providers do not even necessarily have in-house developers. Platform owners often outsource the building of MDM software to teams with relevant expertise while focusing their efforts on marketing, administration, and customer experience.
Certainly, this list of possible use cases can be continued. Let’s take a look at the basic functionality provided by the Android MDM system.
MDM FEATURES AND CAPABILITIES
This is what makes up the core of Android MDM systems functionality:
- Enrollment. That is a procedure for installing MDM on a mobile device. Most MDM software supports bulk enrollment to install software packages on multiple devices at once. An over-the-air (OTA) enrollment suggests distribution and installation of MDM through a dedicated website or app. For example, we often recommend to clients a solution with which it is enough to scan a QR code to connect the device to the system.
- Profile management. Once we install the MDM package, we can now assign profiles for the device users.
- Policy management. Administrators manage a bunch of rules or permissions set for a given device. By providing policies, they may, for example, lock or unlock some of the software or hardware functions.
- Device administration and troubleshooting. All policies can be updated remotely. This part of MDM functionality implements device monitoring and troubleshooting.
- Device location tracking. This function allows administrators to locate the device via GPS.
As with any software product, the client’s business requirements determine the set of features to be implemented. For example, when developing MDM for internal corporate needs, you need to pay special attention to security. Since corporate mobile devices can access critical business data, it is necessary to prevent the threat to enterprise databases. Hence, the appropriateness of such features of Android MDM systems as denotation by administrators of rules for accessing corporate data and remote wiping. When we enroll MDM on a device, all corporate data accessed through it will be stored in a secure profile. In case the device is stolen, lost, or compromised, corporate and MDM data can be wiped to factory settings remotely to protect against any data leakage.
After all, the management of mobile devices in a corporation can become an essential element of compliance with its security standards. For example, it is possible to provide an administrator to block the use of cameras and scanners on mobile devices by employees who see confidential documents or are on premises with a special access mode. Based on the development experience, we want to emphasize that the functionality and settings of Android MDM systems can be flexibly adjusted to the needs of the customer. It is helpful, in particular, to introduce different categories of users with different access levels. It is even possible to provide higher-level users the option of independently selecting a set of policies for their devices.
Kiosk Mode for mobile devices has also proven itself well. With Single App Kiosk Mode, you can allow only one app to be installed on the device, blocking the possibility of removing it and installing others. With the Multi App Kiosk Mode, the administrator limits the list of software on the device to two or more apps necessary for work or using the client service.
So, it is quite feasible to choose the optimal functionality and settings of Android MDM for the specific needs of your company. Let’s consider the development of such solutions.
Building Android MDM Systems: Approaches and Case Studies
MDM is a complex solution, which consists of modular parts. The main things in the MDM system are the admin panel, which includes a device policy controller (DPC) and an API interface that performs all the policy updates and transfers data between the MDM server and enrolled devices. The functionality can be enriched by extending the existing API by adding methods, managers, and services. This can be done by configuring certain policies on the server, which will later be pushed to the device. Based on our experience, such systems might scale to thousands of devices and implement numerous policies.
An “inside” view of a configured MDM panel will give you a peek under the hood of the mobile device management systems we develop. To that end, we made a short video of how to create a workspace, enroll a device, and create policies.
MDM admin panel and configuration capabilities
As mentioned, MobiDev first created a custom MDM system based on AOSP (Android Open Source Project) in 2012. Since then, approaches to such development have evolved. We continue to engage in similar projects today. The focus has shifted from custom development from scratch to building systems based on Android Enterprise Mobility Management (EMM). Let’s highlight the main points of developing Android MDM solutions based on our case studies.
Case Study #1: Android MDM System for Enterprise Secure Communication
Product Description: A custom Android-based operating system for Secure Phones designed for encrypted communication and data storage. Our client, Secure Group, has provided military-grade secure communication with this software.
- Secure Phone: Mobile Device Management, GSON, AOSP, RXJava, RXAndroid, SQLite
- Secure Apps (Chat & Email): Java, message and object encryption protocols, real-time transport protocol, customized libraries
- Back End: Symfony, PHP, MySQL, Docker, Docker Compose, Elastic, Composer
The result of the project was a fully secured customized OS. You can learn more about this case study here.
Our customer decided to develop an MDM solution from scratch due to at least two compelling reasons. First, the client sought to achieve a level of security of communications and data handling that was significantly higher than typical for similar systems.
Secondly, at the time of the start of the project, the range of ready-made solutions for Android-based development was much narrower than it is now. Our developers used the potential that had been accumulated at that time within the AOSP (Android Open Source Project). However, AOSP continues to develop, and its repository of source code is replenished frequently. Google currently offers tools that significantly facilitate the development of Android MDM. We are primarily referring to the Android Management API offered by the Google-led initiative Android Enterprise. Thus, Android EMM (Enterprise Mobility Management) today is a reliable and advanced platform for the development of MDM systems.
Knowing the benefits and drawbacks of each of the approaches to the development of MDM systems, we advise you to focus on how critical the limitations inherent in Android EMM (Enterprise Mobility Management) solutions are for you.
In fact, such limitations are few:
- Device requirements. For a reliable connection through the Android Management API, you need to use devices with pure (stock) Android. In practice, this is expressed in the definition of the minimum current version of Android, which should run on devices enrolled in the system. Instead, a custom operating system can be implemented on a wider range of devices.
- Set of policies. The set of policies supported by Android EMM is extensive. At the same time, if you need genuinely unique policies, then this is a reason to consider custom development.
- Security level offered by the vendor. Remember that the administrative panel of your MDM system interacts with devices not directly, but through the Android Management API, a kind of “black box”. If you want to adhere to even higher security standards adopted in your company, for example, as it was in the case study described above, then this is also an argument in favor of developing from scratch.
Therefore, summarizing what has been said, we will note that if you need to manage a significant number of devices that are not on pure Android, implement policies that are not provided for by Google Enterprise, and ensure increased security, then it may be appropriate for you to order the development of an MDM system from scratch.
However, as our experience shows, the needs of most businesses can be met by solutions developed using the Android Management API. So let’s follow the development of MDM systems based on Android EMM with the help of case studies.
We will give, in another case study, an example of a whole system of software products, including MDM, developed to implement a truly innovative idea.
Case study#2: Internal Testing Solution for Sound Recognition Solution
MobiDev participated in the creation of the baby cry recognition solution by developing a system for internal testing of cloud API. MobiDev engineers developed an app to interact with API and have built the MDM system for remote control of the fleet of testing devices.
Thanks to MobiDev’s efforts, we were able to upgrade our testing devices from internally-embedded platforms, making them controllable and easier to scale. Throughout the engagement, the flexible team communicated their progress daily and had weekly demo calls with us.
As you can see from our case studies, the Android mobile device management platform is capable of closing the majority of needs for MDM systems. We have repeatedly been convinced by our own experience that, depending on the needs of the customer, different levels of customization can be provided in such software solutions. In addition, Android mobile device management systems can be implemented both as a separate client service and as an auxiliary part of a complex software product.
Build Your Custom MDM System with MobiDev
Thus, Android MDM development by Mobidev makes it possible to get valuable solutions for different customers, from enterprises to product startups. This approach helps reduce costs. Meanwhile, the effective intra-team communication and positive customer experience provided by Android mobile device management are even more valuable than the cost savings.
Get in touch, and Mobidev experts will create an Android MDM system that meets your business needs.