Smartphones, tablets, and other corporate devices, can create breaches in your network and compromise data security if not managed properly. This is a problem with variability of devices, operating systems, OS versions, and applications sources allowed for your staff that needs a single point of control.
Android Mobile Management or MDM software is a practical custom solution we can build and fine-tune for your specific needs to manage corporate devices at scale. MobiDev has extensive experience with Android MDM since 2012, and in this article we would like to share some practical tips on how to set up your own device management software
ANDROID MOBILE DEVICE MANAGEMENT SYSTEM: HIGHLIGHTS
Mobile Device Management deals with the deployment, integration, monitoring, and security of a corporate or client network of smartphones or tablets. Administering devices through MDM makes it possible to distribute software packages, set permissions, adhere to certain policies, and optimize device functionality.
MDM solutions exist for all mobile operating systems, including cross-platform. However, it is Android that occupies a prominent place in corporate devices. Android not only has the largest market share and is open-source, but also offers fully-fledged customization in terms of MDM. So, we will focus exclusively on Android MDM development, as device management for iOS is a quite different story.
MOBILE DEVICE MANAGEMENT SYSTEM USE CASES
First of all, Android MDM can be used both for internal corporate systems, as well as for managing product features on the client’s device. Mobile Device Management is designed for IT departments to provide a single point of control to improve security, functionality and user experience in working environments. This is done by enforcing policies on corporate devices, restricting access to third party stores or blocking unwanted devices functions.
Here are some common use cases how MDM software is used in different types of business:
- A telecommunications company can manage users’ access to services and networks
- The seller of devices on credit or with instalments can administer customer payments and manage the ability to use smartphones or tablets
- A B2B provider can provide MDM service to companies with a few devices, which makes it impractical for them to create their own mobile device management system. Such providers do not even necessarily have in-house developers. Platform owners often outsource the building of MDM software to teams with relevant expertise while focusing their efforts on marketing, administration, and customer experience.
Now, let’s take a look at the functionality of MDM software.
MDM FEATURES AND CAPABILITIES
This is what makes up the core of Android MDM systems functionality:
- Enrollment. That is a procedure for installing MDM on a mobile device. Most MDM software supports bulk enrollment to install software packages on multiple devices at once. An over-the-air (OTA) enrollment suggests distribution and installation of MDM through a dedicated website or app. For example, we often recommend to clients a solution with which it is enough to scan a QR code to connect the device to the system.
- Profile management. Once we install the MDM package, we can now assign profiles for the device users.
- Policy management. Administrators manage a bunch of rules or permissions set for a given device. By providing policies, they may, for example, lock or unlock some of the software or hardware functions.
- Device administration and troubleshooting. All policies can be updated remotely. This part of MDM functionality implements device monitoring and troubleshooting.
- Device location tracking. This function allows administrators to locate the device via GPS.
As with any software product, the client’s business requirements determine the set of features to be implemented. For example, when developing MDM for internal corporate needs, you need to pay special attention to security. Since corporate mobile devices can access critical business data, it is necessary to prevent the threat to enterprise databases. Hence, the appropriateness of such features of Android MDM systems as denotation by administrators of rules for accessing corporate data and remote wiping. When we enroll MDM on a device, all corporate data accessed through it will be stored in a secure profile. In case the device is stolen, lost, or compromised, corporate and MDM data can be wiped to factory settings remotely to protect against any data leakage.
After all, the management of mobile devices in a corporation can become an essential element of compliance with its security standards. For example, it is possible to provide an administrator to block the use of cameras and scanners on mobile devices by employees who see confidential documents or are on premises with a special access mode. Based on the development experience, we want to emphasize that the functionality and settings of Android MDM systems can be flexibly adjusted to the needs of the customer. It is helpful, in particular, to introduce different categories of users with different access levels. It is even possible to provide higher-level users the option of independently selecting a set of policies for their devices.
Kiosk Mode for mobile devices has also proven itself well. With Single App Kiosk Mode, you can allow only one app to be installed on the device, blocking the possibility of removing it and installing others. With the Multi App Kiosk Mode, the administrator limits the list of software on the device to two or more apps necessary for work or using the client service.
So, it is quite feasible to choose the optimal functionality and settings of Android MDM for the specific needs of your company. Let’s consider the development of such solutions.
Building Android MDM Systems: Approaches and Case Studies
MDM is a complex solution, which consists of modular parts. The main things in the MDM system are the admin panel, which includes a device policy controller (DPC) and an API interface that performs all the policy updates and transfers data between the MDM server and enrolled devices. The functionality can be enriched by extending the existing API by adding methods, managers, and services. This can be done by configuring certain policies on the server, which will later be pushed to the device. Based on our experience, such systems might scale to thousands of devices and implement numerous policies.
An “inside” view of a configured MDM panel will give you a peek under the hood of the mobile device management systems we develop. To that end, we made a short video of how to create a workspace, enroll a device, and create policies.
MDM admin panel and configuration capabilities
MobiDev started working on Android MDM software in 2012, building projects that were based on AOSP or Android Open Source Project. The approaches to development evolved since then, but our engineers were constantly improving their knowledge base and gained practical experience through product’s we built for our customer’s. Today we implement this type of project with the help of Android EMM (Enterprise Mobility Management) platform.
We can cover different needs for our client’s ranging from consulting to providing a dedicated team of engineers, QA, and business analytics to help you build MDM solutions. If you struggle to come up with a concise analysis of the existing infrastructure, contact us so our team conducts a full technical audit of your software and develop product strategy for integrating MDM software.
Success Story #1: Android MDM System for Enterprise Secure Communication
Product Description: A custom Android-based operating system for Secure Phones designed for encrypted communication and data storage. Our client, Secure Group, has provided military-grade secure communication with this software.
Applied Technologies:
- Secure Phone: Mobile Device Management, GSON, AOSP, RXJava, RXAndroid, SQLite
- Secure Apps (Chat & Email): Java, message and object encryption protocols, real-time transport protocol, customized libraries
- Back End: Symfony, PHP, MySQL, Docker, Docker Compose, Elastic, Composer
The result of the project was a fully secured customized OS. You can read more about this success story here.
Our customer decided to develop an MDM solution from scratch due to at least two compelling reasons. First, the client sought to achieve a level of security of communications and data handling that was significantly higher than typical for similar systems.
Secondly, at the time of the start of the project, the range of ready-made solutions for Android-based development was much narrower than it is now. Our developers used the potential that had been accumulated at that time within the AOSP (Android Open Source Project). However, AOSP continues to develop, and its repository of source code is replenished frequently. Google currently offers tools that significantly facilitate the development of Android MDM. We are primarily referring to the Android Management API offered by the Google-led initiative Android Enterprise. Thus, Android EMM (Enterprise Mobility Management) today is a reliable and advanced platform for the development of MDM systems.
Knowing the benefits and drawbacks of each of the approaches to the development of MDM systems, we advise you to focus on how critical the limitations inherent in Android EMM (Enterprise Mobility Management) solutions are for you.
In fact, such limitations are few:
- Device requirements. For a reliable connection through the Android Management API, you need to use devices with pure (stock) Android. In practice, this is expressed in the definition of the minimum current version of Android, which should run on devices enrolled in the system. Instead, a custom operating system can be implemented on a wider range of devices.
- Set of policies. The set of policies supported by Android EMM is extensive. At the same time, if you need genuinely unique policies, then this is a reason to consider custom development.
- Security level offered by the vendor. Remember that the administrative panel of your MDM system interacts with devices not directly, but through the Android Management API, a kind of “black box”. If you want to adhere to even higher security standards adopted in your company, for example, as it was in the case study described above, then this is also an argument in favor of developing from scratch.
Therefore, summarizing what has been said, we will note that if you need to manage a significant number of devices that are not on pure Android, implement policies that are not provided for by Google Enterprise, and ensure increased security, then it may be appropriate for you to order the development of an MDM system from scratch.
However, as our experience shows, the needs of most businesses can be met by solutions developed using the Android Management API. So let’s follow the development of MDM systems based on Android EMM with the help of case studies.
We will give, in another success story, an example of a whole system of software products, including MDM, developed to implement a truly innovative idea.
Success Story #2: Internal Testing Solution for Sound Recognition Solution
MobiDev participated in the creation of the baby cry recognition solution by developing a system for internal testing of cloud API. MobiDev engineers developed an app to interact with API and have built the MDM system for remote control of the fleet of testing devices.
Thanks to MobiDev’s efforts, we were able to upgrade our testing devices from internally-embedded platforms, making them controllable and easier to scale. Throughout the engagement, the flexible team communicated their progress daily and had weekly demo calls with us.
As you can see from our case studies, the Android mobile device management platform is capable of closing the majority of needs for MDM systems. We have repeatedly been convinced by our own experience that, depending on the needs of the customer, different levels of customization can be provided in such software solutions. In addition, Android mobile device management systems can be implemented both as a separate client service and as an auxiliary part of a complex software product.
Build Your Custom MDM System with MobiDev
Whether you are looking for fully custom MDM solution or want to modernize existing management platform, we can cover your needs. Android EMM is an optimal choice that can cover the majority of needs in terms of required policies or number of devices. However, if you need independence from the provider and don’t want to deal with platform deprecation, custom solutions are also possible. To understand which choice is better for you in terms of time frames, budget and engineering resource, you can book a meeting with our tech experts to discuss the implementation options in detail.
