vadymvdrobot - Fotolia
With the release of Android Q, Google will deprecate a number of additional device management APIs for Android Device Admin. Device Admin has been on the chopping block since Google released Android 9 Pie in 2018.
Google first released the Android Device Admin API as a management option with Android 2.2 in May 2010, but today, Device Admin is considered a legacy option. Google is discontinuing more and more Device Admin features to encourage organizations to adopt Android Enterprise as their source for management APIs.
What exactly is Android deprecating?
The Android Device Admin APIs that Google is deprecating control IT's ability to disable lock screen features, such as smart lock and face unlock; disable cameras; and force-expire existing passwords, prompting the user to create a new one. The deprecation will also eliminate IT's ability to define password restraints such as a minimum length and a special character requirement.
Here is what these controls look like with Device Admin:
Once IT upgrades its devices to Android Q and the relevant Device Policy Controller or Enterprise Mobility Management tool targets the Android Q Device Admin API, the functions listed above will no longer work. Android Device Admin will only be able to enforce the following commands:
These commands control factory resets of devices, forced remote device locks and passcode resets, respectively.
Android has already heavily restricted USES_POLICY_RESET_PASSWORD -- as of Android 7.0 Nougat's August 2016 release -- to only apply on a device that doesn't already have a passcode enabled, prompting the user to set one. It's no longer possible for IT to reset the password with Android Device Admin, despite the name of the API.
It is still possible to wipe data and lock the device, as there are security-focused mobile apps available to Android, such as Android Device Manager and Android Lost, that offer this capability if a device is lost or stolen. There are also mail servers that can push Microsoft Exchange ActiveSync policies, so some organizations can rely on this method for remote email data wipes.
These deprecated features of Device Admin are available with Android Enterprise, and organizations should migrate their Android management policies to Android Enterprise as soon as possible.