vadymvdrobot - Fotolia
Which Android Device Admin APIs will Google deprecate?
With the release of Android Q, Google will discontinue several Android Device Admin APIs. Learn which Android management APIs will be deprecated and which will remain.
With the release of Android Q, Google will deprecate a number of additional device management APIs for Android Device Admin. Device Admin has been on the chopping block since Google released Android 9 Pie in 2018.
Google first released the Android Device Admin API as a management option with Android 2.2 in May 2010, but today, Device Admin is considered a legacy option. Google is discontinuing more and more Device Admin features to encourage organizations to adopt Android Enterprise as their source for management APIs.
What exactly is Android deprecating?
The Android Device Admin APIs that Google is deprecating control IT's ability to disable lock screen features, such as smart lock and face unlock; disable cameras; and force-expire existing passwords, prompting the user to create a new one. The deprecation will also eliminate IT's ability to define password restraints such as a minimum length and a special character requirement.
Here is what these controls look like with Device Admin:
USES_POLICY_DISABLE_KEYGUARD_FEATURES
USES_POLICY_DISABLE_CAMERA
USES_POLICY_EXPIRE_PASSWORD
USES_POLICY_LIMIT_PASSWORD
Once IT upgrades its devices to Android Q and the relevant Device Policy Controller or Enterprise Mobility Management tool targets the Android Q Device Admin API, the functions listed above will no longer work. Android Device Admin will only be able to enforce the following commands:
USES_POLICY_WIPE_DATA
USES_POLICY_FORCE_LOCK
USES_POLICY_RESET_PASSWORD
These commands control factory resets of devices, forced remote device locks and passcode resets, respectively.
Android has already heavily restricted USES_POLICY_RESET_PASSWORD -- as of Android 7.0 Nougat's August 2016 release -- to only apply on a device that doesn't already have a passcode enabled, prompting the user to set one. It's no longer possible for IT to reset the password with Android Device Admin, despite the name of the API.
It is still possible to wipe data and lock the device, as there are security-focused mobile apps available to Android, such as Android Device Manager and Android Lost, that offer this capability if a device is lost or stolen. There are also mail servers that can push Microsoft Exchange ActiveSync policies, so some organizations can rely on this method for remote email data wipes.
These deprecated features of Device Admin are available with Android Enterprise, and organizations should migrate their Android management policies to Android Enterprise as soon as possible.