Can I set application permissions through MobiControl?
In my experience, if your app explicitly requests its necessary permissions at run time then the SOTI as the Device Owner should be able to inherently grant them during the APK install provided that you have SOTI performing the install. There was a change to the permissions model in Android M in which each permission needs to be prompted for individually rather than en masse during the manual installation. If the app has not been recoded to support the API level for Android M then I don't think SOTI will know which permissions to grant the application when it installs the APK and I think you would be stuck manually enabling them as you have described.
My application has a requirement of API 23 (M) as a minimum with a target SDK of 25. The Manifest lists the correct permissions (about 31 individual requirements) and the app itself requests the permissions the "new way." I've been testing automatic setting of permissions these past 2-3 weeks and came across the following differences between SOTI agents:
- Android Plus with Samsung ELM: all permissions are automatically granted, except the ability to modify (Write) System Settings and allow usage tracking of applications. My application was deployed through SOTI's Packages.
- Android Enterprise (Device Owner mode) w/ Managed Play Store: permissions are not automatically set, even though I know first-hand that Device Policy Controllers (DPCs) are able to auto-grant any permissions without user intervention.
- Android Enterprise (Device Owner mode) w/ SOTI Package: permissions are not automatically set.
If I am not mistaken, Android Enterprise is supposed to offer much more control over a device when running in Device Owner mode. However, I am still being forced to set APNs manually on 150 devices along with the toggling of 6 switches to give my application its needed runtime permissions. I realize the lack of APN control is due to the limitation of Android's current Device Admin/Management APIs.
I prefer deploying my devices with Android Enterprise because it's supposed to cut down deployment times considerably on the device's first boot up, thanks to the availability of SOTI's DPC from the Play Store. Typing afw#mobicontrol in the Google Account text box is better than having to press the Next button 10 times in the wizard and then having to install SOTI's MobiControl separately.
It seems like the grass is never greener on the other side. I guess I'll just go back to Samsung ELM for now and hope SOTI's DPC improves sometime in the future.
I understand the tradeoff between the simplicity of staging versus granularity of control and think I would ultimately opt for the latter (Android+ with Samsung ELM). A more manual staging process is preferable to a manual enablement of app permissions in my opinion, especially given that the staging process should ultimately be a one time deal whereas you may have multiple apps deployed in the future.
Have you experimented with NFC staging at all? I think that's an option during the Google setup wizard but I haven't tried it out myself. I'm guessing that produces the same end results as the afw#mobicontrol hashtag however.