LG smartphones enrolled to SOTI 14.3 failing SafetyNet compliance

LG smartphones enrolled to SOTI 14.3 failing SafetyNet compliance

Hi all,

 

I am testing SOTI Mobicontrol 14.3 and testing enrolment of AE smartphones.

 

When testing LG smartphones (K4/K8/K9), the smartphones are encrypted, factory reset or straight out of the box, they are failing to enrol with the following SOTI Agent message;

"Enrollment Failed. This device is not SafetyNet compliant. Please contact your system administrator."

 

I know I can simply tick the box to still enrol the devices but that would defeat the point of the SafetyNet feature.  Has anyone else hit this yet?

 

I will check this with SOTI later today.

 

John.

 

5 Answers

Order By:   Standard | Newest | Votes
Support Staff | posted this 20 March 2019

Hello John, 

 

Are your devices rooted by any chance?

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
John Aiston | posted this 20 March 2019

"factory reset or straight out of the box".

Sorry but I wouldn't ask if they were rooted :)

 

I didn't get a chance to log this with SOTI support as the UK support telephone number was down :(.

 

  • 0
  • 0
Support Staff | posted this 20 March 2019

Only reason I ask is that this would be a reason to fail the "SafetyNet Compliance" check...

This feature was added in v 14.3 so its still new to us as well.  I would begin with checking on why the device failed...I have listed our Release Highlights for v 14.3 and a link to the Android SafetyNet guide that may shed some light on the potential reasons for failing the requirements..."Caveat emptor"

 

SOTI delivers new capabilities as part of the Android Enterprise Recommended (AER) program, including hardened authentication and security checks via SafetyNet, Enterprise Factory Reset Protection to prevent unauthorized setup of company owned devices, and the ability to disable all system UI on kiosk devices.

SOTI MobiControl 14.3 goes beyond AER requirements to deliver additional management capabilities that give organizations more control over their Android devices. A new Agent Delivery Service simplifies how administrators obtain and upgrade OEM-specific Android agents, package installation is now supported on Android Enterprise work profiles, a new profile configuration has been added to schedule the execution of device-side scripts, and the installation of packages can now be restricted to specific time windows."

 

https://developer.android.com/training/safetynet

 

Good thing we added a check box to bypass this in the "advance section" when creating an enrollment rule as you have already noticed.

 

 

BTW you can also submit a case by e-mailing Support@soti.net.  

 

Hope this helps,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 1
  • 0
John Aiston | posted this 21 March 2019

Many thanks for that, great info and also a method to test devices.

https://source.android.com/compatibility/cts/downloads

John.

 

  • 0
  • 0
Support Staff | posted this 21 March 2019

Glad we could be of assistance and thank you for sharing that tool, I'm sure it will come in handy. 

 

Cheers,

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback