Update apps automatically on Android+ devices and MobiControl upgrades

Update apps automatically on Android+ devices and MobiControl upgrades

This post has three main questions.

First, I would like to be able to install/update apps automatically on Android+ devices. The majority of these apps are available on the play store.
I created an application catalog rule and added apps from both the managed Google Play account and the normal Google Play apps.

Google Play store apps are showing on the device, but the managed Google Play apps are not.

These are COPE devices so we don't want to use the regular Google Play store method since the users will be able to install any apps they want. 


Second question involves upgrading MobiControl. Since it's on the cloud I know I'm supposed to contact support and I have done that last Wednesday I think, but still didn't get a reply. But I need more information about the process before starting since it's my first time.

  • Do I have to specify which version I want to upgrade to or do they always upgrade to the latest version?
  • How long does the upgrade take?
  • Is there any downtime or lost data to worry about? Can I take a backup?
  • How will users be affected by the upgrade?


Lastly, does Soti MobiControl require some form of root access to the device? I think I know the answer to this but my manager asked me so I figured I'd ask on here. The reason being is I was testing the Android Enterprise agent on one of the test devices and it wouldn't complete the configuration because I kept getting a "custom OS" error. I looked into it and found posts on here saying it's got to do with the device being rooted at some point in time. I dug deeper and read about Samsung's Knox warranty bit which is like a switch that once triggered cannot be switched off. Samsung's official solution is to replace the motherboard which is expensive and frankly environmentally irresponsible, but that's not the issue here.

I discovered that our other test device also had this Knox warranty bit triggered and so far, every device I checked has it triggered which means I cannot install the Android Enterprise agent on any of them. So I'm just trying to rule out the possibility that it was caused by MobiControl.



Current system info that might be needed:

MobiControl version: (on cloud)

Agent version: Samsung ELM 13.5.0

Android version: 7.0 Nougat

2 Answers

Order By:   Standard | Newest | Votes
Raymond Chan | posted this 08 April 2019

(1) If the active MDM API of your enrolled device does not include "Android for Work Managed Device" or "Android for Work Work Profile", then it is not an Android-Enterprise device, and mandatory apps from Managed Google Play store will not be deployed/upgraded automatically to such device.

For device using OEM specific Android+ device agent, a Google account must be added before apps from Google Play store (but NOT from Managed Google Play store) can be installed/upgraded.  One possible way to disallow end-user from installing arbitrary Google Play apps on the device is to use application-run-control whitelist to restrict what can be installed/run on the device.


(2)  For MobiControl cloud upgrade, the following are based on experience for many of my commercial/governmental customers using Soti Cloud instance:


  • Do I have to specify which version I want to upgrade to or do they always upgrade to the latest version?  Yes, you have to specify which version and build number to use.  Actually, you should be requested to fill in a 1-page upgrade request form to give all necessary details.
  • How long does the upgrade take?   Unless your cloud instance is a big one with complicated architecture, an upgrade usually takes no more than 2 hours
  • Is there any downtime or lost data to worry about? Can I take a backup?  You can specify which time slot to perform the upgrade.  The database will be backed up, just in case there is a need to fall back.  In principle, you could request Soti to give you a zipped image of the back-up database, but all of my corporate/governmental customers (except one) didn't bother to get theirs in the past few years. 
  • How will users be affected by the upgrade?  In general, all pushed policies on the device will still be operational when the server is down, and the end-user should not notice any difference.  However,  any policies that need server to be on-line (e.g. alert rule, enterprise resource gateway, etc.) will not work while the server is down and being upgraded.


(3)   Neither MobiControl  agent itself nor any of its operations require root access. This has been field proven for many tens of my commerical/governmental customers deploying thousands of Samsung devices in the last few years.  From our device tests for different customers ever since AFW/AE has been launched , virtually all Samsung devices running Android 5+ support Android Enterprise without any problem.  If your Samsung device has its Knox warranty bit set,  then it is very likely that it has been rooted using customized ROM or some kind of rooting app in the past.  This warranty bit is actually a hardware fuse that can't be cleared once it is blown, and such compromised device cannot be configured to run Google's Android-Enterprise due to security reasons.  There is nothing anyone can do except to replace the circuit board.


  • 2
  • 0
Yousef | posted this 09 April 2019

The active MDM API on the enrolled devices are Samsung MDM 5.7, Samsung RC1, & Samsung KNOX v2.4 so I guess that means we can't have auto updates for the apps since the devices I checked all have their .

Is there a script that can be used to have the device update a specific app from the Play Store in the background? (preferably without requiring user input). 

I know the Play Store allows me to specify which apps to auto update but since the default option is to allow apps to auto updates, that means I'd have to open each app from the Play Store and uncheck the auto update option. If this is a one time thing that will be reflected on all devices then I wouldn't mind doing it but, correct me if I'm wrong from what I can tell these options are on the device itself only so I'd have to uncheck each app I don't want updates for on every device.

Thanks for the upgrade info, it gave me an idea of what to expect when Soti support get back to me and I can look into the different versions/builds while waiting for them. It's reassuring that none of the users will be affected during the upgrade.

As for the root access question, I just checked some more devices and found one that some of them don't have the Knox warranty bit triggered even though they also have MobiControl installed, so like you said it's not Soti related. 

I used the shell script below using the legacy plugin for remote access to get the status remotely

getprop ro.boot.warranty_bit

This script didn't work when sending the script using the "Send Script" option for devices, so is there a way to send shell scripts through here and have the results displayed in the logs tab of the device somehow?

  • 0
  • 0

Give us your feedback
Give us your feedback