zebra tc 75 -> file encryption setting ?
any idea about this ?
After profile is apply, I see on the log this :
Custom log : device is encrypted with a default key. require password at startup for more secure encryption.
You personally must be an iOS disciple all your life and have never used an Android device before. There is absolutely no problem with Soti's "file-encryption" option at all. The problem is in your wrong interpretation and expectation of system-level file encryption defined by Google for all Android devices.
With the way you do your test, you of course will always read the file unencrypted. Your device firmware decrypt all internal file on-the-fly transparently before it is copied to some other device/place via any wireless/wire-line connections
If you enable file-encryption option for external (i.e. SD- card), insert a new SD-card, and there should be prompt to device end-user to go to Settings and initiate encryption of the SD card. After that, all subsequent write operation to the SD-card file-system will be encrypted. If you put the SD card into another device, you won't be able to read the plain file content. (If your SQlite database is stored in this SD-card, your app can access the database normally on this phone. But if you install the app in another device and put the SD card on that device, you will find that the app cannot read the database).
The internal (i.e. flash) file-system is always encrypted by default for Android 6+ and any Android Enterprise devices, thus whether or not you enable internal "file-encryption" option in MobiControl for these devices make no real difference. Some Android 6+ firmware versions of selected OEM brands allow end-user to select if there is any need to input the encryption password before the kernel boot. For these kind of devices, setting MobiConrol"internal file-encryption" option ON while the device is configured to skip the password input before kernel boot can potentially trigger MobiControl alert (I am not sure if all brands/models will work this way, though).
It should be noted that in all the above cases, the actual encryption/decryption are implemented by the device firmware and initiated by the device end-user (not by MobiControl server or agent), and MobiControl codes only check the encryption status reported by the device kernel and can trigger appropriate alert(s) to be reported back to the server/administrator.
This system-level file encryption uses your boot-up/lock-screen password hashed further by the hardware device to get your device-specific key to decrypt any file transparently on-the-fly. If you want per-file encryption with end-user selected key different from the boot-up/lock-screen password, they you need to get app-level cryto implementation offered by your app, and this will not be managed/checked/enforced in any way by MobiControl.
thanks for all your comment ...
Heu, no i'm not a child of apple :) I used android since several years but i'm not an expert
in my question, i'm sure my test isn't bad because I used mobicontrol since two years now and all works fine ...
i'm never doubt about mobicontrol i'm just discover some things on android ...
really thanks for your clear explanation , it's really appreciated
have a nice day