We are trying out the EMM MDM app using Android Enterprise. So we enroll using Android Enterprise in Fully managed mode.
We'll be having a per device policy
mechanism, so every device will have a separate policy.
Now at the start, we don't have any info about who's the user, so we apply the default policy and then during setup (using setupActions), we open our custom app and ask the user to log in using username and password, that way we know who's the user.
The issue is, we know the user, but we don't know on which device the user has logged into since we can't query IMEI/SerialNumber (https://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers)
The issue is we make users log in from our app but in AndroidEnterprise, the device name is different.
We want to create a mapping of username <---> device info from AE.
Can we query the Android Device Policy
app someway to get any identifier so that we can map deviceId <---> username?
or any other suggested way?
We can not send deviceName or anything in Managed configuration since, at that time, the user is not enrolled in AnroidEnterprise thus, we don't have that info. see ref
Also, anyone knows how can we interact with Android Device Policy somehow? to know which policy is applied? etc.
From Android 10 to read device Identifiers numbers, it required READ_PRIVILEGED_PHONE_STATE permission. However, apps installed from the Google Play Store cannot declare privileged permissions.
If you work with Android Management API, you can set policy DelegatedScope: CERT_INSTALL for your application to have a special permission that access to certificate installation and management. So that we can use READ_PHONE_STATE permission on your app's manifest.