When it comes to COPE (Corporate Owned Personally Enabled) devices, most enterprises use devices that are customized for their requirement. For example having a custom android device that functions as a POS. In such situations most organizations prefer to have custom firmwares maintained by themselves or get device vendors to build custom device to suite their requirement. For example apps or devices having the capability to sign their POS app with the vendor firmware signing key and install it on devices as a system app.
WSO2 EMM provides a separate service application that can be signed by a firmware signing key and installed on the devices as a system application alongside the EMM Agent application. This enables you to have better control over the devices registered with WWSO2 EMM. Since this is a system app it provides system level capabilities, such as device firmware upgrade, reboot and enforcing security policies and much more.
When the system service app is installed on a device that is registered with WSO2 EMM, the EMM Agent application communicates with the system service to get the operation executed when a system level operation triggers from the WSO2 EMM server. The communication between the system service and the agent app is secured by two layers of protection as shown below:
Via the signature - A permission that the system grants only if the requesting application is signed with the same certificate as the application that is declared in the permission.
Info For more information on securing the communication, see <permissions> on the Android Developer documents.
- Check the package name of the agent who makes the call to verify that it’s a request from the EMM Agent application.
Follow the steps given below