Does Grapheneos allow for remote system management by Mobile Device Management (MDM) software?

If so, which MDM software works well with Grapheneos, and is (preferrably) open source, and / or trustworthy?

  • de0u replied to this.
    8 months later

    de0u

    We have a lot of users asking how to install MDM on GrapheneOS. Currently, I know the only way to use MDM on GrapheneOS - install the MDM agent and grant the Device Owner permissions by the ADB utility, which is difficult and not acceptable by most users.

    In the link provided, it was written: "GrapheneOS does have all the AOSP stuff present for managed devices and managed profiles". But I was unable to start AOSP's ManagedProvisioning app by tapping 6 times on a welcome screen.

    Is there a way to install MDM on GrapheneOS? If there isn't, can our team contribute to GrapheneOS and implement Managed Provisioning?

    P.S. MDM on fully managed devices does not require Google Play services, so GrapheneOS-based devices CAN be managed by MDM. The only issue is the MDM installation.

        headwind-mdm There isn't a better way to do it yet but we'd like for it to be supported. It would need to be integrated into our SetupWizard2 app.

        P.S. MDM on fully managed devices does not require Google Play services, so GrapheneOS-based devices CAN be managed by MDM. The only issue is the MDM installation.

        GrapheneOS does support Google Play via sandboxed Google Play, but it's optional and unprivileged so it can't do the special device management stuff that it usually does.

            GrapheneOS Thank you for the explanation. We'll try to implement MDM provisioning in a custom build of GrapheneOS. If we succeed, is there any workflow to commit our update to the official GrapheneOS code?

                14 days later

                GrapheneOS I've submitted the pull request implementing QR code based MDM setup. Hope to finalize it and see it in the official GrapheneOS distribution soon.

                By the way, since this feature makes GrapheneOS capable to be used on corporate-owned devices, this could be a good chance to increase the popularity of the OS by proposing it to system administrators as a great and secure alternative to Google-powered Android ROMs. Once the feature becomes available, we can issue a press release about that. What do you think?

                    headwind-mdm

                    It is a fairly good program, I have tried it last year, the web interface is great, everything is on par.
                    But the phone launcher, omg. That's really ugly.
                    Isn't there is a way to solely use the work profile of Android ? There is nothing speaking of it in the documentation.

                        NetRunner88 Headwind MDM doesn't support work profiles. You can try installing another MDM system supporting them, as the new SetupWizard2 code potentially allows provisioning the device with a work profile (I didn't test it, though).

                        However, as far as I know, work profiles require strong integration with Google's Android Enterprise framework, which GrapheneOS doesn't have. So I doubt work profiles will work. Anyway, this is worth trying.

                            5 days later

                            I've been using GrapheneOS since 2019, and I'm always on the lookout for compatibility with MDM As a system administrator, I manage a bunch of devices in my company, so if anyone knows when the GrapheneOS team plans to implement this, please let me know.