Meraki

Android2020 · ‎Jan 12 2021

My school is currently closed and we have loaned out a batch of Lenovo Android tablets, that I felt confident were sufficiently locked down to prevent the children installing their own apps on them.

I was, of course, proven wrong within a week. I have a small number of devices that have had games installed by the pupils. The first step will be the relevant staff following up with families, regarding signed agreements etc.

However, I am curious about what I have got wrong, so that I can learn from it. The devices were enrolled in Meraki using EMM. At first boot, in the email address box we entered something like 'eem@meraki' or similar. Then they have had the settings attached applied. During my testing, the end users couldn't download apps using the Play Store. I'm thinking that either:

* They have removed some of the settings / management profiles (I think less likely as they are listed in Meraki as being installed.

* They have downloaded .apk files from a website

(Only settings I didn't screenshot was the wallpaper.)

What have I done wrong? What have I missed?

PhilipDAth · ‎Jan 12 2021

Do the tablets by chance allow adding a personal account (I see modify account is enabled)? If you add a personal account, does that allow you to access the play store and install apps under that account?

ADB is disabled, so they should not be able to install a downloaded APK.

Android2020 · ‎Jan 13 2021

Yes, they do allow additional accounts to be added. Initially I blocked this, but it meant that the pupils could not sign into the Google Classroom app, as it relies on system accounts.

I suspect that is what is happening.

Is there a way to only allow accounts from our domain to sign in?

Meraki

Community

Locking down android tablets

Locking down android tablets