What is device admin deprecation?

In December 2017, Google publicly announced the deprecation of the device admin (DA) mode of mobile device management.

This deprecation is designed to expedite the migration:

Android originally introduced device admin in Android 2.2. Since then, the needs of enterprises have evolved. Devices are increasingly accessing more confidential resources and being used in a wider variety of use cases for which device admin was intended.

DA has been considered a legacy management approach since the launch of AE and its device owner (DO) and work profile owner (PO) model in Android 5. With DA, an app had access to privileged resources on the device by mere virtue of it being a DA app. Because DA isn't well suited for today's enterprise requirements, customers and partners are strongly advised to adopt AE from now on.

To this end, Google has deprecated four essential DA policies that managed passwords, the keyguard (lockscreen), and camera. These deprecated policies:

  • were marked as legacy in Android 9 (or Pie, API level 28)
  • now throw security exceptions and no longer work when used in Android 10 (or Q, API level 29)

Apps uploaded to the Google Play store now need to target a recent Android API level to ensure that users benefit from significant security and performance improvements. By November 2, 2020, Google requires app updates to target API level 29, which corresponds with Android 10 (Q). So by this date, the deprecated DA policies stop working.

For more, see: