Menu

SE for Android Policy Delivery (SPD) updates

This section provides an overview of SE for Android Policy Delivery updates.

About SPD

SE for Android Policy Delivery (SPD) enables end-users to opt-in to SE for Android Policy updates to ensure their devices are protected against the latest threats.

Unlike anti-malware tools that look for specific malicious software, SE for Android Policy defines very detailed permission rules for every type of software on a Samsung device. These poliies can be used to limit access beyond what the Android permission model can do alone.

SPD updates can insert new software restrictions to prevent security bugs from being exploited or to otherwise block new attacks. Since SPD policy updates can be created and pushed to devices very quickly, they can help bridge the gap between firmware updates once a vulnerability is identified. Unlike firmware updates, policy updates don’t modify any software on the device, thus preserving an enterprise’s validated software configurations.

The SPD update setting was previously only accessible through manual action taken by an end user using the device Settings menu. This feature introduces APIs to enable direct control for enabling or disabling automatic SPD policy updates.

How SPD works

SPD control modes

The SPD policy update system can be ENABLEDor DISABLED. In the enabled state, the mobile device receives and applies Security Policy updates automatically as they become available on Samsung’s SPD servers. In the disabled state, no policy updates occur. This feature enables MDM control of this SPD state by allowing for three (3) modes to be requested by the MDM:

  • SPD Forced ON — SPD update system is ENABLEDand end user control of the SPD update system is disallowed.
  • SPD Forced OFF — SPD update system is DISABLEDand end user control of the SPD update system is disallowed.
  • SPD Controlled by End User — SPD update system state is released from MDM control and allowed to be set by the end user.

If the MDM makes the call to allow end user control, the SPD update system reverts to the last state it was in prior to any MDM-enforced mode.

Examples

Set the SPD Security Policy

Use setAutoSecurityPolicyUpdateMode to enable automatic SPD Security Policy updates:

  1. Create EnterpriseDeviceManager object.
  2. Create the SPDControlPolicy object.
  3. Use setAutoSecurityPolicyUpdateMode and set SPD_ENFORE_ON
EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
SPDControlPolicy spdControlPolicy = edm.SPDControlPolicy();
spdControlPolicy.setAutoSecurityPolicyUpdateMode(SPD_ENFORCE_ON);