Prerequisites to support malware detection on Android devices
Android
devices- Install theUEM Clientand/orBlackBerry Dynamicsapps on users’ devices (see the software requirements). Whether the malware scan is initiated by theUEM Clientor a specificBlackBerry Dynamicsapp depends on the device activation type and the authentication delegate configured in theBlackBerry Dynamicsprofile.
- The following settings are recommended based on device activation types:Activation typeRecommended settingsAndroid EnterpriseIn theBlackBerry Dynamicsprofile that is assigned to users:
- Select "EnableUEM Clientto enroll inBlackBerry Dynamics". This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- Select “Do not require password” forAndroiddevices. This allows theUEM Clientto run malware scanning in the background without prompting the user for aBlackBerry Dynamicspassword.
- Configure theUEM Clientas the authentication delegate. If malware is detected and the configured compliance action is to preventBlackBerry Dynamicsapps from running, theUEM Clientcan block allBlackBerry Dynamicsapps until compliance is restored.
Note that for this activation type, malware scanning is always performed by theUEM Client.Samsung KnoxIn theBlackBerry Dynamicsprofile that is assigned to users, configure aBlackBerry Dynamicsapp that runs in the work space as the authentication delegate. This enables oneBlackBerry Dynamicsapp to manage authentication, malware scanning, and compliance enforcement on behalf of allBlackBerry Dynamicsapps.MDM controlsIn theBlackBerry Dynamicsprofile that is assigned to users:- Select "EnableUEM Clientto enroll inBlackBerry Dynamics". This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- In theBlackBerry Dynamicsprofile that is assigned to users, configure theUEM Clientas the authentication delegate. This enables theUEM Clientto manage malware scanning and compliance enforcement on behalf of allBlackBerry Dynamicsapps. This configuration is not required if noBlackBerry Dynamicsapps (aside from theUEM Client) are installed on a device.
Note that with this activation type, device-level compliance actions (for example, Untrust) are not applicable. Compliance actions forBlackBerry Dynamicsapps are applicable.User privacyIn theBlackBerry Dynamicsprofile that is assigned to users:- Select "EnableUEM Clientto enroll inBlackBerry Dynamics". This setting is enabled by default in newBlackBerry Dynamicsprofiles that you create.
- Verify that “Do not require password” forAndroiddevices is not enabled, for security purposes. Notify users that they will have to specify aBlackBerry Dynamicspassword when prompted.
- Configure theUEM Clientor a specificBlackBerry Dynamicsapp as the authentication delegate. TheUEM Clientis recommended because it can run in the background. The authentication delegate can authenticate anyBlackBerry Dynamicsapp on the device and will manage malware scanning on behalf of allBlackBerry Dynamicsapps. If malware is detected and the configured compliance action is to preventBlackBerry Dynamicsapps from running, the authentication delegate can block allBlackBerry Dynamicsapps until compliance is restored.
- If you do not configure an authentication delegate, malware scanning will be performed by theUEM Clientand eachBlackBerry Dynamicsapp, which can consume device resources.
Device registration forBlackBerry 2FAonlyMalware scanning is not applicable to this activation type.