Skip Navigation

BlackBerry UEM Client
for
Android
known issues

When a
Samsung
device user tries to activate using the
Android Enterprise
Work and personal - full control
activation type, if the screen is locked (for example, the user manually locks the device or the screen times out) or if the device restarts before the activation process completes, when the user unlocks the device, the device is stuck at a blank screen. (EMA-19102)
Workaround
: Reset the device from the
Android
Recovery menu, then activate again and make sure the device does not lock or restart during the activation process.
If you enable
Knox
DualDAR encryption and select the encryption app in the assigned activation profile, when a
Samsung
device user tries to activate using the
Android Enterprise
Work and personal - full control
activation type, the activation does not complete as expected. (EMA-19100)
As of
UEM Client
version 12.45.0.158273, if a user is assigned an Intercede user credential profile and an enterprise connectivity profile with "Container wide VPN" enabled, by default the
UEM Client
will route container wide VPN traffic through
BlackBerry Secure Connect Plus
to
UEM
. If you remove the Intercede user credential profile from a user with an
Android Enterprise
activation type, the user's device will continue to route VPN traffic through
BlackBerry Secure Connect Plus
to
UEM
instead of using a direct connection to
UEM
. (EMA-19065)
Workaround
: Add the
UEM Client
to the restricted apps list in the enterprise connectivity profile.
As of
UEM Client
version 12.45.0.158273, if a user is assigned an Intercede user credential profile and an enterprise connectivity profile with "Container wide VPN" enabled, by default the
UEM Client
will route container wide VPN traffic through
BlackBerry Secure Connect Plus
to
UEM
. On
Pixel
devices, if you assign the Intercede user credential profile to the user after they activate with an
Android Enterprise
activation type, the user's device will continue to route VPN traffic directly to
UEM
instead of routing it through
BlackBerry Secure Connect Plus
. (EMA-19060)
If you assign an IT policy to users with the Password complexity level and Password expiration rules configured for
Android
devices (work and personal),
Samsung
devices with
Android
15 or later and the "Work and personal - user privacy (
Android Enterprise
with work profile)" activation type will be out of compliance after the user opens the
UEM Client
, and the user must change their password to satisfy the configured rules. In the same scenario on
Samsung
devices with
Android
14 or earlier, the user can dismiss the prompt and is not forced to change their password. (EMA-19038)
Samsung
devices with an
Android Enterprise
activation type that are configured to use
BlackBerry Secure Connect Plus
are not able to use a direct connection to
UEM
if
BlackBerry Secure Connect Plus
is not available or if the
BlackBerry Connectivity
app is not working as expected. This impacts only
Samsung
devices with one of the following configurations:
  • Assigned an Intercede user credential profile and an enterprise connectivity profile with "Container wide VPN" enabled
  • Assigned an enterprise connectivity profile with "Per-app VPN" enabled (
    UEM Client
    is on the allowed apps list)
(EMA-19034)
After deactivating a
Samsung
device that was activated with the
MDM controls
activation type (with the
Samsung Knox
option enabled), and you try to reactivate it, a "Unknown error: 4025" error message appears if the administrator had assigned a system certificate that's typically pre-installed on the device (such as DigiCert Global Root CA) prior to activation. (EMA-18302)
Workaround
: In the device Settings > View security certificates menu, enable the system certificates (such as DigiCert Global Root CA).
When activating a device in a dark site environment with the Work space only (
Android Enterprise
) activation type, if the device uses the
Samsung
SVPN application, it does not activate successfully. (EMA-17497)
On some
Samsung
devices that were activated on
Android
12, the IT policy that is assigned to the device is not correctly applied after upgrading to
Android
13. (EMA-17465)
Workaround
: Reactivate the device.
You might not be able to use
Knox Mobile Enrollment
to activate
Samsung Galaxy
A52 or
Samsung Galaxy
XCover devices running
Android
11. (EMA-17342)
On
Samsung
devices running
Android
11 activated with the
Work space only
(
Android Enterprise
) activation type,
Wi-Fi
profiles that are configured with a shared certificate are not saved to the device. (EMA-16909)
On
Samsung
devices running
Android
12, if the "Send usage and diagnostic data" setting is enabled on the device but your administrator assigned a policy rule to disable it, the "Based on the admin policy set for your phone, the following policy has been withdrawn: Sending of Diagnostic Data." warning message appears. (EMA-16746)
During activation, the user must set a complex password for the work space even though the IT policy is set to numeric or alphanumeric. (EMA-16254)
When activating a
Samsung Knox
device, if the screen times out at the
Knox
license activation screen, the activation is not successful when you try to continue. (EMA-16046)
On some European models of
Samsung
devices running
Android
11, the device Welcome screen appears during activation when using the
Work and personal - full control
(
Android Enterprise
fully managed device with a work profile) activation type. The device is activated correctly and the user can follow device setup screens. (EMA-16014)
On some
Samsung
devices that are activated using the
Work and personal - full control
(
Android Enterprise
fully managed device with a work profile) activation type, after upgrading to
Android
11, the compliance profile incorrectly restricts apps in the personal space. (EMA-15960)
On
Samsung
devices activated with the
Work and personal - full control
(
Android Enterprise
fully managed device) non-premium activation type, when an administrator unassigns an app, the app isn’t uninstalled but is instead grayed out and cannot be opened. (EMA-14851)
Workaround
: On the device, manually uninstall the app.
If the
UEM Client
is set as the authentication delegate for
BlackBerry Dynamics
, and a compliance profile is assigned to users with the "Rooted OS or failed Knox attestation" compliance rule enabled, when the
UEM Client
is locked due to inactivity and the user enters their password to log in to a
BlackBerry Dynamics
app, the password is not accepted. The user is returned to the login screen but the password field is greyed out. (GD-67251)