Secure Device Mode
Secure Device Mode is a Launcher feature that ensures authorized users are always logged in to the Launcher within a timeout period.
Overview
Security is paramount at work, especially in the digital age. Mobile device management protects enterprise data against unauthorized access and breaches. Secured Device is a Launcher feature that requires mandatory sign-in of authorized users before gaining access to certain applications or settings. Enabling this feature will require users to log into the Launcher within a timeout period; otherwise, it will trigger a looping sound alarm. To shut off the alarm, the user must either log into the Launcher or cradle the device.
User Guide
Secured Device prevents unauthorized access and makes sensitive data inaccessible to people who don't have the appropriate user credentials.
If this feature is enabled in the configuration, the message ‘Login initiated. The countdown started.’ will be displayed on the screen.
The user must log into the Launcher within a specific number of seconds before the device plays a looping sound alarm.
The alarm will be triggered if the user fails to log into the Launcher. The user will be notified to either log into the Launcher or cradle the device to cancel the alarm.
If the snooze setting for this feature is also activated, it will postpone the alarm for a configured number of seconds. When the end of the countdown is reached, the alarm will be triggered again.
Feature Configuration
To set up the Secured Device feature for a particular device profile or device group, please follow the steps below:
Enabling Secure Device Mode
Set unsecuredDeviceTimeoutInSecs to a positive value (e.g., 30 for a 30-second timeout). This triggers an alarm if the device is uncradled and inactive for your chosen duration. To stop the alarm, simply log in or cradle the device.
To disable Secured Device Mode, set unsecuredDeviceTimeoutInSecs back to zero (0).
Setting Up Device Countdown Alarm
When set to true, unsecuredDeviceEffects enables the warning countdown alarm. This alerts the user when there are 12 seconds or less left before the timeout ends, reminding them to log in or cradle the device to prevent the alarm from sounding.
By default, unsecuredDeviceEffects is set to false. This means the warning countdown alarm won't activate unless specifically configured to do so.
Adjusting Device Sound Volume
To adjust the volume of the alarm sound, set a value between 0 to 100 in the configuration. By default, unsecuredDeviceSoundVolume is set to 100 which is the maximum volume level.
Customizing Device Sound Settings
Secure Device mode enables audible differentiation of alarms, providing organizations with the flexibility to customize alarm sounds to their unique requirements.
To customize the sound for the unsecured device countdown effect, choose a file on the sdcard or a file referenced in the Assets Manager configuration. When unsecuredDeviceEffects is set to true, the warning countdown alarm will be triggered to remind the user to either log in or cradle the device. The example below references the loginAlarm file found within the device's Assets Manager.
You can also customize the sound for the unsecured device alarm. When triggered, the alarm will be played at the highest possible volume. To shut off the alarm, the user must login or cradle the device. The example below references the loginAlarm file found within the device's Assets Manager.
Setting Up The Snooze Alarm
The looping sound alarm can be silenced even if the user does not log into the Launcher or cradle the device by defining the number of seconds of the property securedDeviceSnoozeDuration in the configuration. Starting in Launcher version 3.20.12, this snooze feature can be configured to appear and selected multiple times using the secureDeviceMaxSnoozeCount property. These parameters are only applicable if unsecuredDeviceTimeoutInSecs is also set. The example below shows the snooze configuration for the sound alarm to be delayed for 120 seconds, for three times at most.
Putting It All Together
For the example described above, the full configuration for the Secure Device mode is as follows:
Appendix: External Cradle Monitoring
Launcher 3.22.25 introduced compatibility with external applications developed by a customer or third-party to monitor or supplement Launcher's cradle state handling.
For example, a customer builds an app to determine if a device is still on a cradle during a power outage and therefore should not go into Secure Device Mode. Defining the customer's application package and cradle monitoring activity in the externalCradleMonitor object allow Launcher and the customer app to communicate regarding whether the criteria are met to suspend Secure Device Mode. Contact a BlueFletch representative if you are interested in more information about this feature.
When developing your own external cradle monitoring app, there are certain intent actions to watch for:
com.bluefletch.ems.launcher.START_CRADLE_MONITOR
com.bluefletch.ems.launcher.STOP_CRADLE_MONITOR
These are actions used by Launcher to communicate with the external application regarding when to start or stop the monitoring service. These actions will dictate when the app should broadcast actions for a device's cradle state.
Once an external cradle monitor is defined, Launcher will subscribe to two specific intent actions that respectively indicate when a device is considered cradled or uncradled outside of its power state:
com.bluefletch.ems.launcher.DEVICE_CRADLED
com.bluefletch.ems.launcher.DEVICE_UNCRADLED
Secure Device Mode was introduced in Launcher 3.8.x.
Last updated