BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  • Overview
  • Getting Started
  • Disabling Notifications in VMware Workspace One
  • Disabling Notifications in SOTI MobiControl
  • Disabling Notifications in Microsoft InTune
  • Feature Configuration
  • Enabling the Status Bar
  • Enabling the Heads-Up Pop-Up Feature
  • Setting Up the Range
  • Configuring Allowed Packages
  • Configuring Blocked Packages
  • Configuring Notification Bubble Settings
  1. Product Guides
  2. BlueFletch Launcher
  3. Security and Safety

Secure Notifications

Secure Notifications is a Launcher feature that enables device administrators to lock down the notifications display and control which notifications are presented to or kept from the user.

PreviousNFC Enable/DisableNextWi-Fi UI Settings Enable/Disable

Last updated 1 year ago

Overview

The Android system status bar contains notification icons, current device status, and other system details. Hiding or disabling notifications prevents unauthorized access to certain apps and settings, provides better device functionality, and promotes a more immersive user experience. Secure Notifications is a Launcher feature that serves as a customizable replacement for the default Android system notification tray. It protects sensitive company data and ensures that the device is used only for the intended purpose.

This feature only works on Android devices running on Android 6.0 Marshmallow (sdk 23) and above. This feature will not work on Android 5.1 lollipop devices because the Screen Overlay Permission is only available for 6.0+ devices.

Getting Started

Secure Notifications allows IT administrators to gain granular control over Android enterprise devices by disabling the Android Status Bar and System Notifications Tray, and replacing them with the BlueFletch Secure Notifications Feature. This feature prevents potential threats from accessing the device settings through the notifications. This section will walk you through two major concepts: how to disable the Android notifications tray in various MDMs, and how to configure the Secure Notifications feature in the Launcher configuration.

Disabling Notifications in VMware Workspace One

  • Log into your VMWS1 Instance;

  • Navigate to Resource > Profiles;

  • Click on the 'ADD' button and select 'Add Profile' from the dropdown list;

  • Select Android as your Platform and you will be automatically navigated to the next screen;

  • Provide a name for the Profile;

  • Click 'Add' and the toggles in the 'Restrictions' drop down list will become active;

  • Set the toggle to the off position for 'Allow Keyguard Notifications';

  • Set the toggle to the off position for 'Allow Keyguard Unredacted Notifications';

  • Set the toggle to the off position for 'Allow Status Bar';

  • Click 'Next' and you will be navigated to the next screen;

  • Confirm your selections and click 'Save & Publish'.

  • Once this Profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Disabling Notifications in SOTI MobiControl

  • Click on the menu icon in the top left corner of the MobiControl console which will expand the list of actions;

  • Click on 'Profiles' which will take you to the 'Profiles' page;

  • Click on ' + NEW PROFILE' which present a 'CREATE PROFILE' modal (shown below);

  • Hover over the Android icon which will expose a drop down;

  • Select the appropriate profile type for your device landscape. For the purposes of this documentation, we will select 'Work Managed';

  • Once the profile type is selected, you will be shown a 'CREATE PROFILE' modal with three tabs, | GENERAL | CONFIGURATIONS | PACKAGES | (shown below);

  • In the 'GENERAL' tab, provide a Profile Name and a Description;

  • Click in the 'CONFIGURATIONS', which will present a 'Add a Configuration' modal (shown below);

  • In the 'Add a Configuration' modal, click on 'Feature Control' which will present the 'FEATURE CONTROL' modal (shown below);

In the 'DEVICE FUNCTIONALITY' tab, toggle the 'Allow Status Bar' to the off position (shown below);

  • Navigate to the 'SECURITY' tab, toggle the 'Allow Keyguard Notifications' and the 'Allow Sensitive Notifications' to the off position (shown below);

  • Click 'SAVE', which will take you back to the 'CREATE PROFILE' modal (shown below);

  • Click 'SAVE', and your Profile will be saved and available to assign to devices.

  • Once this Profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Disabling Notifications in Microsoft InTune

  • From the InTune Console, select 'Devices';

  • Then click on 'Android';

  • Once you click on 'Android', you'll see the option to '+ Create profile';

  • Click on '+ Create profile' and it will extend the 'Create a profile' window on the right side of the screen (shown below);

  • Select 'Android Enterprise' for the Platform dropdown;

  • Select 'Device Restrictions' from the Profile type dropdown;

  • Click 'Create' once completed, and you'll be taken to the 'Device restrictions' screen (shown below);

  • Provide a Name for the Configuration profile and a Description;

  • Hit 'Next' when complete and you'll be taken to Configuration Settings screen (shown below);

  • Click on 'General', which will expand the dropdown options (shown below);

  • Scroll down to the 'Fully managed and dedicated devices' section;

  • Toggle the 'Status bar' to "Block";

  • Hit 'Next' which will navigate you to 'Assignments' page (shown below);

  • Assign the Configuration profile to the desired Groups and hit 'Next';

  • Review the Configuration profile and hit 'Create'.

  • Once the Configuration profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Feature Configuration

To set up the Secure Notifications feature for a particular device profile or device group, please follow the steps below:

Enabling the Status Bar

If secureNotifications is set to true, the user won't be able to access the default Android system notifications from the device. If this configuration is not present, this feature is disabled.

{
    ...
    "secureNotifications" : {
        "enabled": true,
     }
}  

Enabling the Heads-Up Pop-Up Feature

If enabledHeadsUp is set to true, the heads-up pop-up feature will be enabled. If this configuration is not present, this feature is disabled.

        "enableHeadsUp": true,

Setting Up the Range

To set up the range where the Heads-Up Pop-Up Feature will be shown, define the number of seconds in the configuration. If headsUpTime is disabled, the default is 3 seconds.

        "headsUpTime": 2000,

Configuring Allowed Packages

You can customize the packages that are allowed to send notifications. Only notifications from these packages will be displayed. If the list is empty or the key is missing, all notifications will be displayed unless blocked. An example configuration is shown below:

        "whitelist": ["com.example.phone", "com.example.music"],

Configuring Blocked Packages

You can customize the packages that must be blocked from sending notifications. Notifications from these packages will not be displayed. If the list is empty or the key is missing, no notifications are blocked. An example configuration is shown below:

        "blacklist": ["com.example.browser"],

If a package is both in the whitelist and blacklist configuration, the blacklist has higher priority, so the notifications from the package will not be shown.

Configuring Notification Bubble Settings

You can customize the color and width settings of the notification bubble. If bubbleColor has no specific value, the default color is white. If bubbleOffset is not specified, the notification bubble will be set in the middle of the screen. The example below shows the default configuration of the color and width settings:

{
        "bubbleColor" : "#FFFFFF",
        "bubbleOffset" : 50
    }
}

Secure Notifications was introduced in Launcher 3.1.x.