Secure Notifications

Secure Notifications is a Launcher feature that enables device administrators to lock down the notifications display and control which notifications are presented to or kept from the user.

Overview

The Android system status bar contains notification icons, current device status, and other system details. Hiding or disabling notifications prevents unauthorized access to certain apps and settings, provides better device functionality, and promotes a more immersive user experience. Secure Notifications is a Launcher feature that serves as a customizable replacement for the default Android system notification tray. It protects sensitive company data and ensures that the device is used only for the intended purpose.

This feature only works on Android devices running on Android 6.0 Marshmallow (sdk 23) and above. This feature will not work on Android 5.1 lollipop devices because the Screen Overlay Permission is only available for 6.0+ devices.

Getting Started

Secure Notifications allows IT administrators to gain granular control over Android enterprise devices by disabling the Android Status Bar and System Notifications Tray, and replacing them with the BlueFletch Secure Notifications Feature. This feature prevents potential threats from accessing the device settings through the notifications. This section will walk you through two major concepts: how to disable the Android notifications tray in various MDMs, and how to configure the Secure Notifications feature in the Launcher configuration.

Disabling Notifications in VMware Workspace One

Log into your VMWS1 Instance;
Navigate to Resource > Profiles;
Click on the 'ADD' button and select 'Add Profile' from the dropdown list;

Select Android as your Platform and you will be automatically navigated to the next screen;

Provide a name for the Profile;
Click 'Add' and the toggles in the 'Restrictions' drop down list will become active;

Set the toggle to the off position for 'Allow Keyguard Notifications';
Set the toggle to the off position for 'Allow Keyguard Unredacted Notifications';
Set the toggle to the off position for 'Allow Status Bar';
Click 'Next' and you will be navigated to the next screen;

Confirm your selections and click 'Save & Publish'.
Once this Profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Disabling Notifications in SOTI MobiControl

Click on the menu icon in the top left corner of the MobiControl console which will expand the list of actions;

Click on 'Profiles' which will take you to the 'Profiles' page;

Click on ' + NEW PROFILE' which present a 'CREATE PROFILE' modal (shown below);

Hover over the Android icon which will expose a drop down;
Select the appropriate profile type for your device landscape. For the purposes of this documentation, we will select 'Work Managed';
Once the profile type is selected, you will be shown a 'CREATE PROFILE' modal with three tabs, | GENERAL | CONFIGURATIONS | PACKAGES | (shown below);

In the 'GENERAL' tab, provide a Profile Name and a Description;
Click in the 'CONFIGURATIONS', which will present a 'Add a Configuration' modal (shown below);

In the 'Add a Configuration' modal, click on 'Feature Control' which will present the 'FEATURE CONTROL' modal (shown below);

In the 'DEVICE FUNCTIONALITY' tab, toggle the 'Allow Status Bar' to the off position (shown below);

Navigate to the 'SECURITY' tab, toggle the 'Allow Keyguard Notifications' and the 'Allow Sensitive Notifications' to the off position (shown below);

Click 'SAVE', which will take you back to the 'CREATE PROFILE' modal (shown below);

Click 'SAVE', and your Profile will be saved and available to assign to devices.
Once this Profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Disabling Notifications in Microsoft InTune

From the InTune Console, select 'Devices';
Then click on 'Android';
Once you click on 'Android', you'll see the option to '+ Create profile';
Click on '+ Create profile' and it will extend the 'Create a profile' window on the right side of the screen (shown below);

Select 'Android Enterprise' for the Platform dropdown;
Select 'Device Restrictions' from the Profile type dropdown;
Click 'Create' once completed, and you'll be taken to the 'Device restrictions' screen (shown below);

Provide a Name for the Configuration profile and a Description;
Hit 'Next' when complete and you'll be taken to Configuration Settings screen (shown below);

Click on 'General', which will expand the dropdown options (shown below);

Scroll down to the 'Fully managed and dedicated devices' section;
Toggle the 'Status bar' to "Block";
Hit 'Next' which will navigate you to 'Assignments' page (shown below);

Assign the Configuration profile to the desired Groups and hit 'Next';

Review the Configuration profile and hit 'Create'.
Once the Configuration profile has been deployed to the devices, the BlueFletch Secure Notifications configuration can be applied. Instructions for configuring BlueFletch Secure Notifications can be found below in the 'Feature Configuration' section.

Feature Configuration

To set up the Secure Notifications feature for a particular device profile or device group, please follow the steps below:

Enabling the Status Bar

If secureNotifications is set to true, the user won't be able to access the default Android system notifications from the device. If this configuration is not present, this feature is disabled.

{
    ...
    "secureNotifications" : {
        "enabled": true,
     }
}

Enabling the Heads-Up Pop-Up Feature

If enabledHeadsUp is set to true, the heads-up pop-up feature will be enabled. If this configuration is not present, this feature is disabled.

        "enableHeadsUp": true,

Setting Up the Range

To set up the range where the Heads-Up Pop-Up Feature will be shown, define the number of seconds in the configuration. If headsUpTime is disabled, the default is 3 seconds.

        "headsUpTime": 2000,

Configuring Allowed Packages

You can customize the packages that are allowed to send notifications. Only notifications from these packages will be displayed. If the list is empty or the key is missing, all notifications will be displayed unless blocked. An example configuration is shown below:

        "whitelist": ["com.example.phone", "com.example.music"],

Configuring Blocked Packages

You can customize the packages that must be blocked from sending notifications. Notifications from these packages will not be displayed. If the list is empty or the key is missing, no notifications are blocked. An example configuration is shown below:

        "blacklist": ["com.example.browser"],

If a package is both in the whitelist and blacklist configuration, the blacklist has higher priority, so the notifications from the package will not be shown.

Configuring Notification Bubble Settings

You can customize the color and width settings of the notification bubble. If bubbleColor has no specific value, the default color is white. If bubbleOffset is not specified, the notification bubble will be set in the middle of the screen. The example below shows the default configuration of the color and width settings:

{
        "bubbleColor" : "#FFFFFF",
        "bubbleOffset" : 50
    }
}

Secure Notifications was introduced in Launcher 3.1.x.

PreviousNFC Enable/Disable NextWi-Fi UI Settings Enable/Disable

Last updated 1 year ago