Device owner mode is the device operation mode for company-owned Android devices. This mode lets you have full control over the entire device and configure a wide range of device functions.
Kaspersky Security Center lets you install the Kaspersky Endpoint Security for Android app in device owner mode by generating a QR code for app installation on the device.
Kaspersky Endpoint Security for Android is installed on the mobile devices of users whose user accounts have been added in Kaspersky Security Center. For more details about user accounts in Kaspersky Security Center, please refer to Kaspersky Security Center Help.
Ways to install the app
The Kaspersky Endpoint Security for Android app can be installed via a QR code in one of the following ways:
Download the app from Kaspersky website
Choose this method for mobile devices that can access the internet to download the APK installation file from the Kaspersky website. The app will then be updated using Google Play or HUAWEI AppGallery.
Download the app installation package from Kaspersky Security Center
The app's installation package will be downloaded from the Kaspersky Security Center server. The app will also be updated through Kaspersky Security Center using policy settings. You can also choose this method if mobile devices in your company have no access to the internet.
For this method, follow the steps below before generating a QR-code:
When deploying the app via the installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, the Blocked by Play Protect message may appear on the device. The issue is caused by the installation package signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.
Generating QR code for app installation
To generate a QR code for app installation in device owner mode:
In the console tree, select the Mobile Device Management → Mobile devices folder.
In the workspace of the Mobile devices folder, click the Add mobile device button.
This starts the New Mobile Device Connection Wizard. Follow the instructions of the Wizard.
In the Operating system section, select Android.
In the Device type section, select Company-owned device (device owner mode).
In the Network for downloading the Kaspersky Endpoint Security app section, select one of the following options:
Prompt the user to select a Wi-Fi network on the device
If you choose this option, the device user will be prompted to connect to any available Wi-Fi network for downloading the app.
This option is selected by default.
Use only the specified Wi-Fi network (Android 9 or later)
If you choose this option, the device will try to automatically connect to the network that you have specified. This option is supported on Android 9.0 or later.
Be sure to correctly specify all the network parameters. Otherwise, if any parameter is incorrect or the network is not available, the installation process will be interrupted and the device will be reset to the factory settings.
To configure the connection for the required Wi-Fi network, click the Specify network button. In the Wi-Fi network for downloading Kaspersky Endpoint Security window, specify the following parameters:
Specifies a wireless network security type. Possible values:
Open - If selected, the network is not protected (default).
WEP (Android 9 or earlier) - If selected, the network is protected using the WEP protocol. This option requires entering a password for accessing the network and applies only to Android 9 and earlier.
WPA2 PSK - If selected, the network is protected using the WPA 2 PSK security protocol. This option requires entering a password for accessing the network.
Specifies a password for accessing a wireless network protected using a WEP or WPA2 PSK protocol. The password will be sent in QR code.
Do not use a password for a confidential Wi-Fi network. The password is sent to the user in the open way along with other necessary configuration data.
Specifies the use of proxy server. If this option is selected, you need to provide proxy server address and port. You can also specify a list of sites for which the proxy will be bypassed.
Specifies addresses of websites for which the proxy server should not be used.
For example, you can enter the address example.com. In this case, the proxy server will not be used for the addresses pictures.example.com, example.com/movies, etc. The protocol (for example, http://) can be omitted.
A URL to a proxy auto-configuration (PAC) file for the Wi-Fi network.
Try to use mobile data (Android 8.0 or later)
If you choose this option, the device will try to use mobile data to download the app. If the device does not have a SIM card, or the mobile network is not available, the user will be prompted to select any available Wi-Fi network.
This option is supported on Android 8.0 or later.
In the Additional section, select the Enable all system apps check box if you want system apps to be active on the device. If the check box is cleared, all system apps are disabled.
Click Next.
Kaspersky Security Center checks for administration plug-in updates. If Kaspersky Security Center detects updates, you can install the new version of the administration plug-in. When the administration plug-in is updated, you can accept the Terms and Conditions of the End User of the License Agreement (EULA) and additional Statements for Kaspersky Endpoint Security for Android. If the administrator accepts the License Agreement and additional Statements in Administration Console, Kaspersky Endpoint Security for Android skips the acceptance step during installation of the app.
At the Method to install Kaspersky Endpoint Security for Android on devices in device owner mode step, select an installation method:
Download the app from Kaspersky website
Download the app installation package from Kaspersky Security Center
If you choose this option, leave the Allow HTTP use for app download in device owner mode check box selected to ensure the app is downloaded. Otherwise, the app will be downloaded via HTTPS only if the Kaspersky Security Center Web Server certificate was issued by a trusted certificate authority.
For more details about these methods, see the Ways to install the app section above.
At the Select users step of the wizard, select one or more users for installation of Kaspersky Endpoint Security for Android to their mobile devices.
If a user is not in the list, you can add a new user account without exiting the Mobile Device Connection wizard.
At the Certificate source step of the wizard, select the source of the certificate for protection of data transfer between Kaspersky Endpoint Security for Android and Kaspersky Security Center:
Issue certificate through Administration Server tools. In this case, the certificate will be created automatically.
Specify certificate file. In this case, your own certificate must be prepared ahead of time and then selected in the window of the wizard. This option cannot be used if you want to install Kaspersky Endpoint Security for Android to several mobile devices. A separate certificate must be created for each user.
At the User notification method step of the wizard, select the method to be used to send the QR code for app installation:
Select Show QR code in wizard to scan the QR code with the camera of the mobile device on which you want to install the app.
Select Send QR code to user to send the QR code with the corresponding link by email to the selected users in your organization. To install the app, a user must then scan the QR code using the camera of the mobile device or open the link to the installation package.
If you select this method, specify the following parameters in the By email section:
Select the User emails check box. In the drop-down list, select one of the following options:
All emails
Main email
Alternate email
These email addresses must be specified in the user account settings in Kaspersky Security Center.
If you want to send the QR code to an email address that is not specified in the user account settings in Kaspersky Security Center, select the Another email check box, and then specify the required email address.
Click the Edit message button to configure the subject and the text of the notification message.
If you selected the Prompt for password during certificate installation check box in the Issuance of mobile certificates section, add the %PASS% macro to the text of a notification message to send a password to the user. Otherwise, a warning appears and the notification message cannot be sent.
Click the Next button to send the generated email message.
The Result step of the wizard displays a summary of the entered information. Scan the QR code if you selected the Show QR code in wizard option at the previous step of the wizard.
Click Finish to close the New Mobile Device Connection Wizard.
After installing Kaspersky Endpoint Security for Android on users' mobile devices, you will be able to configure the settings for devices and apps by using group policies. You will also be able to send commands to mobile devices for data protection in case devices are lost or stolen.