MTD support for Android 10

Ivanti Mobile Threat Defense supports Android 10 OS, with the following configuration caveats:

Location services are required to detect network threats – Android 10 devices require that location services be on to configure Wi-Fi. Turning off location services impacts the client’s ability to identify network threats, including Unsecured Wi-Fi and Rogue Access Points. Irrespective of location permission status on the device, the critical network-based threats like MiTM, MiTM Fake SSL Cert, and Internal Network Access are still detected.

Note the expected location and Wi-Fi behavior for different modes of Android, described below.

Table 21.  Expected behavior for new and upgraded Android 10 installations
Deployment mode Expected behavior

All modes

Disconnect Wi-Fi local action is disabled in all modes on Android 10 devices.

Android Enterprise
(Profile Owner)

During installation or upgrade of MTD on Android 10, the device user is prompted to enable location services for both device and profile.

If Disallow share location is enabled in the PO lockdown config, this will block the user's ability to turn on location services. Uncheck this feature to prompt the user to enable location services.

  • If the user selects GO TO SETTINGS: Location service launches in Settings. When the user enables both location settings, configured network threats will be detected.

    If device-level location services are on, but profile services are off, MTD can't directly open to the Profile Services switch. The user will have to locate the switch.

  • If the user selects NO: Network threats will not be detected, although the MTD configuration is applied.

Android Enterprise
(Device Owner)

Location settings are enabled without user action, allowing Wi-Fi configurations and MTD detection of network threats.

Device administrator
(DA) mode

Wifi APIs are not available for DA and mobile application management (MAM) modes, even if location services are enabled. So MTD cannot detect network threats for these devices. All configured non-network threats will be detected.

Corporate owned, personally enabled
(COPE) mode

MTD requires that COPE devices running Android 10 have location enabled at all times, and currently cannot be disabled.