For several years we as Android enthusiasts have been pushing for Android to be accepted by the enterprise community. When we get a work phone, or use our own phone for work, it would be nice to have a choice of the phone we could use. It would be nice if we could use our favourite mobile OS, Android. Finally Android is starting to make some inroads into business, mostly with BYOD (bring your own device), with the advent of extra security not only within the Android base but also those introduced by manufacturers (eg. Samsung with Knox).
Recently I’ve obtained an email address through an organisation I’m part of but was unable to use the email on my phone because I didn’t want the Email app to become a device administrator. Yes, I know that’s crazy of me and I should be using security on my device but it is my choice and this way it makes it easier in day to day use for me. After not using the email for a couple of months I noticed a very simple way to circumvent the security requirements of exchange email access. It was as simple as installing an Xposed module.
The module, Exchange Bypass For Xposed, bypasses the AOSP Email app from becoming a device administrator on your phone/tablet. This prevents the email app “from setting up any security restrictions on your device including pin/password/remote wipe, etc.”
The module is extremely easy to use as well, making it a possible nightmare for a company’s IT administrator. I have tested it myself on a Nexus 5, a Nexus 4, a Nexus 7 and a OnePlus One, all running AOSP roms and it worked on all of them. At this stage it is thought to only work on the AOSP Email app but the developer is working on getting it working on other email apps, including Boxer. To install the user has to complete the following steps:
- Remove the email account they currently have setup in the AOSP Email app (delete data in device settings may be required)
- Reboot device
- Install Xposed framework installer
- Install module from here or search for Exchange Security Bypass for Nexus Devices and other AOSP based ROMs
- Enable the module in Xposed
- Reboot device
- Enter email account and server settings into AOSP Email app
- Tap “OK” when the app says it needs to remotely control some security features of their Android device (it won’t actually do this though)
- Done. Exchange email security has been bypassed
Whether this will have ramifications with Android adoption in the enterprise industry is unknown at this stage but considering the very small percentage of Android users that obtain root access on their device and then the small percentage of that who actually use Xposed I doubt it will have much impact. In saying that, the media and non-enlightened people seem to always blow issues such as these out of proportion tarring all Android users with the same brush.
Users who decide to bypass the security requirements of their employers/email providers should be aware of any risks that may come with it, including repercussions from their employer should they ever find out. IT administrators should also be aware of this and work together with Android users to obtain an outcome that will suit both the user and the employer.
Are you likely to do this so you can use an exchange email account on your device? Do you see any problems with doing it?