6.0.0-alpha14
7/2/25

[#15014] EAS provisioning | No device admin | Wipe only removes EAS Account
Summary EAS provisioning | No device admin | Wipe only removes EAS Account
Queue Synchronization
Queue Version FRAMEWORK_5_2
Type Bug
State Not A Bug
Priority 1. Low
Owners mrubinsk (at) horde (dot) org
Requester samuel.wolf (at) wolf-maschinenbau (dot) de
Created 06/07/2020 (1851 days ago)
Due
Updated 06/14/2020 (1844 days ago)
Assigned 06/07/2020 (1851 days ago)
Resolved 06/14/2020 (1844 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
06/14/2020 04:31:03 PM Michael Rubinsky Comment #4
Assigned to Michael Rubinsky
State ⇒ Not A Bug		 Reply to this comment
Exactly.
06/07/2020 07:46:42 PM samuel (dot) wolf (at) wolf-maschinenbau (dot) de Comment #3 Reply to this comment
Problem is Horde EAS account wil never added (anymore) as Device Admin 
App, there is no question to approv.
Unless I'm mistaken, the ability of an application to remote wipe 
the entire device is actually determined by the application and 
system itself. For instance, I think the stock android app normally 
wipes the entire device, while an application like "Nine" will only 
wipe the EAS account data.  There's nothing in the provisioning 
protocol that specifies the "level" of wipe to do. It's just a 
command to "wipe".
It look like this is no longer possible with stock Android GMail/EAS, 
this is what you mean?
https://techcommunity.microsoft.com/t5/intune-customer-success/decreasing-support-for-android-device-administrator/ba-p/1441935#
06/07/2020 07:33:30 PM Michael Rubinsky Comment #2
State ⇒ Feedback		 Reply to this comment
Do you mean that the user is able to somehow by-pass the requirement 
that account has to be added as a Device Admin App, or do you mean 
that if you setup Horde's ActiveSync to not *require* provisioning the 
device is not able to be wiped?

Unless I'm mistaken, the ability of an application to remote wipe the 
entire device is actually determined by the application and system 
itself. For instance, I think the stock android app normally wipes the 
entire device, while an application like "Nine" will only wipe the EAS 
account data.  There's nothing in the provisioning protocol that 
specifies the "level" of wipe to do. It's just a command to "wipe".

06/07/2020 07:20:15 PM samuel (dot) wolf (at) wolf-maschinenbau (dot) de Comment #1
Priority ⇒ 1. Low
New Attachment: Permission_EAS.png Download
Patch ⇒ No
Milestone ⇒
Summary ⇒ EAS provisioning | No device admin | Wipe only removes EAS Account
Type ⇒ Bug
State ⇒ Unconfirmed
Queue ⇒ Synchronization		 Reply to this comment
Add an EAS account on the Android device do not add the EAS app as 
"Device admin apps".
If the device is now wiped over Horde, only the EAS account will 
removed but the device not wiped.

This works before, maybe it's a provisioning problem?
Or something change in Android 10?

Tested with Nokia 6.2 and 7.2 Android 10 Patchlevel May 2020

libapache2-mod-php7.3          7.3.14-1~deb10u1

Horde_Core             2.31.13 stable
Horde_ActiveSync       2.41.3  stable
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers