Android Kiosk devices not updating

Hi,

The issue you're facing with Android kiosk devices not updating, despite having system updates set to "automatic," is a common challenge, especially when the devices are configured in kiosk mode and lack Wi-Fi connectivity. Here’s an analysis of the situation and some suggestions:

1. Automatic Updates in Kiosk Mode

• Automatic updates depend on connectivity: System updates often require an active internet connection (usually Wi-Fi) to download and install updates. Since your devices are not on Wi-Fi, this is likely the main blocker.
• Cellular data limitations: If the devices are using cellular data, ensure that system updates are allowed to download over mobile data. Some configurations block large downloads like system updates on cellular networks.

2. Managed Home Screen & Kiosk Mode

• The Managed Home Screen in kiosk mode may restrict certain system functionalities, including updates. This could be due to the limited user interaction or permissions set by the kiosk profile.
• Ensure that the profile allows updates and that no restrictions block the required services (like com.wssyncmldm) from functioning.

3. Deployed System Apps

• com.sec.android.soagent and com.wssyncmldm are essential for Samsung system updates and Device Management Layer (DML). They help manage OTA (over-the-air) updates but still need the proper environment to function:
  • Connectivity: These services will not work if the device cannot reach Samsung's update servers.
  • Permissions: Ensure these apps are deployed with all necessary permissions (e.g., background data usage, battery optimizations excluded).

4. Key Troubleshooting Steps

• Network Configuration:
  • If Wi-Fi isn’t an option, confirm that cellular data allows system updates. Check settings for "Data Saver" or any other restrictions.
  • Use a test device with Wi-Fi temporarily enabled to confirm updates work under those conditions.
• Update Configuration in Intune:
  • Verify your Device Update Policies in Intune. Even though "Automatic" is set, confirm that updates are being scheduled correctly and that there are no deferred update settings.
  • Ensure OEMConfig profiles (if used) are updated and that they permit system updates for Samsung devices.
• Logs and Reporting:
  • Check the update status and failure logs in Intune or on the device (Settings > Software Update > Update Logs).
• Manual Push via Intune:
  • If feasible, attempt to schedule an update push using Intune's Remote Actions (e.g., Restart or Update).
• Device Health:
  • Confirm that the system apps you’ve deployed are active and functioning by checking their logs or status using a debug tool.

5. Alternative Solutions

• Wi-Fi Provisioning: If possible, temporarily connect devices to a secure Wi-Fi network to allow the updates to proceed.
• Bulk Manual Update via ADB:
  • Download the necessary firmware update files from the OEM.
  • Use ADB to manually update devices in bulk (requires physical access or remote ADB solutions).
• Workaround with Custom Profiles:
  • Configure a secondary profile in Intune to disable kiosk mode temporarily, allow updates, and then revert to kiosk mode post-update.

6. Community Experience

• This issue has been noted in forums like Reddit and Samsung’s Knox community. Deploying the two system apps you mentioned is a good step, but without connectivity to the update servers, they cannot facilitate the update.
• For Samsung devices, Knox Enterprise Firmware Over-The-Air (E-FOTA) might be worth exploring. It allows granular control over firmware updates.

Key Takeaway:

The main bottleneck seems to be the lack of Wi-Fi connectivity. If cellular updates aren't viable, you'll need to temporarily enable Wi-Fi or consider an alternate update mechanism like ADB or Samsung E-FOTA to address this issue.