AFEX (Advance Framework Extensions)

What is AFEX?

AFEX is a framework that enables end-to-end secure and manageable services on any AndroidAndroidTM device.

Who benefits AFEX?

AFEX is the answer to enterprise mobile devices’ and device manufacturers’ MDM needs; it enables remote installation, remote management and remote control of the devices.

AFEX Phone

How AFEX works?

AFEX can be integrated into any Android device by running a simple script. This can also be installed into devices as a mobile app for certain features.

How AFEX does what it does?

AFEX is composed of over 1.000 additional APIs that offers valuable management capabilities and security functions to MDM, and also for device manufacturers.

What does AFEX APIs bring?

  • Application Management

    Applications installed in a device may have access to unsecure resources. For example, a game application can access to microphone and can listen to media. Although it requires user confirmation during the installation, user may accept to use the app. For enterprise devices this may be a security problem that may lead to corporate data access by unauthorized parties. AFEX has the exact APIs that enables the application management.

  • Application Access Restriction

    Application restriction functionality is needed to restrict the application to access certain sources of the device, for both personal or enterprise devices. AFEX provides the functionality for different scenarios:

    • Any application can be completely or partially disabled.
    • Application’s access to peripherals (camera, mic, network, etc.) can also be limited or disabled.

  • Application Privilege Scenarios

    For enterprise deployments, some applications need to be out of user control; it is required to be uninstallable, or required to be only running application on the device.

    • User cannot stop/kill the application
    • User cannot uninstall the application
    • User cannot delete application data

  • Application Installation Policies

    • White list (Required/requested applications only)
    • Black list (Restricted applications cannot be installed)
    • Privileged installations (certain applications installations)
    • Application installation triggering from trustworthy sources
    • Silent push application / delete application

  • Additional Feature Commands Komutlar

    • Run/Stop application, Delete App Data
    • Get list of installed and running apps
    • Create shortcuts of requested apps
    • Get statistics of app usage

  • Password Policies

    Enterprise administration may require passwords in certain difficulty and/or may require password change in periods or secure complex password setting (Regex).

  • Network Security

    • Enterprise case: Wifi settings to be provided partially or completely by system admin
    • White/Black Wifi connection points lists
    • Disabling network setting for low security connections
    • Disabling Wifi connectivity or restriction of disabling Wifi connection when necessary
    • Mobile data settings to be provided partially or completely by system admin (i.e. Proxy forwarding)
    • Disabling download or all data traffic in roaming
    • Disabling SMS send/receive
    • Disabling peripherals (i.e. Bluetooth, NFC, USB, SDCard, camera) for insecure data receiving
    • Disabling or partially enabling tethering
    • VPN settings to be provided by system admin
    • DNS black lists
    • Default proxy settings

  • System Settings

    • CA and user certificates can be installed by system admins to prevent wrong certificate installation by the user.
    • Disabling device backups on untrusted servers.
    • Disabling user to cut/copy/paste on device
    • Disabling user to turn device into factory settings
    • Disabling user to change time settings
    • Disabling getting location from the device
    • Enabling the device as a kiosk by forcing it to run only one application

  • e-Mail Settings

    • e-Mail settings to be provided by system admin to secure corporate e-mail account
    • Disabling user to set an e-mail account (e-mail applications allow e-mail account interactions.)

  • In case of Theft

    • • Getting device info if it’s rooted
    • If rooted:
      • • Lock device
      • • Clear device data
      • • Ring device

  • Double Mode (Container):

    The enabling and disabling balance of the device is particularly important in enterprise deployments. Full restricted device would lead user to get a second device for personal needs. As nobody wants to keep two devices; two isolated containers can be set on the same device for corporate and personal use. On corporate container above mentioned functionalities and features could be applied to provide the required safety of corporate data.