Contact person: Business Client

Phone:Show

Email:Show

Location: Udaipur, India

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"1. Device Enrollment & Management

Support Android Enterprise (Device Owner enrollment for company-owned devices; Work Profile if needed).
Easy onboarding via QR code or zero-touch enrollment.
New: Post-Enrollment App Flow:

After MDM agent app download/install (via Play Store or sideload during provisioning), launch directly to a login screen requiring Employee ID (e.g., alphanumeric code from HR system).
On successful sign-in (validate against backend via API), apply policies and auto-hide the app: Remove from app drawer, home screen launcher, and recent apps (using Android's PackageManager to disable launcher visibility or integrate with kiosk mode overlays). App runs as a background service only, with no user-facing icon unless re-enabled via admin command.
Fallback: If login fails (e.g., invalid ID), prompt retry with error message; after 3 attempts, lock device and notify admin.



2. Admin Web Portal / Backend

Core Management Features: Device dashboard, policy enforcement, remote actions, notifications, reports.
High-Risk Feature: Offline Data Access & Response Capabilities (unchanged, with additions below).
New: Role-Based Panels:

Owner Panel: Top-level dashboard for business owners/executives. Access to all features + high-level analytics (e.g., fleet-wide compliance trends, cost reports). Custom views: Executive summary widgets (e.g., total devices active, data access events summary). Invite-only access with elevated permissions (e.g., approve high-risk data exports).
Admin Panel: Day-to-day operations for IT/managers. Subset of Owner features; granular RBAC (e.g., view-only for juniors). Shared backend but UI segmented (e.g., React routes: /owner/dashboard vs. /admin/devices).
Unified backend (Node.js/Express) handles both; auth differentiates via user roles in JWT tokens.


New: Stealth Mode for Employee Interactions:

No Notifications to Employees: All admin/owner actions (e.g., remote lock, data access, policy changes, offline SMS/WhatsApp replies) execute silently without user alerts, toasts, or logs visible to the employee. Device agent suppresses Android system notifications for MDM events (using NotificationManager suppression APIs).

Exception: Critical safety alerts (e.g., low battery for telecalling) can be opt-in and disclosed.
Mitigation: Backend audit logs all stealth actions (timestamp, actor, device); employees can request access logs via HR (post-facto transparency). Consent prompt during login discloses "Monitoring may occur without alerts for business efficiency."


Secure auth: 2FA for both panels; IP whitelisting for Owner.



3. App Control / Kiosk Mode

Default full access to apps (WhatsApp, Gallery, etc.); Google Play Protect enabled.
Whitelist/blacklist; optional kiosk for roles.
Integration with New App Flow: Post-hide, kiosk mode activates if policy-set (e.g., single-app for dialer); app remains hidden even in kiosk.

4. Monitoring & Reporting (Privacy-Conscious, with High-Risk Additions)

App usage, location (opt-in), audit logs.
New Stealth Reporting: Reports exclude employee-visible traces; admin/owner views show full details (e.g., "Stealth data pull completed on Device X without user notification").
No secret reads beyond consented scopes; employee app (pre-hide) shows consent history.

5. Security & Compliance

OWASP compliant; encryption.
Privacy laws: DPDP/GDPR alignment.

Updated Consent Flows: During login (before hide), multi-step consent with checkboxes ("I agree to silent monitoring for business needs"); store signed consent in backend (e.g., as PDF snapshot). Annual re-consent via hidden service prompt (disguised as "policy update").
Retention: Stealth logs (90 days for audits); high-risk data (7 days).


New: Stealth-Specific Mitigations:

Employee right to revoke: Hidden service allows one-time PIN entry (communicated via HR) to unhide app and view logs.
Legal audit mode: Toggle for full transparency during inspections.



6. User Experience

Employee App (Pre-Hide): Minimalist login screen only (Employee ID field + Sign In button); no other screens post-login.
Post-Hide UX: Seamless—no visible changes; background sync for data access.
Notifications: Branded but suppressed for employees; admins/owners receive confirmations (e.g., "Stealth action on Device X: SMS replied").
Offline UX.

7. Documentation & Handover

Updated Docs: Include role-specific guides (Owner vs. Admin panels), stealth mode setup (e.g., notification suppression code snippets), app hide/unhide procedures.
Source code: Full repo with branches for panels; configs for stealth flags.
CI/CD." (client-provided description)