Lock task mode provides almost everything I want, but for cyber-security risk mitigation I would like to further block a user from accessing the device file system when connected via USB to a computer. Right now, I can think of a few pathways to achieve this, each with its own roadblock(s). In order of preference:
Turn on lock task mode, then turn off developer mode from the command line using adb. I see a command to try this, but I'd like to identify the exit method before I try this.
a. For any app/OS updates, this would require a way to factory reset a device when the settings app is not accessible and developer options are disabled. Is this currently possible?
enable developer options with one computer then turn off pop-ups that prompt the user to allow USB connections to new computers. Is there a way to stop the ML2 from auto-prompting "allow debugging" for new computer connections? this would enable the ML2 to connect to the computer that originally configured it but would not allow new computers to connect. This would also require an answer to 1a.
turn on lock task mode, then turn off USB file transfer (i.e. ML hub would still be accessible, but the applications/files would be read-only). Is there a way to disable USB file transfer while a device is in Lock Task Mode? Several MDM solutions offer this as an option for ML2, but I haven't seen a way to configure this on my own.
Please let me know if there is a way to (1a) perform a factory reset with developer options and the settings application inaccessible, (2) disable the new developer USB debug connections, or (3) disable USB file transfer while in Lock Task Mode? Alternatively, let me know if there are other pathways I may not be considering to decrease cyber security risks.
Performing a Factory Reset with Developer Options and the Settings App Inaccessible
Unfortunately, Android 10 does not provide a method to initiate a factory reset when both developer options and the settings app are inaccessible.
Certain Mobile Device Management (MDM) solutions can issue a factory remotely. Keep in mind that a factory reset will require you to re-enroll the device.
Disabling New Developer USB Debugging Connections
Unfortunately, there’s no native method to block prompts for new connections
Disabling USB File Transfer in Lock Task Mode
You can use any MDM that supports Android 10 devices to disable USB file transfer while in Lock Task Mode. You can also try disable file transfer using the ADB command:
adb shell settings put global usb_mass_storage_enabled 0
If you have any questions about using MDM solutions, please reach out to our Customer Care Team and they will be able to assist you further with this.
Thank you for this reply! I have reached out to a few MDM companies and unfortunately your answer to number 1 is also true for MDM solutions.
Certain MDM solutions can initiate a factory reset remotely if wifi is enabled. Unfortunately, I used an MDM solution to put my device in what now seems to be an irrecoverable state -- Lock Task Mode, with no wifi, and no USB debugging. Is there no way to reset/restore a magic leap device in this state? What are my options?
Additional information was provided to us by our Customer Care team.
To add onto the answer for your question:
(1a) perform a factory reset with developer options and the settings application inaccessible
We use a button combination press to manually put the device into fastboot mode and then run fastboot erase userdata to factory reset the device.
The button press is "hold volume down button then press and hold power button at the same time.
Hold both buttons until you see a 3/2/3 LED pattern on the device, then you can release the buttons."