[horde] Problem with Android Horde Activesync - Can't add account - Gmail's security settings are more secure than those set by your IT admin

Michael J Rubinsky mrubinsk at horde.org
Tue Nov 12 04:09:40 UTC 2019 

Quoting r.j.baart at prompt.nl:

> Perhaps the problem is described here:  
> https://developers.google.com/android/work/device-admin-deprecation

This may very likely be the case.

I can't reproduce this on any of my devices, but I don't think the  
latest GMail app has been pushed out to any of them yet.

Since this is because the device admin is being deprecated, you can  
maybe try disabling provisioning on the Horde side. You can do this  
via Admin->Permissions (Set provisioning to "disable" - be aware  
you'll lose all of the security policy settings if you do this  
though). If you want to get your hands a little dirtier, you can  
create a activesync_provisioning_check hook (see  
horde/config/hooks.php.dist). You can sniff the devices that are  
affected by maybe userAgent and return  
Horde_ActiveSync::PROVISIONING_NONE for those devices. Be aware that  
when doing either of these, you lose the ability to remote wipe a lost  
device.

Without being able to reproduce this to test, I really have no idea if  
this will help, since this actually makes things less secure in a way,  
it might not,  but since it removes the use of the device admin  
service, it's the best guess I have at the moment....other than using  
a different ActiveSync client like Outlook or Nine Folders.


> I can read it, but I don't understand it. If this is the problem,  
> the solution will not come from Google.
>
>
> On 9-11-2019 18:20, Ronny Forberger wrote:
>> Hi Michael,
>>
>> thanks for your information.
>>
>> I am not sure if I have a second GMail account on the phone, I have  
>> a google account on it though.
>>
>> I think the Gmail application itself is now requiring certain  
>> security policies to be in place, as you said.
>>
>> I tried to set the permissions of ActiveSync to all permissions for  
>> authenticated users, creators and even my username, but no success.
>>
>> The error message on the phone is still appearing.
>>
>> It worked before the Android upgrade though without the Horde permissions.
>>
>> Any other ideas?
>>
>> Best regards,
>>
>> Ronny Forberger
>>
>>
>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>
>>> Quoting Ronny Forberger <ronnyforberger at ronnyforberger.de>:
>>>
>>>> Hi Horde list,
>>>>
>>>> My brand new Android 9 phone has made an update to the OS and  
>>>> since that I cannot access my Horde Active Sync interface anymore.
>>>>
>>>> I am getting the error message
>>>>
>>>> Can't add account - Gmail's security settings are more secure  
>>>> than those set by your IT admin
>>>>
>>>> on Android.
>>>>
>>>> Any ideas what I have to set up on Horde / or the web server to  
>>>> make this run again or where to look at least?
>>>
>>> This sounds like you either maybe have another account setup in  
>>> the Gmail app on the Android device, whose provisioning policies  
>>> are more secure than Horde's, or the Gmail application itself is  
>>> now requiring certain security policies to be in place.  You can  
>>> try looking at Horde -> Admin -> Permissions. Look at the  
>>> permissions available under Horde -> ActiveSync (you might need to  
>>> create them) and see if any of those look like a good candidate.
>>>
>>> For what it's worth, my Note has the same patchlevel, and I just  
>>> successfully added my horde account to the device, after accepting  
>>> the security policy.
>>>
>>>
>>>>
>>>> Android version: 9 PKQ1.181121.001
>>>> Android security patchlevel: 2019-10-01
>>>>
>>>> Horde Version: 5.2.22
>>>> Nginx Version: 1.16.1 (reverse proxy with mod_security)
>>>> Apache httpd version: 2.4.41 (serving horde)
>>>>
>>>> Any help is appreciated.
>>>>
>>>> Best regards,
>>>>
>>>> Ronny Forberger
>>>> -- ___________________________________
>>>> Ronny Forberger
>>>> ronnyforberger at ronnyforberger.de
>>>> PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>>>>
>>>> -- Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>>
>>>
>>> -- mike
>>> The Horde Project
>>> http://www.horde.org
>>> https://www.facebook.com/hordeproject
>>> https://www.twitter.com/hordeproject
>>
>>
> -- 
>
> Cordialement,
>
> R.J. Baart
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org



-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/horde/attachments/20191112/840367af/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/horde/attachments/20191112/840367af/attachment-0001.bin>

More information about the horde mailing list