Device Trust from Android Enterprise - Available signals

Device Trust from Android Enterprise makes available a set of device posture signals that registered application can access to compute a trust score of the device.

For information on how to integrate the Android Management API SDK in your application see Device Trust from Android Enterprise - Integration guide.

Signals
OS Version	Returns the OS version of the device. Older OS's typically have more vulnerabilities.
Does the device have pending OTA	Returns if there is a pending OS update for the device. Proxy for if the device is vulnerable to exploits.
Device Security Patch Level	Returns the current security patch level of the device for different updatable components: `SYSTEM` `KERNEL` `SYSTEM_MODULES` (also known as Android's mainline modules)
Published Security Patch Level	Get actionable data about versions of updateable system components, security updates and applied fixes for different updatable components of the device: `SYSTEM` `KERNEL` `SYSTEM_MODULES` (also known as Android's mainline modules)
Critical App Details	Details on: `com.android.chrome` `com.google.android.gms` `com.google.android.apps.work.clouddpc` `com.android.vending` `com.google.android.webview` Provides: `packageName` `versionName` `longVersionCode` `signingKeyCertSha256Fingerprints` `lastUpdateTime` `installerPackageName` `applicationSource`
Device Model / Brand	Returns the device brand and model.
Screen lock complexity	Returns how complex the current user's screen lock is. Req. `REQUEST_PASSWORD_COMPLEXITY` permission
Management State (and managing app) Preview	Returns the management state and the management app. The returned information depends on the profile the application is running in. For details see the Management state table.
Disk encryption	Returns if the device's storage is encrypted.
Access Network State (Network state and Wi-Fi state)	Information about all active networks on the device: Network transport (cellular / Wi-Fi) Wi-Fi Security level (`OPEN`, `PERSONAL`, `ENTERPRISE_EAP`, `ENTERPRISE_192`) Private DNS state Req. `ACCESS_NETWORK_STATE` permission
Google Play Protect VerifyApps	Returns `GooglePlayProtectVerifyAppsState` to inform if Google Play Protect is enabled.
Is DNS over TLS enabled	Returns the state of DNS over TLS.
WebViewPackage	Package name of the selected WebView engine.

Management state

The values returned for the management signals depends on the profile that your application is running in.

Management state	Signals when called from within the Personal Profile	Signals when called from within the Work Profile
Non-managed device	ownership: `OWNERSHIP_UNSPECIFIED` managementMode: `UNMANAGED` managementAppPackageName: `N/A`	`N/A`
Work Profile on personally-owned device (BYOD)	ownership: `OWNERSHIP_UNSPECIFIED` managementMode: `UNMANAGED` managementAppPackageName: `N/A`	ownership:`PERSONALLY_OWNED` managementMode:`PROFILE_OWNER` managementAppPackageName: `Package name of the Profile Owner application`
Work Profile on company-owned device	ownership:`OWNERSHIP_UNSPECIFIED` managementMode:`UNMANAGED` managementAppPackageName:`N/A`	ownership:`COMPANY_OWNED` managementMode:`PROFILE_OWNER` managementAppPackageName: `Package name of the Profile Owner application`
Fully managed device	`N/A`	ownership:`COMPANY_OWNED` managementMode:`DEVICE_OWNER` managementAppPackageName: `Package name of the Device Owner application`