How to permanently enable Location Services on devices and prevent users from disabling it?

Description

In certain cases, having Location Services permanently enabled on the device is mandatory. Consider a logistics-based organization, which wants to keep track of all their employees/shipments. Having Location Services enabled, ensures it can track the devices at all times and hence, know the location on-demand. MDM lets you know the current location of the device in near real-time as well as the locations traversed by the device. The following steps explain how to permanently enable location services and prevent users from disabling it. 

NOTE: In case of Android devices, you can permanently enable Location Services, over-the-air using MDM. In case of iOS devices, you must have the device in hand to permanently enable Location Services, as Apple doesn't allow it to be configured over-the-air to protect user privacy.

Pre-requisites

For iOS 

Devices must be with the Administrator, as the settings has to be manually configured on the devices and has to be secured using a passcode.

For Android

Devices must be either Samsung devices or must be provisioned as Device Owner.

Steps

For iOS

  • Firstly, ensure ME MDM app has been installed on the device. Know how to automate MDM MDM app installation here.
  • After ME MDM app has been installed on the iOS device, open the app and for the Allow Location Access option, select Always or While using the app, though it is recommended to enable the former. 

On devices running iOS 12 or later versions,

  • Click on Settings and select Screen Time. Now click on Turn On Screen Time.
  • Click on Continue, when prompted. Click on the option, This is My iPhone and select Content & Privacy Restrictions.
  • Firstly, enable Content & Privacy Restrictions and click on Location Services
  • Enable Location Services, which then displays the list of apps which require location permission. Verify if ME MDM app has the permission set as Always or While using the app.
  • Once verified, select the option Don't Allow Changes.
  • Now, go back to Screen Time and click on the option Use Screen Time Passcode and set a passcode for Screen Time, which prevents the device user from modifying the settings without the passcode. To disable, you need to go to Screen Time and click on Turn Off Screen Time and provide the passcode, when prompted.

On devices running below iOS 12,

  • Navigate to Settings -> General -> Restrictions.
  • Click on Enable Restrictions and specify a restrictions passcode, when prompted.
  • Navigate to Privacy section and select Location Services. Enable the Location Services option. Under the Location Services menu, all the apps installed in the device are listed. You can enable/disable Location Services for the apps here. Once this has been configured and the settings  saved, the Location Services cannot be modified for the existing apps. If any new app is installed after the settings has been configured, Location Services will not be granted to the app. To modify Location Services for the apps, the settings has to be re-configured.
  • Finally, select the option Don't Allow Changes in the Location Services menu, which ensure the settings configured in the previous steps cannot be modified by the users. To disable, you need to navigate to Settings -> General -> Restrictions, clicking on Disable Restrictions and specifying the restrictions passcode when prompted.

To apply this restriction on multiple devices, take a backup of a device after disabling location services and restore the backup on multiple devices using the steps given here.

NOTE: In case of devices whose OS has been updated from iOS 11.x to iOS 12.x, you need to disable Location Services again, Apple moved it from Restrictions to Screen Time.

For Android

  • On the MDM Server, navigate to Device Mgmt and select Profiles(under Manage).
  • Click on Create Profile and select Android Profile from the dropdown.
  • Provide the required details and create the profile.
  • Click on Restrictions and select Location settings.
  • For the restriction Location Services, select the option Always On.
  • Save and Publish the profile. Now distribute this profile to devices.

On successful association of the profile, the devices have Location Services enabled permanently

NOTE: Extended usage of Location Services can affect the device battery life.