Capabilities
Full-lifecycle device management, built for GrapheneOS.
GemiGuard MDM covers the standard MDM functionality every security team expects — mapped to the NIST mobile-device-management lifecycle — and then adds a layer of GrapheneOS-specific control that stock Android simply cannot offer. Everything below is scoped to the level each client wants.
The management lifecycle
Enrol
Provision Pixel devices in device-owner mode over AOSP — no Google account, no Managed Google Play.
Configure
Push passcode, network, VPN, certificate and restriction policy from a single panel.
Secure
Apply OS-level hardening, app control and kiosk lockdown tailored to the deployment.
Monitor
Track inventory, patch level, compliance and integrity — continuously and privately.
Retire
Lock, cryptographically wipe and de-provision devices at end of life or on loss.
Core MDM capabilities
The functionality buyers expect from any serious MDM — delivered without a single Google dependency.
Enrolment & provisioning
Device-owner (fully-managed) enrolment of Pixel hardware over the open AOSP framework, via QR or local provisioning. Identity binding and ownership assignment, with no Google account or Zero-Touch dependency.
Policy & configuration
Security baselines and user restrictions: control over wireless interfaces, peripherals, data roaming, developer mode and more — enforced consistently across the fleet and flagged when a device drifts.
Passcode & lock-screen
Enforce passcode complexity, length and retry limits; idle auto-lock; lock-screen feature control; certificate-based authentication to enterprise resources.
Application management
Silent install, update and removal; allow-listing and blocking; uninstall protection; runtime-permission policy. Apps come from sources you trust — your own repository, F-Droid or direct package — not Managed Google Play.
Network, VPN & certificates
Push Wi-Fi profiles, always-on and per-app VPN, and CA/client certificates. Provision, rotate and revoke GemiGuard VPN directly from the MDM panel.
Kiosk & dedicated devices
Lock a device to a single app or a small approved set with lock-task mode — for field tools, single-purpose handsets, signing devices and secure terminals.
OS & patch management
Apply update policy, enforce a minimum OS/patch level, and gate non-compliant devices — keeping the fleet inside its guaranteed update window.
Remote actions & retirement
Remote lock, remote reboot, full and cryptographic wipe, and clean de-provisioning. Revoke a device’s access the moment someone offboards or a phone goes missing.
Inventory, compliance & audit
Hardware and software inventory, OS and patch reporting, configuration-drift alerts and audit logs — the monitoring NIST treats as core, kept deliberately minimal in keeping with a privacy-first posture.
★ GrapheneOS-only controls
These are the differentiators — capabilities that exist because of the platform, not in spite of it.
Hardware-backed remote attestation
Cryptographically verify that a device is running genuine, untampered GrapheneOS with the correct verified-boot state, anchored in the Pixel secure element — on a schedule, with alerting. No Google service (SafetyNet/Play Integrity) is involved or needed.
Per-app Network & Sensors control
Grant or deny network access and sensor access per application — controls that don’t exist on stock Android — so a managed app can be cut off from the network or the device’s sensors entirely.
Duress PIN & panic wipe
Provision a duress PIN that irreversibly wipes the device — and its eSIMs — the instant it is entered. Protection for field teams and seized-device scenarios.
Auto-reboot & USB hardening
Return devices to a secure at-rest state on an auto-reboot timer, and block the USB-C data path while locked — defeating a large class of physical-extraction attacks.
Radio & 2G lockdown
Disable 2G connectivity and tighten radio behaviour to shrink the over-the-air attack surface against interception and stingray-style attacks.
Camera, mic & sensor disable
Disable the camera, microphone and other sensors by policy for high-sensitivity environments and dedicated-device roles.
Scoped to exactly what you need
Not every organisation wants every control. We scope the deployment to any level the client wants — a light touch for a handful of executive phones, or a fully locked-down, attested fleet with kiosk roles and panic wipe. You tell us the threat model and the workflow; we configure the platform around it and host the whole thing.
What we don’t do — on principle
Because there are no Google services in the stack, we don’t offer Google-dependent features such as Android Enterprise / Managed Google Play, the Android Management API, Zero-Touch enrolment, Play Integrity or Firebase push. That is a deliberate trade: those features exist to serve the Google platform. Everything we manage runs on open, auditable Android device-management interfaces instead. If a capability would require re-introducing Google, we’ll tell you plainly rather than ship it.