Administrators want to protect your organization and respond to potential security threats. If they suspect a problem, they can collect process logs and request remote bug reports on single-user fully company-owned devices with Android 7.0 Nougat and later.
Note: Google Mobile Management does not currently support collecting process execution logs and remote bug reports.
Types of process logs
Lockscreen events—Administrators can view timestamps for screen lock and unlock actions. They can also see which unlock attempts were successful.
Running apps—Every app startup is logged, letting administrators know which apps were run. Each log entry contains the app’s process name, start-up time stamp, user ID, process ID, and SHA-256 digest of the app’s base APK.
ADB commands—If developer options are enabled on a device, administrators can see
adb shell, and
adb install commands that were used and their timestamp.
Sometimes, an administrator knows that there’s a compromised device in your organization. Or, they might find suspicious activity while examining a process log. If so, they can request a remote bug report and investigate further.
For privacy reasons, the user gets a notification on their device when a remote bug report is requested. The user needs to agree to share the bug report. The report is generated at the exact time of the request, even if the user doesn’t consent to sharing it until later.