Application Development

Google Mobile Management: Introducing Mobile Audit in the Reports API

As security on mobile devices becomes increasingly important, we want to give Google Apps administrators the visibility to monitor key activities occurring on managed devices in their domain. With that in mind, today we are launching Mobile Audit for Google Apps Unlimited users, which audits activities on iOS and Android devices (using the native iOS Sync and Android Sync protocols) managed by Google Mobile Management. Examples of activities that are recorded include: operating system updates, device settings changes, and mobile application installs, updates and removals.

Google Apps Administrators can also go to the Reports page in the Admin console to see all the Mobile Audit events. Below is an example of what this page looks like querying one user’s activity, including newly registered devices:

Mobile Audit report and alert creation for a single user in the Admin console

As part of this launch, we are excited to make all Mobile Audit events available programmatically through the Admin SDK Reports API via Mobile Audit Activity Events. The Admin SDK is accessible through its REST API or Google Apps Script. With this new feature, administrators will be able to query all of the Mobile Audit information by user, by device, or by event, as well as verify that all of your deployed devices are running the latest security updates. You can even send this information to an asset management system to track all of your mobile inventory.

For example, if we wanted to download all of the newly registered devices, you could make a call like this to the API (via Google Apps Script):

  AdminReports.Activities.list('all', 'mobile', {
      eventName: "DEVICE_REGISTER_UNREGISTER_EVENT",
      filters: "ACCOUNT_STATE==REGISTERED",
      maxResults: 1000
    });

Once you have the response from the API, you could easily parse through that data, including device models, serial numbers, user email addresses, and any other relevant information to help you track your inventory.

A more critical use case that mobile administrators have been asking for is a way to take proactive actions on devices without requiring manual intervention. For example, a mobile administrator may want to automatically block a device when something suspicious is detected. This new feature enables admins to write simple apps that do just that.

Using the Mobile Audit Activity Events in the Reports API and the Mobile Devices component of the Directory API, administrators can create scheduled scripts to check for devices that are reporting suspicious activity, and then take actions on those devices.

The Apps Script snippet below returns results if there are any mobile audit events for suspicious activity:

  var response = AdminReports.Activities.list('all', 'mobile', {
      eventName: "SUSPICIOUS_ACTIVITY_EVENT",
      maxResults: 1000
    });

If there are results, the code below shows you how to retrieve the unique Google identifier for those devices, via the “RESOURCE_ID” parameter. Note that this snippet only assumes a single device reporting suspicious activity—you’ll need to tweak the code to support more than one.

  var parameters = response.items[0].events[0].parameters;
var resourceId;
for (i = 0; i < parameters.length; i++) {
  if (parameters[i].name == ‘RESOURCE_ID’) {
    resourceId = parameters[i].value;
    break;
  }
}

Now the Directory API can be invoked to block the device that corresponds with the above unique identifier using this Apps Script snippet:

  AdminDirectory.Mobiledevices.action('my_customer', resourceId, {
      action: "block"
    });

We are really excited to see what uses you have for Mobile Audit in the Reports API. For more information and to get started, please see the Developer Guide, reference documentation, and the Help Center. (NOTE: Again, this feature is available only to our customers with users on the Google Apps Unlimited license.)