Problem with Endpoint Security for Android Permissions

[alvaroag 0]

Hi.

I'm preparing two identical Xiaomi Redmi 9A for usage with on premise ESET Protect.

Both (now) have MIUI Global 12.0.18.0 (QCDMIXM), and have Endpoint Security for Android in Device Owner mode.. From the ESET Protect console, I'm applying policy to fully restrict incomming & outgoing calls & SMS. Therefore, the app requires call logs & SMS permissions, both which are not included in the app manifest. Therefore, Android won't give me any option to grant those permissions to the app.

When I received both phones brand-new, I started with one of them. Despite the OS offering upgrade, I decided to configure everything and then upgrade. And, in that version, I was able to grand "unrequested" permissions. Not knowing that option was not available on the latest software, for the second phone, I decided to upgrade first and then configure everything. Thus. I now have one of both with no warnings, and the other with two "security risk" alerts for the missing Phone & SMS permissions.

I tried granting the permissions via ADB, with "pm grant", but shell user doesn't have permissions for that. I can't root the phones, both for warranty and compliance reasons.

Any idea? From my point of view, this could be also be a bug on the app, because, as any android app, it should request required permissions, either on manifest or at runtime.