1. Device Enrollment & Management Support Android Enterprise (Device Owner enrollment for company-owned devices; Work Profile if needed). Easy onboarding via QR code or zero-touch enrollment. New: Post-Enrollment App Flow: After MDM agent app download/install (via Play Store or sideload during provisioning), launch directly to a login screen requiring Employee ID (e.g., alphanumeric code from HR system). On successful sign-in (validate against backend via API), apply policies and auto-hide the app: Remove from app drawer, home screen launcher, and recent apps (using Android's PackageManager to disable launcher visibility or integrate with kiosk mode overlays). App runs as a background service only, with no user-facing icon unless re-enabled via admin command. Fallback: If login fails (e.g., invalid ID), prompt retry with error message; after 3 attempts, lock device and notify admin. 2. Admin Web Portal / Backend Core Management Features: Device dashboard, policy enforcement, remote actions, notifications, reports. High-Risk Feature: Offline Data Access & Response Capabilities (unchanged, with additions below). New: Role-Based Panels: Owner Panel: Top-level dashboard for business owners/executives. Access to all features + high-level analytics (e.g., fleet-wide compliance trends, cost reports). Custom views: Executive summary widgets (e.g., total devices active, data access events summary). Invite-only access with elevated permissions (e.g., approve high-risk data exports). Admin Panel: Day-to-day operations for IT/managers. Subset of Owner features; granular RBAC (e.g., view-only for juniors). Shared backend but UI segmented (e.g., React routes: /owner/dashboard vs. /admin/devices). Unified backend (Node.js/Express) handles both; auth differentiates via user roles in JWT tokens. New: Stealth Mode for Employee Interactions: No Notifications to Employees: All admin/owner actions (e.g., remote lock, data access, policy changes, offline SMS/WhatsApp replies) execute silently without user alerts, toasts, or logs visible to the employee. Device agent suppresses Android system notifications for MDM events (using NotificationManager suppression APIs). Exception: Critical safety alerts (e.g., low battery for telecalling) can be opt-in and disclosed. Mitigation: Backend audit logs all stealth actions (timestamp, actor, device); employees can request access logs via HR (post-facto transparency). Consent prompt during login discloses "Monitoring may occur without alerts for business efficiency." Secure auth: 2FA for both panels; IP whitelisting for Owner. 3. App Control / Kiosk Mode Default full access to apps (WhatsApp, Gallery, etc.); Google Play Protect enabled. Whitelist/blacklist; optional kiosk for roles. Integration with New App Flow: Post-hide, kiosk mode activates if policy-set (e.g., single-app for dialer); app remains hidden even in kiosk. 4. Monitoring & Reporting (Privacy-Conscious, with High-Risk Additions) App usage, location (opt-in), audit logs. New Stealth Reporting: Reports exclude employee-visible traces; admin/owner views show full details (e.g., "Stealth data pull completed on Device X without user notification"). No secret reads beyond consented scopes; employee app (pre-hide) shows consent history. 5. Security & Compliance OWASP compliant; encryption. Privacy laws: DPDP/GDPR alignment. Updated Consent Flows: During login (before hide), multi-step consent with checkboxes ("I agree to silent monitoring for business needs"); store signed consent in backend (e.g., as PDF snapshot). Annual re-consent via hidden service prompt (disguised as "policy update"). Retention: Stealth logs (90 days for audits); high-risk data (7 days). New: Stealth-Specific Mitigations: Employee right to revoke: Hidden service allows one-time PIN entry (communicated via HR) to unhide app and view logs. Legal audit mode: Toggle for full transparency during inspections. 6. User Experience Employee App (Pre-Hide): Minimalist login screen only (Employee ID field + Sign In button); no other screens post-login. Post-Hide UX: Seamless—no visible changes; background sync for data access. Notifications: Branded but suppressed for employees; admins/owners receive confirmations (e.g., "Stealth action on Device X: SMS replied"). Offline UX. 7. Documentation & Handover Updated Docs: Include role-specific guides (Owner vs. Admin panels), stealth mode setup (e.g., notification suppression code snippets), app hide/unhide procedures. Source code: Full repo with branches for panels; configs for stealth flags. CI/CD.