Capability-aware endpoint operations

Features built for full-depth Android fleet control.

RubusNode is built for Android fleets, full stop. Every capability below is shipped and in production today, framed by what devices can actually support, not a roadmap slide.

/ Product surface

The control layers behind every Android fleet.

Android MDM, dedicated devices, apps and blueprints, policy and compliance, automation, governed remote support, trust posture, IAM, approvals, and audit, all in production.

Android MDM

Enrollment and fleet lifecycle with one required operating context.

QR, Device Owner, provisioning QR, zero-touch, shared-device pools, assignment, lifecycle, and inventory workflows are designed around Android fleets first.

  • Android-first enrollment paths
  • Shared-pool and dedicated-device context
  • Lifecycle, recovery, and inventory evidence
Kiosk

Dedicated device controls for frontline operations.

Single-app and multi-app kiosk policies, custom launcher branding, hardware lockdown, exit PINs, and escape detection support purpose-built devices in branches, depots, stores, and facilities.

  • Kiosk and dedicated-device modes
  • Hardware and launcher restrictions
  • Escape detection, exit PINs, and compliance-linked recovery
Apps and files

Application and content delivery, shipped end to end.

Private APK distribution, staged version rollout, file and content delivery, enterprise certificate and VPN profile push, and blueprint-based provisioning are live for Android fleets today.

  • Private app catalog and version rollout
  • File, certificate, and VPN profile delivery
  • Device blueprints for repeatable provisioning
Policy and compliance

Policy rollout, compliance evidence, and operational posture.

Policy baselines, rollout preview, dry runs, canaries, OS update posture, geo-fencing, and compliance evidence give operators a governed view of Android fleet state.

  • Policy baseline and rollout workflows
  • Geo and update compliance posture
  • Evidence exports for regulated reviews
Trust signals

Device identity and integrity are visible, not assumed.

Trust posture uses device identity, keystore signals, tamper indicators, clone suspicion, IMEI compliance context, and deterministic fleet risk scoring so mixed fleets remain honest.

  • Composite device identity signals and risk scoring
  • Clone suspicion and tamper context
  • Anomaly detection and explainable compliance trends
IAM and audit

Permissions, approvals, and hash-chained audit for sensitive actions.

Internal IAM, PBAC, MFA, permission boundaries, approval workflows, and immutable audit are part of the governance story from the first sales conversation.

  • PBAC and MFA controls
  • Approval workflows for high-risk actions
  • Hash-chained audit evidence
Automation

Approval-aware automation that never runs blind.

Trigger-based rules, dry-run observation mode, and impact preview run before anything executes. Approval-gated remediation, safe playbook templates, scheduled workflows, and event correlation keep automation accountable.

  • Dry-run and impact preview before every rule goes live
  • Approval-gated execution with rollback and history
  • Event correlation, suppression, and webhook integrations
Remote support

Governed remote support with consent at every step.

Operators request a session, devices and users consent, capability-gated controls limit high-risk actions, and dedicated unattended-device support keeps every step evidenced for later review.

  • Consent-based session requests and revocation
  • Capability-gated interactive control and Android screen capture
  • Session evidence, abuse prevention, and release gating
Compliance evidence

Audit-grade evidence without a manual scramble.

Daily audit integrity verification, ISO 27001 control mapping, risk treatment and CAPA workflows, multi-framework evidence packs, and a tokenized buyer trust room turn compliance into a standing artifact.

  • ISO 27001 readiness and Statement of Applicability evidence
  • Multi-framework evidence packs with freshness tracking
  • Buyer trust room with tokenized, audited access