Hey there,
My name is Martin and I am a security engineer that had a bit too much free time....so I made a thing:
It's called it Elastic Agent Android and it's a way to finally add your Android mobile devices into Fleet and get useful device logs shipped right into Elasticsearch!
It's written in Java and freely available on GitHub (MIT License) for anyone to try out.
Features:
- Enroll Android devices to Fleet, complete with policy-management and all. Every App setting can be controlled remotely via the Fleet-policy.
- Gather multiple logs. Currently it is possible to collect location updates, network logs and security events from the device and send them straight to ES.
- ECS compliant. I tried to adhere to the ECS as closely as possible. Every document send contains agent data like hostname, ips, macs, os version etc., as you would expect from an Elastic-Agent enrolled device sending logs. Because it follows ECS you could also e.g. display your device locations on a Kibana map dashboard.
Screenshots:
Enterprise-grade Android Monitoring with Elastic: Streamline Fleet Management and Security Insights. 
(github.com)Any feedback is welcome. 
(If I posted this to the wrong topic or you have a suggestion where to post this instead please let me now.)
