Forum Discussion
Solved
Device Owner
Hi ,
I am working on a MDM application which is a Device admin app, Now I am trying to move it to Device Owner. I used Android Management API and generated Enrolment Token. I have uploaded my APK in S3 bucket and given that downloadable link In QR code Json. After factory reset, I am clicking 6 times on the screen and scanning the QR code, after connecting to WIFI, it says "Device belongs to your organization" . When I click on Next button, I an getting a popup saying that "CAN"T SETUP DEVICE, CONTACT YOUR IT ADMIN FOR HELP". How to fix this. what all things I need to handle in my android code. How will my app get downloading when scanned the QR code. Here is my Json for QR code.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}
Hoping you will help me resolve this issue.
Thanks in advance.
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
I think you got it all wrong, when you are using Android Management API, the device owner is the Google Device Policy Controller.
If you want to create your own device owner you can do so, but the device won't be manageable with the Android management API.
To create your own device owner you can read this blog article https://medium.com/@codybrookshear/creating-an-android-device-owner-app-in-2023-b7e7b9fb3aca
In this example they are setting device owner using ADB command, but I want to do it for live devices.
So can't I make my Device admin app as Device owner? So using this ANdroid Management API, can I install/ push my admin APK to the device? How do I push the policies.
Sorry for asking so many questions, I am completely new to this feature.
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
