Device Owner

Hi , I am working on a MDM application which is a Device admin app, Now I am trying to move it to Device Owner. I used Android Management API and generated Enrolment Token. I have uploaded my APK in...

jasonbayton
2 years ago
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}

To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.

From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.

Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.

jeremy

Level 3.0: Honeycomb

2 years ago

I think you got it all wrong, when you are using Android Management API, the device owner is the Google Device Policy Controller.

If you want to create your own device owner you can do so, but the device won't be manageable with the Android management API.

To create your own device owner you can read this blog article https://medium.com/@codybrookshear/creating-an-android-device-owner-app-in-2023-b7e7b9fb3aca

sravanthi

Level 2.0: Eclair

2 years ago

In this example they are setting device owner using ADB command, but I want to do it for live devices.

So can't I make my Device admin app as Device owner? So using this ANdroid Management API, can I install/ push my admin APK to the device? How do I push the policies.

Sorry for asking so many questions, I am completely new to this feature.

jasonbayton
Level 4.0: Ice Cream Sandwich
2 years ago
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}

To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.

From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.

Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
- sravanthi
  Level 2.0: Eclair
  2 years ago
  Hi,
  you mentioned
  "Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly" this,
  in the above what is server application?. From where I should fetch policies and configuration. Any sample snippet ? will really help.
  what changes or implementations I need to do in my app. (currently we have only one app which is Device admin app (with Kiosk ), we want to make that as Device Owner, this app should get downloaded and installed once we scan the QR core.
  
  I am worried if I understood the whole process wrongly. Please help with this
  - jasonbayton
    Level 4.0: Ice Cream Sandwich
    2 years ago
    I fear you may have.
    
    If your app has one function and everything is hard-coded to behave a certain way - push the device into kiosk, show one app or perform one function, etc, then you could perhaps get away with no server component controlling the DPC remotely, but if your intention is to remotely configure these devices, you'll need a server application that the DPC checks into from every configured device in order to get instructions on policies (APIs) to set.
    
    For a traditional EMM, the app on the device is only half of the solution, the rest of it comes from a command server that allows admins to create and save the policies that are sent down to the DPC app.
- sravanthi
  Level 2.0: Eclair
  2 years ago
  Thank you So much Jason, it is working, App got installed.
  Now how do I uninstall it, I worried about it, previously we have a policy to deactivate the admin then I use to uninstall , bit now the uninstall button is disabled in the device
  - jasonbayton
    Level 4.0: Ice Cream Sandwich
    2 years ago
    An uninstall is a device wipe. There's no option to disable a device owner from a provisioned device today like you could with DA.
- sravanthi
  Level 2.0: Eclair
  2 years ago
  Thank you so much Jason, you saved my day. It is working perfectly.