Forum Discussion

sravanthi's avatar
sravanthi
Level 2.0: Eclair
2 years ago
Solved

Device Owner

Hi , I am working on a MDM application which is a Device admin app, Now I am trying to move it to Device Owner. I used Android Management API and generated Enrolment Token. I have uploaded my APK in...
  • jasonbayton's avatar
    jasonbayton
    2 years ago

    If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.

     

    {
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
    "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
    }
    }

     

    To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that. 

     

    From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO. 

     

    Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly. 

jasonbayton's avatar
jasonbayton
Level 4.0: Ice Cream Sandwich
2 years ago

I fear you may have.

 

If your app has one function and everything is hard-coded to behave a certain way - push the device into kiosk, show one app or perform one function, etc, then you could perhaps get away with no server component controlling the DPC remotely, but if your intention is to remotely configure these devices, you'll need a server application that the DPC checks into from every configured device in order to get instructions on policies (APIs) to set. 

For a traditional EMM, the app on the device is only half of the solution, the rest of it comes from a command server that allows admins to create and save the policies that are sent down to the DPC app. 

sravanthi's avatar
sravanthi
Level 2.0: Eclair
2 years ago

Heard that when we move to Device Owner using Android Enterprise or with few third party EMM's who are partners with AE, we get more features in terms of managing devices. For Example, 1) setting Mobile data always on. 2)allowing user to give special permissions in kiosk mode where settings is blocked. etc.

Can we achieve it with our application now?