Forum Discussion
Device Owner
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
In this example they are setting device owner using ADB command, but I want to do it for live devices.
So can't I make my Device admin app as Device owner? So using this ANdroid Management API, can I install/ push my admin APK to the device? How do I push the policies.
Sorry for asking so many questions, I am completely new to this feature.
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}
To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
Hi,
you mentioned
"Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly" this,
in the above what is server application?. From where I should fetch policies and configuration. Any sample snippet ? will really help.
what changes or implementations I need to do in my app. (currently we have only one app which is Device admin app (with Kiosk ), we want to make that as Device Owner, this app should get downloaded and installed once we scan the QR core.I am worried if I understood the whole process wrongly. Please help with this
I fear you may have.
If your app has one function and everything is hard-coded to behave a certain way - push the device into kiosk, show one app or perform one function, etc, then you could perhaps get away with no server component controlling the DPC remotely, but if your intention is to remotely configure these devices, you'll need a server application that the DPC checks into from every configured device in order to get instructions on policies (APIs) to set.
For a traditional EMM, the app on the device is only half of the solution, the rest of it comes from a command server that allows admins to create and save the policies that are sent down to the DPC app.Heard that when we move to Device Owner using Android Enterprise or with few third party EMM's who are partners with AE, we get more features in terms of managing devices. For Example, 1) setting Mobile data always on. 2)allowing user to give special permissions in kiosk mode where settings is blocked. etc.
Can we achieve it with our application now?
Thank you So much Jason, it is working, App got installed.
Now how do I uninstall it, I worried about it, previously we have a policy to deactivate the admin then I use to uninstall , bit now the uninstall button is disabled in the device
An uninstall is a device wipe. There's no option to disable a device owner from a provisioned device today like you could with DA.
Thank you so much Jason, you saved my day. It is working perfectly.
Hi Jason,
How do I become an Android Enterprise EMM? in the official site it says AE is not accepting any new registrations, then how do I become an AE EMM. what should I do if I want to use all the advanced features by becoming Device Owner.
By using the above QR code, my application is becoming Device Owner and it is talking to our own traditional EMM(server app) to push the policies. what is the difference between both.
Hi sravanthi,
That's right, it's no longer possible to register as a Play EMM API based EMM (with a custom DPC). You won't be able to leverage app and account based API features.
If you'd like to lean on Google's AMAPI, you'll have to discard work on the custom DPC and leverage the Android Device Policy app instead.
