- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 07:44 PM
Hi ,
I am working on a MDM application which is a Device admin app, Now I am trying to move it to Device Owner. I used Android Management API and generated Enrolment Token. I have uploaded my APK in S3 bucket and given that downloadable link In QR code Json. After factory reset, I am clicking 6 times on the screen and scanning the QR code, after connecting to WIFI, it says "Device belongs to your organization" . When I click on Next button, I an getting a popup saying that "CAN"T SETUP DEVICE, CONTACT YOUR IT ADMIN FOR HELP". How to fix this. what all things I need to handle in my android code. How will my app get downloading when scanned the QR code. Here is my Json for QR code.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}
Hoping you will help me resolve this issue.
Thanks in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2024 06:54 AM
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}
To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2024 01:31 AM
I think you got it all wrong, when you are using Android Management API, the device owner is the Google Device Policy Controller.
If you want to create your own device owner you can do so, but the device won't be manageable with the Android management API.
To create your own device owner you can read this blog article https://medium.com/@codybrookshear/creating-an-android-device-owner-app-in-2023-b7e7b9fb3aca
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2024 02:59 AM
In this example they are setting device owner using ADB command, but I want to do it for live devices.
So can't I make my Device admin app as Device owner? So using this ANdroid Management API, can I install/ push my admin APK to the device? How do I push the policies.
Sorry for asking so many questions, I am completely new to this feature.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2024 06:54 AM
If you want to use your own Device Policy Controller, you will do nothing with AMAPI what so ever. You'll be responsible for building policies and sending them to devices, for app installation (APK only), and user management. The AMAPI does not support custom device owner apps.
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "checksum generated from dowloaded APK",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://android-android.s3.eu-1.amazonaws.com/Android-74.apk",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YLEHSBDKDBDWTJESJGOLAFKN"
}
}
To get this working, you'll need to generate the package checksum (or use the admin signature checksum in its place), and remove the bolded section, as your DPC won't support that.
From this json you can create a QR code, then tap 6 times on the welcome screen of the device (not the button) until the camera comes up. Scan the code and it'll set your app to DO.
Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2024 11:18 AM
Hi,
you mentioned
"Your app will have to talk to your own server application, and fetch the policies and configurations from that accordingly" this,
in the above what is server application?. From where I should fetch policies and configuration. Any sample snippet ? will really help.
what changes or implementations I need to do in my app. (currently we have only one app which is Device admin app (with Kiosk ), we want to make that as Device Owner, this app should get downloaded and installed once we scan the QR core.
I am worried if I understood the whole process wrongly. Please help with this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2024 02:33 PM
I fear you may have.
If your app has one function and everything is hard-coded to behave a certain way - push the device into kiosk, show one app or perform one function, etc, then you could perhaps get away with no server component controlling the DPC remotely, but if your intention is to remotely configure these devices, you'll need a server application that the DPC checks into from every configured device in order to get instructions on policies (APIs) to set.
For a traditional EMM, the app on the device is only half of the solution, the rest of it comes from a command server that allows admins to create and save the policies that are sent down to the DPC app.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2024 02:37 AM
Heard that when we move to Device Owner using Android Enterprise or with few third party EMM's who are partners with AE, we get more features in terms of managing devices. For Example, 1) setting Mobile data always on. 2)allowing user to give special permissions in kiosk mode where settings is blocked. etc.
Can we achieve it with our application now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2024 08:16 AM - edited 01-05-2024 08:16 AM
Yup as a device owner you get a considerable amount more - all of the following (and more) is in scope -
https://developer.android.com/reference/android/app/admin/DevicePolicyManager
For special permissions there are still limitations in place as Google restricts them, (accessibility etc), but you'll do way more than on DA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2024 09:05 PM - edited 01-04-2024 09:43 PM
Thank you So much Jason, it is working, App got installed.
Now how do I uninstall it, I worried about it, previously we have a policy to deactivate the admin then I use to uninstall , bit now the uninstall button is disabled in the device
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2024 08:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2024 01:21 AM
Thank you so much Jason, you saved my day. It is working perfectly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2024 02:31 AM
Hi Jason,
How do I become an Android Enterprise EMM? in the official site it says AE is not accepting any new registrations, then how do I become an AE EMM. what should I do if I want to use all the advanced features by becoming Device Owner.
By using the above QR code, my application is becoming Device Owner and it is talking to our own traditional EMM(server app) to push the policies. what is the difference between both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2024 09:10 AM
Hi @sravanthi,
That's right, it's no longer possible to register as a Play EMM API based EMM (with a custom DPC). You won't be able to leverage app and account based API features.
If you'd like to lean on Google's AMAPI, you'll have to discard work on the custom DPC and leverage the Android Device Policy app instead.
- Questions Regarding Fully Company-Owned and Managed Devices with AMAPI in General discussions
- MDM get Customers and Devices Api Access issue in General discussions
- [BUG] Android Management API: "Disable" Option Bypasses FORCE_INSTALLED Restriction in General discussions
- Trace Logs Manual Deletion Devices in General discussions
- Enhanced Factory Reset Protection in Android 15 in Tips & guides