I need some help with my app that I build for Android TV.
I already make a COSU app for Android TV, but the problem is I need to use adb shell to make my app as device owner. Is there a way to make my app as device owner programmatically? Because I will install my app in +100 STB devices. I tried a method from SO answer, but it's not working.
I still can't figure it out how to update my app later if there is a new version of my app, because like it said in here, I can't use Android Management API on Android TV and also I think I can't use Google Play to update a COSU app. Is there a better approach to update my app?
Need help.
Thank you.
Since your app got device admin permissions, your app can update itself silently in background using PackageInstaller API. All you have to do is to just download the new apk when available and forward it to PackageInstaller which can update and install your new apk.
Here's a sample if you wanna look how to implement it: author's link is dead (after edit link - I think they are similar).
You can't make your app device owner programmatically unless the device is rooted. Here's a list of options by Google to make device owner remotely.
Provisioning google dev docs.
Related
I have a question about admin apps on Android that I can't find the answer to. I followed the guide on creating an admin app from here:
https://developer.android.com/guide/topics/admin/device-admin#java
I successfully created an admin app but there's something that's confusing me. I have a fresh device (Moto G6) and when I go into Settings->Security&Location->DeviceAdminApps I see a list of admin apps on the device. Right now it lists my app and a Google Play Services app titled "Find My Device". The only difference, though, is that the google app was on by default. Normally, and including in my app, when I try to use an admin feature (through DevicePolicyManager), an android page pops up asking me to enable it as an admin app. Since the Google app is already enabled, that pop up doesn't need to appear.
So, my question is how do I make an app an admin app by default (without needing the pop up page)? I assume something needs to be done on boot up but I have no idea what that Google app does. Does anyone out there have any idea?
So, my question is how do I make an app an admin app by default (without needing the pop up page)?
Build your own firmware with your own custom build of Android, where you pre-install your device admin app and set things up for it to be pre-enabled.
Alternatively, I think if you create a device owner app, it will be enabled upon installation, but that installation happens when the device is being first set up.
Ordinary device admin apps require users to agree to enable them, for blindingly obvious security reasons.
I'm new to android enterprise development world, and I have some misconception of how different pieces in the android enterprise ecosystem relate to one another. Let me explain.
The solution that I'm trying to achieve is being able to lock the device into kiosk mode both remotely, and also based on some business logic do it even when the user is offline. I started investigating EMM and particularly Android Management API to solve the problem. I was able to lock the device remotely into kiosk mode using the API. The steps that I take is following
Factory reset the android device
Reach the screen where user needs to enter their credentials
Instead of real credentials I enter afw#setup
Device enters into work profile mode and android device policy is being installed
I create an enrollment token in the management API (the steps for that are described in the quick start guide
I generate a QR code and scan it using the factory reset device as soon as I'm prompted
The device will be linked to the enterprise, and I'm successfully being able to control it and put the device into kiosk mode by creating special kiosk mode policy and patching the device to comply to that policy using a combination of patch policy (to create a policy) and patch device APIs.
The next step was finding out a way to lock the device into kiosk mode even when user is offline. I assume that it's going to happen by creating an android enterprise custom DPC (device policy controller) application. I assumed that by reading the following documentation, where one of the 3 ways of provisioning "single purpose" devices is creating a custom DPC application. Here's another quote from different url
As an EMM, you develop a DPC app that can be used by your customers in conjunction with your EMM console and server. Your customer deploys the DPC to the user devices that they manage. The DPC acts as the bridge between your EMM console (and server) and the device. An admin uses the EMM console to perform a range of tasks, including configuring device settings and apps.
And here's where all of my confusions arise.
First question that naturally arises - was the author of the previous quote referring to EMM management API when talking about EMM console and server?
Further, there are more questions that I couldn't find an answer to
In the guide for creating a custom DPC there are no mentions about what role EMM API will play in custom DPC, and consequently there's no place I could find that describes how exactly the custom DPC is a bridge between the EMM console (presumably EMM API) and the device?
Then, let's assume I've developed a custom DPC application and uploaded it to google play alpha channel. The documentation states that during the setup process instead of entering afw#setup I should enter afw#DPC_NAME, and I have no idea how to generate that name? Is it the bundle ID of the DPC app? Or perhaps it's being set somewhere in google settings? For instance, google has developed the TestDPC application to test enterprise solutions, and I was able to go through the steps I described above and enter afw#testdpc and successfully scanned the QR code in the git readme file and I saw that TestDPC was installed and device was launched into work profile mode. So, I assume somehow I need to register my own "testdpc" and enter afw#my_dpc instead.
Basically I have different pieces working stand alone and I want to form a broader picture in my mind to understand how to stitch those pieces together.
Thanks for your answers
UPDATE 1:
Today I found a way of turning custom DPC into device owner without going through NFC or other provisioning process. This is particularly useful for development purposes. Follow this link for instructions.This is both huge time saver, and also, in my case, we still are waiting for google's approval, but finally we can start testing some stuff without the need of custom provisioning process.
There are two distinct ways of managing Android devices:
The new way: the Android Management API. It is the way recommended by Google and it's significantly simpler than the old way, you don't need to call other APIs or to create a custom DPC. If your use case is not addressed by this API you can send feedback to Google so they can add the missing features.
The old way (no longer available for new deployments as of 2019-12-20): using custom DPC. For that you need to:
create a custom DPC,
register your custom DPC with Google by joining the EMM Community (this is how you get the afw#DPC_NAME),
use the Google Play EMM API to install apps.
In the documentation you - the developer using these APIs - are referred as "the EMM". "EMM server" refers to the server that you own and that calls these API, and "EMM console" refers to the UI console that you expose to your IT admins, if any.
https://developer.android.com/work/dpc/build-dpc
Caution: Android Enterprise is no longer accepting new registrations
for custom device policy controllers (DPCs). Learn more.
Hi #Fred,
I found this above information from the mentioned path.
I have some questions regarding the above conversation.
If we use Android management API to develop EMM, we don't need to implement Custom DPC app?
Whether we can register a account in EMM community with Custom DPC app?
Is it possible to use a custom DPC app with Android management API?
My question is specifically about one line in Android documentation here. https://developers.google.com/android/work/prov-devices#set_up_device_owner_mode_google_account . Particularly item #2 where it says
The DPC is automatically downloaded to the device and launched.
How?
Specifically, what is the trigger that launches the DPC after download while still in the context of the startup wizard? I'm asking because it isn't working for me.
I've got Corporate-Owned Single Use (COSU) application, but I'm getting tripped up on deployment -- specifically the part where the DPC app sets itself as the device-owner. So far, I've loaded the app in Google Play Store as a private application. G-Suite exists in the same domain and Google is registered as the EMM for the account. The COSU app is whitelisted and installs as part of the setup wizard... but it doesn't launch.
To the best of my understanding, it has to launch within the context of factory-reset so that I can reset the device owner to the downloaded app.
Is there a specific Activity or BroadcastIntent I should be looking for? I'm new to Android, so I've been pouring through the TestDPC code, Android docs, and SO posts, but this deployment thing is a pain.
As a secondary query. How would you debug this situation? Its all factory-reset and install by wire, I don't have the opportunity to turn on developer mode and watch logs through Android Studio as it happens. And pushing new builds to Google Play and resetting hardware to download and install has a very long cycle time.
Thanks in Advance
For your DPC to be downloaded and launched after an account is added you need to register as your own EMM along with your DPC, and enroll your G-Suite domain with this EMM.
It might be simpler for you to instead use Google's new Android Management API which doesn't require implementing a DPC or registering as an EMM.
Is is possible to make an android app non deletable.. What i mean is, I want to install a app, but I cant remove/ uninstall it. If I want to uninstall it then it should prompt me for password which I would have set during installation of the app.
When I read the docs they tell it can be done using Device Admin, but it doesnt provide security, interms of it doesn't ask the user for the password and deletes if its correct..
Is it possible to make an app such that even if there is a factory reset the app will still be there on the phone ?
Is is possible to make an android app non deletable
No, unless you want to create your own ROM and preload it with your app, just like some manufactures preload their devices with their own software and other bloatware.
No it is possible to restrict any user to delete the app from android device.
As google already maintaining this scenario by using the concept known as Device Management System.
Google Eyeing on apps which are published by the developer / installed or deleted by the user.
Although you can make your own app which will notify your admin that user is trying to delete the app or deleted the app, using Service Intent concept.
My customer wants the android app to update itself automatically whenever a change is made. They do not want to publish the app in the android market. For the first time, the app will be installed using the Android SDK or the numerous other ways to install.
How do I ensure that the app is automatically upgraded whenever bug fixes or features are added. If not automatically, a button from the app is also ok
Thanks.
Create an "updater" application. This application will monitor a remote server for updates and if it finds one, it will install the apk programmatically. Read this question for directions on how you can install an apk programmatically. You will easily find more information regarding this topic on the net.
You could try to use Pushlink. http://www.push-link.com
It can be done in following ways :
1. a push notification mechanism
2. server pooling on each start / time interval
3. Push SMS
to update the client application.
If your client is using Google Apps you can create a private Google play channel for your organization. There you can publish the apps only for your users to see. I know that you explicitly said that this is not an option, but it's, by far, the best option (although it's not free).
http://support.google.com/a/bin/answer.py?hl=en&answer=2494992
Maybe you can update your app programmatically:
download new version of your app (*.apk) to a local storage of
Android device
run new Intent for update app
Intent intentInstall = new Intent(Intent.ACTION_VIEW)
.setDataAndType(Uri.parse("file:///path/to/new_app.apk"),
"application/vnd.android.package-archive");
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intentInstall);
remove downloaded *.apk
See also Android App Version Update service without releasing it to marketplace