0

We're currently trying to work on an application that's based on Android's mobile device management APIs. We have managed to figure out how to get device admin permissions and wipe off the phone data with the help of the same, but are unable to restrict the user from not using WiFi/Bluetooth/Location/USB/Tethering etc.

The moment we did tried to do this directly in our app it crashed with an exception stating that the current user isn't an owner/work user along with the user ID.

After that we got to know that, these user restrictions can't be directly applied on any profile via the DeviceAdminPolicy manager, but just on a work profile provisioned by the app.. So we tried following this stackoverflow answer to see if provisioning a work profile helps us with the following code. (changes were made to adapt to the deprecation)

                val intent = Intent(ACTION_PROVISION_MANAGED_PROFILE)
                intent.putExtra(EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, deviceAdmin)
                startActivityForResult(intent, REQUEST_PROVISION_MANAGED_PROFILE)

The app now prompts the user for MDM permission as per our earlier flow/code and then takes the user through a series of animations until the entire process of setting up the workflow is done, but then nothing really happens. We can't find the newly created profile and the app resumes back to the initial activity.

Trying to trigger the provisioning of work profile again causes the app to alert us that the work profile could not be added and to contact our IT admin for the same. This behavior remains the same until we wipe of the entire data on the device.

Are we missing out something out on something from the docs or maybe are doing something incorrect? Could someone please help us out with this?

An existing proper guide to setup restrictions via device admin APIs would be really helpful. Please do let us know if any additional information is required.

Thanks a lot in advance!

Mohit Shetty
  • 1,551
  • 8
  • 26
  • Based on: https://developers.google.com/android/work/requirements#4.5.-advanced-wi-fi-management_1 you need be using a managed device or dedicated device, but you mention work profile. Please clarify how you are testing (third-party provider, steps taken, your own DPC, hardware/OS under test, etc). – Morrison Chang Oct 11 '22 at 22:56
  • Thanks a lot for the quick response Morrison. We currently have a normal Pixel 6A that has been sent by our client for testing. We haven't configured it in any way as such except for prompting the user for device admin permissions – Mohit Shetty Oct 11 '22 at 22:59
  • It is still unclear if you have reset the Pixel 6A and turned it into a dedicated device or using an existing MDM provider (the client's?). You may want to review with client supported features based on MDM requirements (or check with client's MDM for appropriate policy feature). – Morrison Chang Oct 11 '22 at 23:12
  • 1
    mdm has different "modes", a workprofile only allows you to control a few things happening in that profile, the device is still owned by the user and you can't restrict the user's wifi. You need full control over the device which is normally achieved via QR Code / NFC / ... provisioning methods during device installation or after a factory reset. But you can take for example code from https://github.com/android/enterprise-samples/tree/main/DeviceOwner and use adb on a phone that has no google account installed yet and make that app device owner: https://stackoverflow.com/a/27909315/995891 – zapl Oct 12 '22 at 01:46
  • 1
    There's also https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#Policy - though that would be the path if you're planning to build a solution like the ones listed on https://androidenterprisepartners.withgoogle.com/emm/ - with Android Management API, there's a Google device admin app that gets installed on the device and google exposes the device configuration APIs on the web so you don't need to write any device admin android code yourself. Just a web frontend for your customers for example. – zapl Oct 12 '22 at 02:07
  • Hi @MorissonChang, Thanks a lot for the solution, it had really helped us figure the issue back then. We now have based our project off Headwind MDM (free; open source) and are working around it to create our own custom solutions based on it now. Keep up the good work! – Mohit Shetty Dec 28 '22 at 20:59

0 Answers0