Activate a device owner using NFC on Android Lollipop

Asked 20/10, 2014 at 13:51 Answered 16/6, 2015 at 15:25

Solved android nfc android-5.0-lollipop device-policy-manager

I am trying to set the device owner package on a device using NFC. The is mentioned in the Lollipop overview here:

To deploy and activate a device owner, you must perform an NFC data transfer from a programming app to the device while the device is in its unprovisioned state. This data transfer sends the same information as in the provisioning intent described in Managed provisioning.

The reason is once this is set you can use the screen pinning feature to lock the device in a kiosk mode. I have been able to test the this kiosk mode by manually setting the device owner by placing a device_owner.xml file to data/system/ on a rooted device.

I have never used NFC before so I may be way off but I came up with the following NdefMessage based on the info here:

Properties properties = new Properties();
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, "com.my.package");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SSID, "MyWiFiSSID");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_PASSWORD, "WifiPassword");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, "C9AD9E082457819B54CF76255A400375E4127112");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, "https://dl.dropboxusercontent.com/u/xxx/app-release.apk");


ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutput out = new ObjectOutputStream(bos);
out.writeObject(properties);
byte[] yourBytes = bos.toByteArray();
NdefRecord ndefRecord = NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, yourBytes);
NdefMessage msg = new NdefMessage(ndefRecord);

Sending this to a device that I have just restored with the Lollipop preview causes it to show:

Oops! Couldn't set up your device. Contact your IT department.

Its seems to be recognising the fact that it is receiving a provision request, but I do not think it is reading the properties I set, it does not try to connect the the wifi.

Pannier answered 20/10, 2014 at 13:51 Comment(0)

It appears you need to use the Properties.store to correctly create the bytes for the NdefRecord.

Properties properties = new Properties();
properties.setProperty(...);

ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStream out = new ObjectOutputStream(bos);
properties.store(out, "");
byte[] bytes = bos.toByteArray();

NdefMessage msg = new NdefMessage(NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, bytes));

Currently, I'm having an issue with it downloading my APK and the checksum failing. Not at all sure why.

Jade answered 22/10, 2014 at 13:54 Comment(1)

I posted my own question regarding the checksum failing here: #26510270 – Jade 22/10, 2014 at 14:23

I've been trying to get this to work over NFC too. I installed a simple app on my Nexus 4 (KitKat) with an activity:

@Override
protected void onResume() {
    super.onResume();
    try {
        Properties properties = new Properties();
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, "com.deviceowner.app");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, "https://docs.google.com/uc?export=download&id=........");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, "6ee735dfb8090ab1862fecce430864e21a0e37");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SSID, "wlan");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_PASSWORD, "XXXXXX");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SECURITY_TYPE, "WPA2");

        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ObjectOutput out = new ObjectOutputStream(bos);
        out.writeObject(properties);
        byte[] yourBytes = bos.toByteArray();
        NdefRecord ndefRecord = NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, yourBytes);
        NdefMessage msg = new NdefMessage(ndefRecord);
        nfcAdapter.setNdefPushMessage(msg, this);
    } catch (IOException e) {
        e.printStackTrace();
    }
}

I flashed my Nexus 7 flashed with the Lollipop preview image (razor-lpx13d-preview-ae4f461f.tgz) and gave it an NFC bump with the Nexus 4 when the Nexus 7 was un-provisioned (no setup - fresh after flashing) and got the same error message:

Oops! Couldn't set up your device. Contact your IT department.

Then I tried the same thing but this time after running through the initial device setup on the Nexus 7 (to the point where I could see the home screen). This time I got the message

Oops! This device is already set up

But this time, I was able to see some logging as I was able to setup USB debugging on the Nexus 7:

10-22 10:31:29.947    2610-2610/? D/NfcService﹕ LLCP Activation message
10-22 10:31:29.947    2610-2610/? I/NfcP2pLinkManager﹕ LLCP activated
10-22 10:31:29.947    2610-2610/? D/NfcP2pLinkManager﹕ onP2pInRange()
10-22 10:31:29.954    2610-2610/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:29.962      184-547/? D/audio_hw_primary﹕ select_devices: out_snd_device(2: speaker) in_snd_device(0: none)
10-22 10:31:29.962      184-547/? D/ACDB-LOADER﹕ ACDB -> send_afe_cal
10-22 10:31:29.962      184-547/? D/audio_hw_primary﹕ enable_snd_device: snd_device(2: speaker)
10-22 10:31:29.974      184-547/? D/audio_hw_primary﹕ enable_audio_route: apply and update mixer path: low-latency-playback
10-22 10:31:29.981    2610-2610/? D/NfcP2pLinkManager﹕ Last registered callback is not running in the foreground.
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ Disabling default Beam behavior
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ mMessageToSend = null
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ mUrisToSend = null
10-22 10:31:29.996    2610-2610/? D/NfcP2pLinkManager﹕ Took 48 to get first LLCP PDU
10-22 10:31:30.599    3224-3224/? I/wpa_supplicant﹕ wlan0: CTRL-EVENT-SCAN-STARTED
10-22 10:31:31.741    2610-2610/? D/NfcP2pLinkManager﹕ onP2pReceiveComplete()
10-22 10:31:31.751    2610-2610/? D/NfcService﹕ mock NDEF tag, starting corresponding activity
10-22 10:31:31.751    2610-2610/? D/NfcService﹕ TAG: Tech [android.nfc.tech.Ndef]
10-22 10:31:31.757    2610-3275/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:31.770     549-2765/? I/ActivityManager﹕ START u0 {flg=0x10008000 cmp=com.android.nfc/.NfcRootActivity (has extras)} from uid 1027 on display 0
10-22 10:31:31.795    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONDESTROY
10-22 10:31:31.827    2610-3275/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:31.848     549-2335/? I/ActivityManager﹕ START u0 {act=android.nfc.action.NDEF_DISCOVERED typ=application/com.android.managedprovisioning cmp=com.android.managedprovisioning/.DeviceOwnerProvisioningActivity (has extras)} from uid 1027 on display 0
10-22 10:31:31.886    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONCREATE
10-22 10:31:31.887    7237-7237/? E/ManagedProvisioning﹕ Device already provisioned.
10-22 10:31:31.903    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONRESUME
10-22 10:31:32.011      549-621/? I/ActivityManager﹕ Displayed com.android.managedprovisioning/.DeviceOwnerProvisioningActivity: +149ms (total +200ms)
10-22 10:31:32.955    2610-2610/? D/NfcService﹕ LLCP Link Deactivated message. Restart polling loop.
10-22 10:31:32.955    2610-2610/? I/NfcP2pLinkManager﹕ LLCP deactivated.
10-22 10:31:32.955    2610-2610/? D/NfcP2pLinkManager﹕ Debounce timeout
10-22 10:31:32.955    2610-2610/? D/NfcP2pLinkManager﹕ onP2pOutOfRange()

So it does seem that the Device Owner NFC bump can only happen on an unprovisioned device. I appreciate this doesn't answer your question, but the log output might help. Getting hold of the source code for DeviceOwnerProvisioningActivity would certainly help.

Clearance answered 22/10, 2014 at 9:50 Comment(7)

I got this to work with the answer posted by @Jade - but I am now stuck at the same point: Couldn't use the admin app due to a checksum error. Contact your IT department – Clearance 22/10, 2014 at 21:28

Were you able to successfully provision wifi settings? When I do it it sits there saying "Connecting to Wi-Fi..." but never connects. – Jade 23/10, 2014 at 13:44

No, I removed the wifi settings, entered them in the first setup screen, then did the NFC bump. That's when I got the checksum error. Did you get any further with that? – Clearance 23/10, 2014 at 16:49

Nope. I tried putting the wifi settings in just so it would auto connect and I wouldn't have to manually enter the credentials (cause I'm lazy), but it failed to connect to wifi. When I removed the wifi settings it would require me to manually connect to wifi. Once I manually connected it would download the APK but the checksum failed every time. – Jade 23/10, 2014 at 16:55

Any luck on this wifi? i got the same 'connecting' problem even though i can see the wifi icon as connected – Annettaannette 28/11, 2014 at 1:16

Same issue here with the Wifi. If I enter the wifi security type, an exception seems to occur. Without this parameter I have an infinite 'Connecting'. Not sure about the format. – Caribbean 16/1, 2015 at 19:45

I am also facing same issue with following code: p.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SSID, "-----"); p.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_PASSWORD, "----"); It seems it is getting connected with WiFi but stuck on Connecting to Wi-fi... Screen. Any success on this? – Proustite 12/3, 2015 at 15:24

You should enter the WiFi parameters manually. There is a bug that has been corrected in Android 5.1.

Roderica answered 16/6, 2015 at 15:25 Comment(0)

Recommended topics

Hot tags