Login/Register
Is it possible to build a DPC without enroling with EMM Community?
Asked Answered
Solved androidandroid-for-workcosuandroid-enterprise
F

3

7

Since the process of applying for EMM integration takes an unjustifiably big amount of time and the whole process is described as "incredibly painful" by those lucky ones that went through it, I want to know whether is it absolutely needed to become an EMM in order to have a working Device Policy Controller app (DPC).

If you faced this problem, please share the experience.

I am developing for COSU devices and want to go into a kiosk mode. I am aware of existence of ways of how to do it, but they all implement a bunch of workarounds - this is not an option - I want a controllable, safe and robust way of doing this. I don't care about not having the ability for remote managing also.

Fuscous answered 1/8, 2017 at 15:33 Comment(10)
What worked for you? how you managed to work on dedicated devices ?Flamboyant
I've provisioned my devices with QR code provisioning (available since Android 7.0). I've ended up developing 2 apps: 1) Device Policy Controller app, 2) My kiosk app itself. The first one becomes a device admin during provisioning and is responsible for updates (of itself and the kiosk app). The second one is the app that runs as a kiosk on a device (you cannot exit it, no system UI, etc.). developer.android.com/work/dpc/build-dpcFuscous
Ok I will look into it. But seems like to install App #1 (DPC) we need a physical access to the device. Is there anything that we ship only APK and other things set themself as a kiosk....Flamboyant
I am looking into solutions where the dedicated device could be not accessible physically and our client may not be so technical. In this scenario how to do it? and what will be best for this scenario.. .. .. ..Flamboyant
I'm not aware whether what you want is even possible. Turning a device into a kiosk is a serious security affair, and it may be that provisioning into kiosk is done the way it is done due to just that - a person (or software) that provisions the device must prove that it basically owns the device (or has a right to be its admin). And the easiest way to prove that is to own a device physically. Please, let me know, if you'll achieve provisioning the way you want.Fuscous
And you are absolutely right worrying about non-tech savvy ppl doing QR code provisioning. I've been running my kiosk project for over 3 years now, and I still get support questions regarding the provisioning. People just don't read anything, especially the installation guide. Oh, and one more thing to keep in mind: some vendors change OS and delete a module that is needed for provisioning, i.e. such devices will never be kiosks. Samsung tablets are OK in this regard, but Huawei ones might do that. The thing is, it is impossible to check that before buying the device.Fuscous
I am pleased to listen that you are working on kiosk for quiet a long time. So How come you are working on those? You get the device physically and install your app on them and you do provision in kiosk? what method are you using to provision the device to make them kiosk? can you share a code for them?Flamboyant
My major concerns are as following 1-My app should be working as home 2-No one should be able to exit my app 3-Status bar and navigation bar should not be accessible to user.Flamboyant
Let us continue this discussion in chat.Fuscous
please check the comments in chatFlamboyant
G
3

You just want to write an app that uses Device Policy Owner? That's fairly simple, assuming you own the devices. Just install your app, adb shell in, and run the dpm command to set your app as owner. If you're buying in bulk from a manufacturer you can get them to do it for you in the custom image you install (although you may need to explain what you want, it isn't a common usecase).

Of course everything has its limits. This will work, unless the user manages to do a factory reset. Which you can prevent via the UI, but can generally be reached from recovery modes or from unlocking the bootloader. So its safe from casual intrusion, but if someone really wants to get at your device and they have physical access and time, they can.

Grinnell answered 1/8, 2017 at 15:41 Comment(3)
which manufacturer had done this for you? We've been asking and keep getting stone walled, citing 'google wont let us', which seems very odd seeing as its not a consumer deviceQuartus
@Quartus A couple of random small vendors out of China. Unless you're also installing Google Play Services, then Google has nothing to do with it- use an AOSP build. More likely they either didn't know what you wanted, or you were ordering in too small a volume to be worth the effort for them.Grinnell
This is a very large chinese manufacturer I am dealing with, so suspect the volume + effort thing. They have been VERY unhelpful so far :( The problem is getting the custom AOSP build onto many 1000 devices easily. Thanks for your response!Quartus
V
4

You can use Google's new Android Management API to manage Android devices without building a DPC or registering as an EMM.

Vantassel answered 5/8, 2017 at 12:10 Comment(4)
Thanks for the link. I have no idea why I missed this resource when I was investigating the issue. I'll read through it, and if it will solve my problem, I'll let you know and mark your answer.Fuscous
It's a brand new API, it got released a few days ago. That's probably why you didn't see it before.Vantassel
Did you manage to implement this API and create a custom console for remote config and management ?Brookbrooke
@Vantassel how do Android Management API works? the link you provided clearly says it works with the EMM console? then how can you say without EMMFlamboyant
G
3

You just want to write an app that uses Device Policy Owner? That's fairly simple, assuming you own the devices. Just install your app, adb shell in, and run the dpm command to set your app as owner. If you're buying in bulk from a manufacturer you can get them to do it for you in the custom image you install (although you may need to explain what you want, it isn't a common usecase).

Of course everything has its limits. This will work, unless the user manages to do a factory reset. Which you can prevent via the UI, but can generally be reached from recovery modes or from unlocking the bootloader. So its safe from casual intrusion, but if someone really wants to get at your device and they have physical access and time, they can.

Grinnell answered 1/8, 2017 at 15:41 Comment(3)
which manufacturer had done this for you? We've been asking and keep getting stone walled, citing 'google wont let us', which seems very odd seeing as its not a consumer deviceQuartus
@Quartus A couple of random small vendors out of China. Unless you're also installing Google Play Services, then Google has nothing to do with it- use an AOSP build. More likely they either didn't know what you wanted, or you were ordering in too small a volume to be worth the effort for them.Grinnell
This is a very large chinese manufacturer I am dealing with, so suspect the volume + effort thing. They have been VERY unhelpful so far :( The problem is getting the custom AOSP build onto many 1000 devices easily. Thanks for your response!Quartus
B
2

It is definitely possible to write your own DPC without registering with the EMM community.

The most convenient option for provisioning the devices is via NFC. for example using a second device, as it is quite simple to write a provisioning application.

See Implementing Kiosk Mode in Android (part 3 and 4) for a good example.

I had a few problems with some Android 5 devices, but since 6.0 it works quite well.

Barrelchested answered 1/8, 2017 at 17:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.