Search code examples
androidwifinfcenterprise

Android Device Owner via NFC WiFi-type parameter

What are the possible values for the field 'WiFi Security Type' ? The documentation does not list possible values. https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

I would like to have a list like:

WPA = "wpa"
WPA2 = "wpa2"
WPA2-personal = "wpa2personal"
WPA2-enterprise = "wpa2enterprise"

etc.

I'm not willing to try things out, like 'brute-forcing' what works and what does not work, as every time you try, you'll have to wipe and start over. Wasting at least 15 minutes.

Solution

  • As of Android 5.0.0_r1-5.1.0_r1, the acceptable fields are "NONE", "WPA", and "WEP". It appears that a null or empty value will resolve to "NONE" but I haven't confirmed.

    The fields are directly mapped to a WifiConfig class in the ManagedProvisioning project (AOSP).

    https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/android-5.0.0_r7/src/com/android/managedprovisioning/WifiConfig.java

    Note: The security type is defined directly in this class, instead of using constants from the WifiConfiguration class.

    enum SecurityType {
    NONE,
    WPA,
    WEP;
}

    And this is a snippet of the WifiConfig function (AOSP) showing how the security type is used:

    /**
 * Adds a new WiFi network.
 */
public int addNetwork(String ssid, boolean hidden, String type, String password,
        String proxyHost, int proxyPort, String proxyBypassHosts, String pacUrl) {
    if (!mWifiManager.isWifiEnabled()) {
        mWifiManager.setWifiEnabled(true);
    }
    WifiConfiguration wifiConf = new WifiConfiguration();
    SecurityType securityType;
    if (type == null || TextUtils.isEmpty(type)) {
        securityType = SecurityType.NONE;
    } else {
        securityType = Enum.valueOf(SecurityType.class, type.toUpperCase());
    }
    // If we have a password, and no security type, assume WPA.
    // TODO: Remove this when the programmer supports it.
    if (securityType.equals(SecurityType.NONE) && !TextUtils.isEmpty(password)) {
        securityType = SecurityType.WPA;
    }
    wifiConf.SSID = ssid;
    wifiConf.status = WifiConfiguration.Status.ENABLED;
    wifiConf.hiddenSSID = hidden;
    switch (securityType) {
        case NONE:
            wifiConf.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.NONE);
            wifiConf.allowedAuthAlgorithms.set(WifiConfiguration.AuthAlgorithm.OPEN);
            break;
        case WPA:
            updateForWPAConfiguration(wifiConf, password);
            break;
        case WEP:
            updateForWEPConfiguration(wifiConf, password);
            break;
    }
    updateForProxy(wifiConf, proxyHost, proxyPort, proxyBypassHosts, pacUrl);
    int netId = mWifiManager.addNetwork(wifiConf);
    if (netId != -1) {
        // Setting disableOthers to 'true' should trigger a connection attempt.
        mWifiManager.enableNetwork(netId, true);
        mWifiManager.saveConfiguration();
    }
    return netId;
}

    Seems we're out of luck if we require credentials for an enterprise network. It's a bit baffling to me since the device owner feature is meant for MDM; connecting to enterprise networks is sometimes a requirement!