Search code examples
androidandroid-management-api

Android Management API doesn't apply policies

I've been following the Android Management API guide quickstart: https://colab.research.google.com/github/google/android-management-api-samples/blob/master/notebooks/quickstart.ipynb

I have created a dummy project, enterprise, and service account. I can generate a qrcode with the following python script:

from apiclient.discovery import build
import google.auth
import os
from urllib.parse import urlencode
import webbrowser


# set key as environment variable, so that google.auth.default() can automatically find the project
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = "./celtic-bazaar-342809-6536138e074c.json"

credentials, project = google.auth.default()

# Create the API client.
androidmanagement = build('androidmanagement', 'v1')

print('\nAuthentication succeeded.')


enterprise_name = 'enterprises/LC0498xe68'

policy_name = enterprise_name + '/policies/policy2'

# define policy
policy_json = {
    'debuggingFeaturesAllowed': True,
    'locationMode': 'LOCATION_DISABLED'
}

result = androidmanagement.enterprises().policies().patch(
    name=policy_name,
    body=policy_json
).execute()

enrollment_token = androidmanagement.enterprises().enrollmentTokens().create(
    parent=enterprise_name,
    body={"policyName": policy_name}
).execute()

image = {
    'cht': 'qr',
    'chs': '500x500',
    'chl': enrollment_token['qrCode']
}

qrcode_url = 'https://chart.googleapis.com/chart?' + urlencode(image)

webbrowser.open(qrcode_url, new=0)

print('\nIf the code is not displayed automatically, visit this URL to scan the QR code:', qrcode_url)

However when i scan the code with my device, I get the following error: "Oops Couldn't set up your device. Contact your IT department."

If I just set the policy_json to {'debuggingFeaturesAllowed': True} I don't get the error, but adding any other options (adjustVolumeDisabled, uninstallAppsDisabled, etc.) results in the error and the options aren't applied.

If I go to the device's settings -> security -> Device administrators, I can see that 'Device Policy' is there and cannot be deactivated but none of the options are applied.

The device I am testing this on is an Asus ZenPad Z380M running Android 7.0

What is causing this error?

Solution

  • Turns out the device wasn't being enrolled at all using this method even when there was no error. I checked this with the REST api: https://developers.google.com/android/management/reference/rest/v1/enterprises.devices/list

    The way I got around it was to follow the guide for enrolling an Android 6.0 device:

    1. Turn on a new or factory-reset device.
    2. Follow the setup wizard and enter your Wi-Fi details.
    3. When prompted to sign in, enter afw#setup.
    4. Tap Next, and then accept the installation of Android Device Policy.
    5. Scan the QR code.

    Strange since the device definitely was running Android 7.0 but it's an old device so it may be because of that.