Search code examples
pythonandroid-management-apiemm

How to add android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED when creating enrollment token for afw#setup enrollment


We successfully can add android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED:true to a qrCode bundle by injecting the property into the returned enrollment token before converting to a QR code which will indeed leave system apps enabled; however, I would like to have the option to enroll a device using the afw#setup DPC enrollment method by entering the returned token value in as a manual code instead of creating a QR code.

When creating the token via Method enterprises.enrollmentTokens.create, is there any way to pass the android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED:true property when creating the token to allow this property to take effect while manually entering the token value? Or is that property only allowed to affect QR code enrollments rather than manual ones?

For example, I want to use this DPC identifier method by entering the code manually but with the passed android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED:true

Here is the documentation: https://developers.google.com/android/management/provision-device#dpc_identifier_method

I have tried multiple ways to set a qrCode value during token creation but the property never shows up in the returned enrollment_token object. For example if I use this to create a token:

            enrollment_token = (
            androidmanagement.enterprises()
            .enrollmentTokens()
            .create(
                parent=f"enterprises/{enterprise_name}",
                body={
                    "policyName": policy_name,
                    "user": {"accountIdentifier": f"{device_alias}"},
                    "oneTimeOnly": "TRUE",
                    "qrCode": '{"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true,"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver","android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg","android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup","android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "ENROLLMENT_TOKEN"}}'
                })
            .execute()
        )

It always returns an object without the android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED:true such as

  "name": "enterprises/enterprise_name/enrollmentTokens/SOME_TOKEN",
  "value": "SOME_VALUE",
  "expirationTimestamp": "2022-03-15T11:22:19.935Z",
  "qrCode": "{\"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME\":\"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver\",\"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM\":\"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg\",\"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION\":\"https://play.google.com/managed/downloadManagingApp?identifier=setup\",\"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE\":{\"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN\":\"SOME_TOKEN\"}}"

Solution

  • The API generates the contents of the qrCode field. When manually inputting the enrollment token during afw#setup enrollment, you cannot use DPC extras like android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED.

    Extras are only usable when provisioning devices via QR Code or Zero Touch.

    Please refer to this link for more info. https://developers.google.com/android/management/provision-device#example_qr_code_bundle https://developers.google.com/android/work/play/emm-api/prov-devices#create_a_qr_code