Search code examples
androidmdmdevice-ownerandroid-device-owner

Android 12 - Launch MDM app after setup using PROVISIONING_SUCCESSFUL

We recently migrated our Device Policy App(MDM) to support android 12 and would like to open our MDM dpc app after initial setup wizard is complete. This was working fine till android 11 until android 12 updates came out. We are handling GET_PROVISIONING_MODE and ADMIN_POLICY_COMPLIANCE but PROVISIONING_SUCCESSFUL is never called.

This is our code in Manifest for PROVISIONING_SUCCESSFUL :

<activity
        android:name=".pages.ProvisioningSuccessActivity"
        android:exported="true"
        android:theme="@android:style/Theme.NoDisplay"
        android:permission="android.permission.BIND_DEVICE_ADMIN">
        <intent-filter>
            <action android:name="android.app.action.PROVISIONING_SUCCESSFUL"/>
            <category android:name="android.intent.category.DEFAULT"/>
        </intent-filter>
</activity>

We are calling setResult(RESULT_FIRST_USER, intent); on receive of ADMIN_POLICY_COMPLIANCE intent.

Can anyone please help us with this?

Solution

  • Starting with Android 12 the PROVISIONING_SUCCESSFUL intent is only sent when

    • Provisioning does not happen within the initial setup wizard (e.g. when the end-user installs and starts the DPC app which then triggers provisioning through ACTION_PROVISION_MANAGED_PROFILE) or
    • No activity for the ADMIN_POLICY_COMPLIANCE activity action can be resolved

    See here for the corresponding source code.

    So in your case you have to replace the intent filter for PROVISIONING_SUCCESSFUL of your ProvisioningSuccessActivity with an intent filter for ADMIN_POLICY_COMPLIANCE.

    Background Information

    The ADMIN_POLICY_COMPLIANCE intent has already been introduced in Android 10, together with GET_PROVISIONING_MODE. Since then, it is the recommended intent for DPCs, to extend the initial setup wizard with a compliance screen and enforce initial policy settings:

    DPCs must use this new Intent instead of listening for the ACTION_PROFILE_PROVISIONING_COMPLETE broadcast. (source).

    Until Android 12 this change didn't affect existing DPC implementations, that only supported fully managed provisioning. DPCs that also wanted to make use of the new working profiles, already had to switch to the new intents with Android 10.

    With the deprecation of ACTION_PROVISION_MANAGED_DEVICE, fully managed provisioning can now only be triggered by the setup wizard. DPC implementations that support only fully managed provisioning have to switch now also to the new intents.

    The ACTION_PROFILE_PROVISIONING_COMPLETE broadcast and the PROVISIONING_SUCCESSFUL intent are now only sent, when provisioning is triggered outside of the setup wizard. E.g. when a user installs and starts a DPC app, which triggers provisioning of a working profile through ACTION_PROVISION_MANAGED_PROFILE.