in

How to keep system apps from being removed during device provisioning via Android Management API


I am generating a QR enrollment code using the Android Management API; however, the system apps such as Camera, Calculator etc get removed by the DPC upon enrollment in fully managed mode.

Other posts have mentioned that you must add the following to the object generated by the enrollmentTokens.create() method:
android.app.extra.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"] = true

What I am currently doing currently is:

  1. Generate the QR code with the following python code:
androidmanagement = build(
    "androidmanagement", "v1", credentials=credentials
)

enrollment_token = (
    androidmanagement.enterprises()
    .enrollmentTokens()
    .create(
        parent=f"enterprises/{enterprise_name}",
        body={
            "policyName": policy_name,
            "user": {"accountIdentifier": f"{some_identifier}"},
            "oneTimeOnly": "TRUE",
        },
    )
    .execute()
)
  1. Then add the property
res = json.loads(enrollment_token["qrCode"])

res["android.app.extra.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"] = True

formatted_object_string = json.dumps(res)

enrollment_obj = formatted_object_string.replace(" ", "")

If you print enrollment_obj you get:
{"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver","android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"SOME_CHECK_SUM","android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup","android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"SOME_ENROLLMENT_TOKEN"},"android.app.extra.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true}

This object is used to create a QR code link that looks like the following (without obfuscated data of course):

https://chart.googleapis.com/chart?cht=qr&chs=500x500&chl=%7B%22android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME%22%3A%22com.google.android.apps.work.clouddpc%2F.receivers.CloudDeviceAdminReceiver%22%2C%22android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM%22%3A%22<SOME_CHECKSUM>%22%2C%22android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION%22%3A%22https%3A%2F%2Fplay.google.com%2Fmanaged%2FdownloadManagingApp%3Fidentifier%3Dsetup%22%2C%22android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE%22%3A%7B%22com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN%22%3A%22<SOME_ENROLLMENT_TOKEN>%22%7D%2C%22android.app.extra.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED%22%3Atrue%7D

This will allow an enrollment; however, the DPC does not seem to honor the added property. Can anyone see where I may be going wrong?



Source: https://stackoverflow.com/questions/70717561/how-to-keep-system-apps-from-being-removed-during-device-provisioning-via-androi

NGINX Controller Application Delivery Modules Improves Health Checks and Caching Configurations

Golang AWS SAM Lambda example