Android Enterprise Documentation: Create a QR code
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION- Either of the two checksums below
android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM- A String extra holding the URL-safe base64 encoded checksum of any signature of the android package archive at the download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION - Note: for devices running
Build.VERSION_CODES.LOLLIPOPandBuild.VERSION_CODES.LOLLIPOP_MR1, only SHA-1 hash is supported. Starting fromBuild.VERSION_CODES.M, this parameter accepts SHA-256 in addition to SHA-1. FromBuild.VERSION_CODES.Q, only SHA-256 hash is supported. - If the APK is signed with the APK signature scheme v2 or JAR-signed v1 scheme (untested with v3 or higher), you can use apksigner with any of the following to get the SHA-256 signature checksum (assumes variable named
apkcontains the filepath to the APK):shapksigner verify --print-certs "$apk" | sed '/Signer #1 certificate SHA-256/{s/.*SHA-256 digest:\s*//;q};d' | xxd -r -p | openssl base64 | tr -- '+/' '-_' | tr -d '\n'
PowerShellCoreapksigner verify --print-certs "$apk" | Select-String 'Signer #1 certificate SHA-256 digest:\s*(.*)' | % {[Convert]::ToBase64String([Convert]::FromHexString($_.Matches.Groups[1].Value)) -replace '\+','-' -replace '/','_'}
Windows
PowerShellapksigner verify --print-certs "$apk" | Select-String 'Signer #1 certificate SHA-256 digest:\s*(.*)' | % {[Convert]::ToBase64String(($_.Matches.Groups[1].Value -split '(..)' -ne '' | % {[Convert]::ToInt32($_,16)})) -replace '\+','-' -replace '/','_'}
- If the APK is signed with the JAR-signed v1 scheme, you can alternatively use
keytool(from Java's JRE/JDK) with either of the following to get the SHA-256 signature checksum (assumes variable namedapkcontains the filepath to the APK):shkeytool -printcert -jarfile "$apk" | sed '/\s*SHA256/{s/.*SHA256:\s*//;q};d' | xxd -r -p | openssl base64 | tr -- '+/' '-_' | tr -d '\n'
PowerShellCore or WindowsPowerShellkeytool -printcert -jarfile "$apk" | Select-String '\s*SHA256:\s*(.*)' | % {[Convert]::ToBase64String(($_.Matches.Groups[1].Value -split ':' | % {[Convert]::ToInt32($_,16)})) -replace '\+','-' -replace '/','_'}
- A String extra holding the URL-safe base64 encoded checksum of any signature of the android package archive at the download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM- A String extra holding the URL-safe base64 encoded checksum of the file at download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION - Note: for devices running
Build.VERSION_CODES.LOLLIPOPandBuild.VERSION_CODES.LOLLIPOP_MR1, only SHA-1 hash is supported. Starting fromBuild.VERSION_CODES.M, this parameter accepts SHA-256 in addition to SHA-1. FromBuild.VERSION_CODES.Q, only SHA-256 hash is supported.
- A String extra holding the URL-safe base64 encoded checksum of the file at download location specified in
android.app.extra.PROVISIONING_LOCALEandroid.app.extra.PROVISIONING_TIME_ZONEβ Wiki list of tz database time zonesandroid.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLEandroid.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADERandroid.app.extra.PROVISIONING_LOCAL_TIMEandroid.app.extra.PROVISIONING_WIFI_HIDDENandroid.app.extra.PROVISIONING_WIFI_SECURITY_TYPEandroid.app.extra.PROVISIONING_WIFI_PROXY_HOSTandroid.app.extra.PROVISIONING_WIFI_PROXY_PORTandroid.app.extra.PROVISIONING_WIFI_PROXY_BYPASSandroid.app.extra.PROVISIONING_WIFI_PAC_URLandroid.app.extra.PROVISIONING_SKIP_ENCRYPTION
Android Zero-Touch Enrollment EMM Provisioning Guide
Use the following intent extras to set up your DPC
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLEandroid.app.extra.PROVISIONING_LOCALEandroid.app.extra.PROVISIONING_TIME_ZONEβ Wiki list of tz database time zonesandroid.app.extra.PROVISIONING_LOCAL_TIMEandroid.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLEDandroid.app.extra.PROVISIONING_MAIN_COLOR- ARGB color integer
(A & 0xff) << 24 | (R & 0xff) << 16 | (G & 0xff) << 8 | (B & 0xff) - Uses a signed integer. Thus, it takes the two's
complement.
- E.g. 0xff000000: 0x7F000000 - 2^31 (
2130706432 - 2147483647 = -16777216)
- E.g. 0xff000000: 0x7F000000 - 2^31 (
- White (0xffffffff): =
-1 - Black (0xff000000): =
-16777216 - LightGray (0xffcccccc): =
-3355444 - Red (0xffff0000): =
-65536
- ARGB color integer
android.app.extra.PROVISIONING_DISCLAIMERS
Don't include the following extras that you might use in other enrollment methods
android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAMEandroid.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUMandroid.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADERandroid.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATIONandroid.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
android.app.extra.PROVISIONING_IMEIandroid.app.extra.PROVISIONING_MODE- 1 = Fully managed device
- 2 = Managed profile
android.app.extra.PROVISIONING_SKIP_USER_CONSENTandroid.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS
Hi! This has been super helpful. But I am struggling to read the
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE, anyone have any examples or tips on how to get the values out of this? It seems that is supposed to be read from GetProvisioning or PolicyCompliance but am unable to. Any help would be really appricated