Provisioning and Controlling Android Devices with a Device Owner Application
Updated: Jun 2, 2020
With Example of Device Agent Writer Installing Device Conductor Agent
In our previous article series of configuring kiosk mode on Android, we discussed the concepts of Device Owner and Device Policy Controller. To summarize, a Device Owner (DO) application is a management application that has the ability to take control of the Android device for specific administrative functions. With a DO app you can install other applications, control some device functions, hide launcher icons and more. The DO app and related software allows an administrator to simplify the device provisioning process. Rather than having to manually log into a Google Account, install apps, and configure settings for each device, an administrator can start the configuration process by scanning an NFC tag or QR code.
In this article, we will use the Device Agent Writer (DAW) app to install a DO app, Device Conductor Agent (DCA). DCA will allow you to set a kiosk application, disable some device features, and hide icons from the launcher. Note that you will need two Android devices for this process. The first one, the provisioning source device, will run Device Agent Writer from the Google Play Store. The second device is the target device that will run the Device Owner app, Device Conductor Agent. While our example is installing DCA to the target device, it is important to note that DAW can be used to install any DO app.
The objective is straightforward: to put the target device under the DO’s administrative control. This option is available only at the initial boot, where the target device reads its configuration from the Agent Writer app via an NFC tag, beam, or QR code. Then, the target device will download and install the Device Conductor Agent software, which in turn has the ability to administer the device.
A video version of this article may be found on YouTube.
1. Download Device Agent Writer from Google Play on the provisioning source device. This app will create the target device’s configuration and send it using NFC or a QR code.
2. Launch DAW, and you should see a screen like the one below. If you see “Android Beam is not enabled.” press Continue. In this case, your Android OS no longer supports device bump provisioning, and you should write your configuration to an NFC Tag (use a NTAG216 or other high-memory tag) or use QR Code provisioning.
3. For our demo, select the Conductor Agent MDM configuration line. You will see a screen that looks like the one below. If you want to create a new configuration, you can select the round ‘+’ button (FAB). Or, you can edit an existing configuration.
4. Next press the sync button at the bottom. If the values are valid and you have a connection to the Internet, you will see the button spin (verifies values and calculates a checksum), then change to an NFC icon that looks like N)).
5. Press the NFC button. Now, NFC tag writing or device bump is enabled, and you will also see a QR Code similar to the one in the screenshot below. If your device does not support Android Beam (see above), you will not be able to use the device bump method.
NFC tag method: if you are writing an NFC tag, place it on your source device near the NFC reader and hold it there until the app finishes writing the tag. This action should take just 1-3 seconds, and the device will typically beep when the NFC tag is properly aligned. The app will notify you if it has written the tag successfully, or you can try again.
If you are using the QR code provisioning method or NFC bump method, proceed to the next step.
6. On your target Android device, make sure it has been reset to factory settings, and turn on the device. Do not go through the Android setup process. Stay at the initial Start screen.
a. NFC bump method: Touch the source device’s NFC reader location to the target device’s NFC reader location. You will hear a beep indicating the alignment, and you must tap the screen on the source device to confirm the provisioning.
b. NFC tag method: if you configured a tag in step 5, and your target device has NFC, you may touch the NFC tag to the target’s NFC reader now to start the device provisioning.
c. QR code method: if you are using QR setup, tap the screen of the target device in the same place on the screen for six taps (doesn’t matter where, just not on a button, and the same place each time). This starts the QR provisioning, which requires Android 7.0 or higher. The QR provisioning process may ask you to connect to WiFi to download the Google QR reader. Once the QR reader is ready, the target device will start the camera preview. Use the camera to scan the QR code on the screen of your DAW app (from step 5 above). You are now done using the provisioning source device.
For more information on Android provisioning, refer to the provisioning documentation from Google.
7. On the target device, wait for the device to complete the installation of the Device Conductor Agent software. The software may be called Blue Conductor Agent, depending on your software version. In this software, you should set the password or PIN in the Settings tab. In the Apps tab, you can make applications visible or invisible to the user. Touch the “eye” at the top to make all apps visible or invisible (toggle all), then select the eye on different apps to change their visibility in the launcher (toggle one). Long press an app to make it the kiosk app. NOTE: you will need the device password or PIN to escape kiosk mode. Do not forget it! :-)
The Device Conductor (aka Blue Conductor) software is available for commercial use, including a cloud version that provides additional functionality. The standalone device-only version is free for personal use only. Many MDM software solutions are complex and expensive. If you’re looking for a simple kiosk solution that will allow you to install and update software, pull device logs, and set basic features, Device Conductor is a great solution for your needs.
Please contact us for further details!