Activate a device owner using NFC on Android Lollipop

Question

I am trying to set the device owner package on a device using NFC. The is mentioned in the Lollipop overview here:

To deploy and activate a device owner, you must perform an NFC data transfer from a programming app to the device while the device is in its unprovisioned state. This data transfer sends the same information as in the provisioning intent described in Managed provisioning.

The reason is once this is set you can use the screen pinning feature to lock the device in a kiosk mode. I have been able to test the this kiosk mode by manually setting the device owner by placing a device_owner.xml file to data/system/ on a rooted device.

I have never used NFC before so I may be way off but I came up with the following NdefMessage based on the info here:

Properties properties = new Properties();
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, "com.my.package");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SSID, "MyWiFiSSID");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_PASSWORD, "WifiPassword");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, "C9AD9E082457819B54CF76255A400375E4127112");
properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, "https://dl.dropboxusercontent.com/u/xxx/app-release.apk");


ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutput out = new ObjectOutputStream(bos);
out.writeObject(properties);
byte[] yourBytes = bos.toByteArray();
NdefRecord ndefRecord = NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, yourBytes);
NdefMessage msg = new NdefMessage(ndefRecord);

Sending this to a device that I have just restored with the Lollipop preview causes it to show:

Oops! Couldn't set up your device. Contact your IT department.

Its seems to be recognising the fact that it is receiving a provision request, but I do not think it is reading the properties I set, it does not try to connect the the wifi.

Answer 1

It appears you need to use the Properties.store to correctly create the bytes for the NdefRecord.

Properties properties = new Properties();
properties.setProperty(...);

ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStream out = new ObjectOutputStream(bos);
properties.store(out, "");
byte[] bytes = bos.toByteArray();

NdefMessage msg = new NdefMessage(NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, bytes));

Currently, I'm having an issue with it downloading my APK and the checksum failing. Not at all sure why.

Answer 2

I've been trying to get this to work over NFC too. I installed a simple app on my Nexus 4 (KitKat) with an activity:

@Override
protected void onResume() {
    super.onResume();
    try {
        Properties properties = new Properties();
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, "com.deviceowner.app");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, "https://docs.google.com/uc?export=download&id=........");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM, "6ee735dfb8090ab1862fecce430864e21a0e37");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SSID, "wlan");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_PASSWORD, "XXXXXX");
        properties.setProperty(DevicePolicyManager.EXTRA_PROVISIONING_WIFI_SECURITY_TYPE, "WPA2");

        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ObjectOutput out = new ObjectOutputStream(bos);
        out.writeObject(properties);
        byte[] yourBytes = bos.toByteArray();
        NdefRecord ndefRecord = NdefRecord.createMime(DevicePolicyManager.MIME_TYPE_PROVISIONING_NFC, yourBytes);
        NdefMessage msg = new NdefMessage(ndefRecord);
        nfcAdapter.setNdefPushMessage(msg, this);
    } catch (IOException e) {
        e.printStackTrace();
    }
}

I flashed my Nexus 7 flashed with the Lollipop preview image (razor-lpx13d-preview-ae4f461f.tgz) and gave it an NFC bump with the Nexus 4 when the Nexus 7 was un-provisioned (no setup - fresh after flashing) and got the same error message:

Oops! Couldn't set up your device. Contact your IT department.

Then I tried the same thing but this time after running through the initial device setup on the Nexus 7 (to the point where I could see the home screen). This time I got the message

Oops! This device is already set up

But this time, I was able to see some logging as I was able to setup USB debugging on the Nexus 7:

10-22 10:31:29.947    2610-2610/? D/NfcService﹕ LLCP Activation message
10-22 10:31:29.947    2610-2610/? I/NfcP2pLinkManager﹕ LLCP activated
10-22 10:31:29.947    2610-2610/? D/NfcP2pLinkManager﹕ onP2pInRange()
10-22 10:31:29.954    2610-2610/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:29.962      184-547/? D/audio_hw_primary﹕ select_devices: out_snd_device(2: speaker) in_snd_device(0: none)
10-22 10:31:29.962      184-547/? D/ACDB-LOADER﹕ ACDB -> send_afe_cal
10-22 10:31:29.962      184-547/? D/audio_hw_primary﹕ enable_snd_device: snd_device(2: speaker)
10-22 10:31:29.974      184-547/? D/audio_hw_primary﹕ enable_audio_route: apply and update mixer path: low-latency-playback
10-22 10:31:29.981    2610-2610/? D/NfcP2pLinkManager﹕ Last registered callback is not running in the foreground.
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ Disabling default Beam behavior
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ mMessageToSend = null
10-22 10:31:29.987    2610-2610/? D/NfcP2pLinkManager﹕ mUrisToSend = null
10-22 10:31:29.996    2610-2610/? D/NfcP2pLinkManager﹕ Took 48 to get first LLCP PDU
10-22 10:31:30.599    3224-3224/? I/wpa_supplicant﹕ wlan0: CTRL-EVENT-SCAN-STARTED
10-22 10:31:31.741    2610-2610/? D/NfcP2pLinkManager﹕ onP2pReceiveComplete()
10-22 10:31:31.751    2610-2610/? D/NfcService﹕ mock NDEF tag, starting corresponding activity
10-22 10:31:31.751    2610-2610/? D/NfcService﹕ TAG: Tech [android.nfc.tech.Ndef]
10-22 10:31:31.757    2610-3275/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:31.770     549-2765/? I/ActivityManager﹕ START u0 {flg=0x10008000 cmp=com.android.nfc/.NfcRootActivity (has extras)} from uid 1027 on display 0
10-22 10:31:31.795    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONDESTROY
10-22 10:31:31.827    2610-3275/? W/AudioTrack﹕ AUDIO_OUTPUT_FLAG_FAST denied by client
10-22 10:31:31.848     549-2335/? I/ActivityManager﹕ START u0 {act=android.nfc.action.NDEF_DISCOVERED typ=application/com.android.managedprovisioning cmp=com.android.managedprovisioning/.DeviceOwnerProvisioningActivity (has extras)} from uid 1027 on display 0
10-22 10:31:31.886    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONCREATE
10-22 10:31:31.887    7237-7237/? E/ManagedProvisioning﹕ Device already provisioned.
10-22 10:31:31.903    7237-7237/? D/ManagedProvisioning﹕ Device owner provisioning activity ONRESUME
10-22 10:31:32.011      549-621/? I/ActivityManager﹕ Displayed com.android.managedprovisioning/.DeviceOwnerProvisioningActivity: +149ms (total +200ms)
10-22 10:31:32.955    2610-2610/? D/NfcService﹕ LLCP Link Deactivated message. Restart polling loop.
10-22 10:31:32.955    2610-2610/? I/NfcP2pLinkManager﹕ LLCP deactivated.
10-22 10:31:32.955    2610-2610/? D/NfcP2pLinkManager﹕ Debounce timeout
10-22 10:31:32.955    2610-2610/? D/NfcP2pLinkManager﹕ onP2pOutOfRange()

So it does seem that the Device Owner NFC bump can only happen on an unprovisioned device. I appreciate this doesn't answer your question, but the log output might help. Getting hold of the source code for DeviceOwnerProvisioningActivity would certainly help.