Reputation: 608
Device Owner App/Phone via NFC with full access to Play Store (instead of Play for Work)
I have a couple of devices provisioned with device owner privileges via NFC, there's no EMM involved and all policies are set by my DPC which is downloaded during provisioning. At this point I do not set a google account.
After adding a google account manually, all devices have access to Google Play Store Work Apps (Which currently consist of only the Google Apps app), but not to the regular Play Store.
Is there a way I can stop restricting the devices to the Work Apps Play Store and grant them full access instead? If possible I would like to not manage the account at all and instead only do things like disallow factory reset and changing WiFi, calls, SMS etc...
These are the policies I set with my DPC, perhaps I'm misunderstanding what some of them do?
public static void setDefaultPolicies(Context context, boolean active) {
ComponentName componentName = DeviceAdminReceiver.getComponentName(context);
DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(DEVICE_POLICY_SERVICE);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_FACTORY_RESET, active);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_ADD_USER, active);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_REMOVE_USER, active);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, active);
//setUserRestriction(dpm, componentName, UserManager.DISALLOW_ADJUST_VOLUME, active);
//no disabling of wifi and stuff.
setUserRestriction(dpm, componentName, UserManager.DISALLOW_CONFIG_WIFI, active);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_NETWORK_RESET, active);
//setUserRestriction(dpm, componentName, UserManager.DISALLOW_);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, active);
//no calls and sms.
setUserRestriction(dpm, componentName, UserManager.DISALLOW_SMS, active);
setUserRestriction(dpm, componentName, UserManager.DISALLOW_OUTGOING_CALLS, active);
// set System Update policy
if (active) {
dpm.setSystemUpdatePolicy(componentName,
SystemUpdatePolicy.createWindowedInstallPolicy(60, 120));
} else {
dpm.setSystemUpdatePolicy(componentName, null);
}
// set this Activity as a lock task package
// dpm.setLockTaskPackages(componentName,
// active ? new String[]{context.getPackageName()} : new String[]{});
IntentFilter intentFilter = new IntentFilter(Intent.ACTION_MAIN);
intentFilter.addCategory(Intent.CATEGORY_HOME);
intentFilter.addCategory(Intent.CATEGORY_DEFAULT);
if (active) {
// set app as home intent receiver so that it is started
// on reboot
dpm.addPersistentPreferredActivity(
componentName, intentFilter, new ComponentName(
context.getPackageName(), MainActivity.class.getName()));
} else {
dpm.clearPackagePersistentPreferredActivities(
componentName, context.getPackageName());
}
}
private static void setUserRestriction(DevicePolicyManager dpm, ComponentName componentName, String restriction, boolean disallow) {
if (disallow) {
dpm.addUserRestriction(componentName,
restriction);
} else {
dpm.clearUserRestriction(componentName,
restriction);
}
}
I know it's possible to grant users access to Play Store apps via the EMM Api, however I can't use an EMM.
Upvotes: 1
Views: 521
Answers (1)
Reputation: 2510
When I add a normal google account to my device (it was provisioned with a device owner too), I get the regular, full-access Play Store.
I don't think the issue is with your device owner app, but with the type of Google account you are adding. You mention "Google Apps app", does that mean you are adding a GSuite Google Account?
I did a quick test using a GSuite Google Account and I encountered the same result as you.
You have a couple options, maybe more. GSuite and EMMs in general are complex to set up.
1) If you log in to https://admin.google.com as a super-admin for your GSuite account, you can add Google Mobile Management as your EMM and from there can whitelist apps. There might be a lot of work required.
2) This is the fastest and easiest. Add another normal Google Account and log into the Play Store using this new account. You should get full access to the Play Store.
Upvotes: 1
Related Questions
- Provisioning an Android device using NFC
- How to make my app device owner without NFC and ADB shell command?
- Is it possible to have a "Profile Owner" app in Android Lollipop that is not co-present
- NFC Device Owner Provisioning and Knox
- Device Owner without using NFC in Android Lollipop
- Device Owner on Android 5.0 (and others) whitout rooted devices, device provisioning by NFC
- Activate a device owner using NFC on Android Lollipop
- Android NFC Provisioning and installing in house corporate apps
- Activating Device Owner using NFC on the same device
- Android Device Owner via NFC WiFi-type parameter