Skip to main content
M
mdas86
Level 1.6: Donut
January 29, 2024
Question

Android device enrolment issue - MDM app is not being installed during the sign-in process

  • January 29, 2024
  • 3 replies
  • 6 views

Hello,

We are experiencing a new issue with our Android device enrolments where the MDM app is not being installed during the sign-in process. App is configured in Android Management between our CyberArk tenant and Google domain, and user accounts are configured to do set-up for device owner enrolment.

 

Previous device enrolments are still working as expected, and we first noticed this issue on 13-11-2023. No changes have been made to either the CyberArk configuration/device policy or to Google Admin. 

 

This issue is affecting all new Android device enrolments, even across Android versions (Android 10-14 affected). 

 

Would you please able to assist to fix this issue? 

 

Error Log:

11-24 14:35:49.411 3842 4105 I Auth : (REDACTED) [BroadcastManager] [BroadcastManager] Broadcasting bad device management=%s
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Error when fetching package info [CONTEXT service_id=343 ]
11-24 14:35:49.414 3842 4105 I Auth : sdq: Invalid package signature for app=com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):190)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):39)
11-24 14:35:49.414 3842 4105 I Auth : at sbq.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):221)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.p(:com.google.android.gms@234414022@23.44.14 (100400-580326705):34)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.q(:com.google.android.gms@234414022@23.44.14 (100400-580326705):8)
11-24 14:35:49.414 3842 4105 I Auth : at sbp.m(:com.google.android.gms@234414022@23.44.14 (100400-580326705):11)
11-24 14:35:49.414 3842 4105 I Auth : at sss.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):610)
11-24 14:35:49.414 3842 4105 I Auth : at ssy.b(:com.google.android.gms@234414022@23.44.14 (100400-580326705):94)
11-24 14:35:49.414 3842 4105 I Auth : at ssv.a(:com.google.android.gms@234414022@23.44.14 (100400-580326705):642)
11-24 14:35:49.414 3842 4105 I Auth : at slx.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):3)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.n(:com.google.android.gms@234414022@23.44.14 (100400-580326705):284)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):1087)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.h(:com.google.android.gms@234414022@23.44.14 (100400-580326705):2)
11-24 14:35:49.414 3842 4105 I Auth : at ncu.fe(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at mzt.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):117)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at bdrr.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):10)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.transact(Binder.java:949)
11-24 14:35:49.414 3842 4105 I Auth : at awwb.onTransact(:com.google.android.gms@234414022@23.44.14 (100400-580326705):147)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransactInternal(Binder.java:1056)
11-24 14:35:49.414 3842 4105 I Auth : at android.os.Binder.execTransact(Binder.java:1029)
11-24 14:35:49.414 3842 4105 I Auth : Caused by: android.content.pm.PackageManager$NameNotFoundException: com.google.android.apps.work.clouddpc
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:275)
11-24 14:35:49.414 3842 4105 I Auth : at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:244)
11-24 14:35:49.414 3842 4105 I Auth : at akut.e(:com.google.android.gms@234414022@23.44.14 (100400-580326705):7)
11-24 14:35:49.414 3842 4105 I Auth : at sdr.c(:com.google.android.gms@234414022@23.44.14 (100400-580326705):16)
11-24 14:35:49.414 3842 4105 I Auth : ... 20 more
11-24 14:35:49.414 3842 4105 I Auth : [AccountStatusChecker] Canceling DM notification because of DM suppression [CONTEXT service_id=343 ]
11-24 14:35:49.416 3842 4105 W Auth : [GetToken] GetToken failed with status code: ThirdPartyDeviceManagementRequired

    3 replies

    ReeceK
    ReeceK
    Level 3.0: Honeycomb
    January 31, 2024

    Hi @mdas86,

     

    Quick update for you—I'm collaborating with other teams to find the answer to your question. I anticipate having more information in the next few days. Additionally, I've sent you a DM in case you have any further questions in the meantime.

     

    Thanks, Reece

      J
      jeremy
      Level 1.6: Donut
      February 1, 2024

      @mdas86 the invalid package signature is a weird error. How do you enroll your devices? If by QR Code have you modified the QR Code somehow?

       

      M
      mdas86Author
      Level 1.6: Donut
      February 1, 2024

      Hi @jeremy ,

      We are using the following device set-up method as per the documentation "Setup devices using managed Google accounts"

       

      Company-owned device

      If you have a new or factory-reset device, add your managed Google account during device setup:

      1. Turn on your device.
      2. Follow the on-screen steps until you're prompted to enter a Google Account.
      3. Enter your managed Google account and password.
      4. Follow the on-screen steps until setup is complete.

      https://support.google.com/work/android/answer/9412115?sjid=2368083653953635435-AP#zippy=%2Cset-up-a-new-device%2Cset-up-an-existing-device

       

      https://support.google.com/work/android/answer/9566881?hl=en#zippy=setup-devices-using-a-google-workspace-or-cloud-identity-account

       

      Suddenly we saw the issue for new enrollment devices, existing enrolled devices are working fine. No changes to existing  policies/configuration.

       

      Looking forward your help, thanks!

       

      ReeceK
      ReeceK
      Level 3.0: Honeycomb
      February 8, 2024

      Hi @mdas86 

       

      How are you? 

       

      I have done some research into your question - 

       

      Are you receiving specific prompts when the MDM app fails to install? Is the issue with MDM app installation occurring on all devices?

       

      One possibility is that Cyberark has undergone a password rotation, possibly due to an auto annual rotation. It might be helpful to verify the password values assigned to the Android Management account within Cyberark to ensure they match the intended password.

       

      Additionally, it's worth checking within the Google Admin directory or identity services to confirm if the account used to set up the owner enrollment is active and free from any flags or token issues.

       

      To troubleshoot, you could create a local account in your MDM and utilize those credentials to temporarily enroll a device. This test would help determine if the issue persists with a different set of credentials.


      I hope the above helps, if you have solved the issue please let us know 😊

      Reece.

      M
      mdas86Author
      Level 1.6: Donut
      February 13, 2024

      Hi @ReeceK ,

      Thanks for the update!

       

      Are you receiving specific prompts when the MDM app fails to install? - No,

      Its completing the device set-up without downloading the MDM app and after this when I tried to open Play Store app, its not connecting (account sync is not happening). Actually it should connect to  see all managed apps (https://play.google.com/work/apps)

       

      if I connect(using my test account) to https://play.google.com/work/apps in chrome browser, I could able to connect and see all managed apps without any issue.

       

      Is the issue with MDM app installation occurring on all devices? - Yes

       

      create a local account in your MDM  - I have created test account in Google Admin with third-party integration with Android EMM, unfortunately same issue is happening

       

      FYI - These steps have been used to download MDM app

      Company-owned device

      If you have a new or factory-reset device, add your managed Google account during device setup:

      1. Turn on your device.
      2. Follow the on-screen steps until you're prompted to enter a Google Account.
      3. Enter your managed Google account and password.
      4. Follow the on-screen steps until setup is complete.
      ReeceK
      ReeceK
      Level 3.0: Honeycomb
      February 13, 2024

      Hi @mdas86  

      Thanks for getting back to me.

       

      I am going to go back to my colleagues and get more answers for you, the problem sounds like it might lie with the MDM app installation process or perhaps with the permissions/authentication during the installation.

       

      Whilst I await a response on my end,  have you reached out to your internal support channels of the MDM provider to investigate this matter further?. 

       

      Additionally, have you double-checked the permissions and configurations within your Google Admin console and Android EMM settings related to app installations and device management could also be beneficial in troubleshooting this issue?.

      Just want to make sure that this has been looked into internally on your end, as well as here in the community.

       

      Thanks again @mdas86 

        Terms & ConditionsCookie settingsAccessibility statement