Recent discussions
Default browser app not resettable
Hey! We are currently testing a few apps in Work Profile, for which we need 2FA. The second factor is a FIDO2 token that can be used via NFC or USB. If you have a FIDO2 token with USB-C, everything is fine. But we also have some with USB-A. If you don't have an adapter, you're more likely to resort to NFC. Chrome supports FIDO2/NFC directly, which makes logging in quite easy. However, most web views cannot do this, and a passcode must be entered manually. The pure FIDO2 NFC tag basically contains a URL with the passcode. You open the webpage via NFC, copy the passcode, and enter it when logging in. So far, so good. However, we encountered a problem that prevents us from using the FIDO2 token via NFC in the Work Profile properly. There are default apps for different categories such as browser, wallet, caller ID, etc. If you need to launch one of the app categories and there are several apps available, you will be asked which app you want to use and just for once or always. The app preferences can be reset via the settings so that the query will reappear the next time. This works without any problems with “Home app,” for example. But the Default Browser? No. The Browser app default remains after the reset. Even if a browser was set as the default and was deleted, it will just switch to another app and won't ask. The problem with a permanently set default browser is that links from NFC tags are immediately opened in the personal space. If there is a copy & paste lock on the work profile, you cannot use the code. (Unless you type >40 characters) If you are asked for an app to open the URL, you can also select the browser in Work Profile. Can anyone reproduce this behavior? Or does anyone know if something has changed for the Browser-Default in Android 15/16? On a device running Android 13, resetting the app defaults works reliably. It doesn't seem right that the browser default cannot be reset properly with Android 15/16.You're Invited! Join us for the upcoming Android Enterprise CAFÉ Takeover!
Hello Community Members, The Android Enterprise team is excited to invite you to our upcoming in-person CAFÉ Takeover events in New York City and Paris! What is the Android Enterprise CAFÉ? The Android Customer Advisory Forum for Enterprise (CAFÉ) is an exclusive, invite-only group of customers who actively engage with the Android Enterprise Product team. As a member, you get a front-row seat to the future of Android Enterprise. Look out for more details about the Android CAFÉ in a future post. Join Us for the CAFÉ Takeover! We’re opening the CAFÉ experience to non-CAFE members with two in-person events. This is a fantastic opportunity to meet the Android Enterprise team, network with your peers, and share your feedback directly with us. These events are exclusively in-person. CAFÉ Takeover: NYC Date & Time: October 14th 10:00am (9:30 Check-in) Location: Google NYC RSVP here CAFÉ Takeover: Paris Date & Time: October 21st 10:00am (9:30 Check-in) Location: Google Paris RSVP here Please note: These are customer-only events and registration confirmation is required to attend. Space is limited, so please RSVP at your earliest convenience to secure your spot. We look forward to seeing you there! Best, The Android Enterprise Team
Gmail does not show certificate selection dialog when "exchange_login_certificate_alias" is not specified in managed configuration
Hi, I am trying to configure Gmail to work with Exchange ActiveSync within a work profile via managed configuration according to the documentation - https://support.google.com/work/android/answer/7065453 The following parameters are specified: "exchange_host", "email_address", "exchange_username", "exchange_authentication_type" (allow_modern_authentication) The "exchange_login_certificate_alias" parameter is not set. I expect that the user will have to select a certificate via the system dialog. But as a result of such a configuration, the certificate selection dialog is not displayed to the user. The mail setup process is interrupted and the error message "Try again later, or contact your IT admin" is displayed However, if I specify any random value in the "exchange_login_certificate_alias" parameter, the certificate selection dialog is displayed. I would like to know whether this is expected behavior or a known issue? Versions Info Gmail client - 2025.08.25.800175820.Release Android 13-16
URGENT: Unable to complete action required for account verification
2 of our accounts got emails this morning that we have to verify our org address because it no longer matches. However, going through verification we get an error at the end to contact support.... going through the support system and answering their questions led to the below need help ASAP as it states we will lose all our apps on July 10th!!!
getting ready for work setup get the issue of something went wrong your app cannot become device owner by the qr code provisison by json in android
i am facing the issue in android 14 or 15 when ever i build the unsigned build it work fine for the android 13 after that it give the error like something went wrong please contact to the it admin and i am build the singed build it give error for the checksum error cannot setup but same thing if i make my app as a device owner by adb command it work fine for me let me know how to fix this issue? i try to replace the checksum and i match both checksum both are same it getting error for me why? below is my mention qr code json, {"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.abc.abc/com.abc.abc.utils.receiver.MyDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "F-EJlegNKdVupdJupPmWz34s2INjWVUDS5ErL-DuETc=", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://downloadapk", "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true}
QR code provisioning - Run OEM Wizard
Hi, I've got a device owner app I've written, it's working well when I install it via a QR code, but I want the stock Pixel / Moto setup wizard to run during / after the device owner setup wizard. I've done quite a lot of research, this doesn't appear to be easy! Any pointers / leads in the right direction to how I might achieve this would be greatly appreciated. Methods, source code to read, etc. Thanks, Richard
Getting DEVICE_POLICY_MANAGEMENT role
I'm stuck with getting DEVICE_POLICY_MANAGEMENT role for my application. DevicePolicyManager reports that my application is active admin (isAdminActive() returns 'true') and device owner (isDeviceOwnerApp() returns 'true'). But role is not assigned ('dumpsys role' reports no holders for android.app.role.DEVICE_POLICY_MANAGEMENT). Pre-requisites for getting this role seem to be fulfilled (like required-components from roles.xml) Found this article from @jasonbayton saying "Only an OEM can grant this permission to an application". Does this mean there's no way for downloaded application to get DEVICE_POLICY_MANAGEMENT role and device's configuration files to be modified for granting this role (config_devicePolicyManagement)? Thank you!
Zero Touch Customer API Feature Request
{written in Gemini ;) who literally wrote this out perfectly} I'm requesting an enhancement to the Android Device Provisioning API (Zero Touch) to include filtering capabilities, specifically the ability to filter devices by serial number (and other relevant fields) in the initial API call. Current Situation: Currently, the API lacks direct filtering. As demonstrated in the code below, to find a device by its serial number, we must: Make a call to list all devices for a customer. Iterate through the entire list of devices in the response to find the specific device. Iterate through any following pages if not found on the first page. This is inefficient, especially for customers with a large number of provisioned devices. const listDevicesUrl = `https://androidprovisioning.googleapis.com/v1/customers/${customerId}/devices`; // ... const listResponse = await fetch(listDevicesUrl, { ... }); const listData = await listResponse.json(); let foundDevice = null; if (listData && listData.devices) { foundDevice = listData.devices.find(device => device.deviceMetadata && device.deviceMetadata.serialNumber === serialNumber); } Desired Feature: I propose adding a filter parameter to the device listing API, allowing us to directly query for devices based on specific criteria, such as serial number, manufacturer, model, and IMEI. For example, the API call could look like this: https://androidprovisioning.googleapis.com/v1/customers/{customerId}/devices?filter=serialNumber={serialNumber} This would significantly improve the efficiency of device management and reduce the amount of data that needs to be transferred and processed. Benefits: Improved Efficiency: Reduces the number of API calls and the amount of data transferred. Faster Processing: Speeds up device identification and management operations. Reduced Load: Decreases the load on Google's API servers and client applications. Simplified Development: Makes it easier for developers to integrate with the API. I believe that adding filtering capabilities to the Android Device Provisioning API would be a valuable improvement and would greatly benefit the Android Enterprise community. Thank you for considering our request.
AE managed apps are not auto installed on devices after device enrollment
Hello, We manage Android mobile devices with an Ivanti MobileIron MDM. For the past few days, we have been experiencing issues with forced installations—they are no longer being pushed to our devices (silent install). Ivanti has indicated that Google support tickets have been opened. Bug referenced at Ivanti: It shows gms complaining about bad authentication in bugreport: [RequestTokenManager] getToken() -> BAD_AUTHENTICATION. App: com.google.android.gms, Service: oauth2:https://www.googleapis.com/auth/experimentsandconfigs Current understand of possible cause is that when issue occurs, google play account failed to got authenticated and re-auth could not recover it properly in time. Resolution We have several tickets open with google for now, and working with google on this issue. Google ticket number: 399818918 398768257 395681748 393388830 Google is rolling out a backend fix. Do you perhaps have more information about the issue and/or its resolution ? Are other people affected ? Thank you in advance for your help :) Adam
