Forum Discussion
Issue: Play Protect Blocks DPC Installation During QR Provisioning on Android 14 / One UI 6.1
Hello,
We use QR code provisioning to install our custom Device Policy Controller (DPC) app from a custom download URL (not Google Play).
The exact same APK + QR configuration:
Works on:
Samsung Galaxy S20 — Android 13 / One UI 5.0
Blocked on:
Samsung Galaxy S21 — Android 14 / One UI 6.1
Play Protect stops installation with the message:
"App blocked to protect your device. This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud."
Provisioning QR:
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "<DeviceAdmin component>",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM": "<Package checksum>",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "<S3 bucket url>",
"android.app.extra.PROVISIONING_LOCALE": "en_US",
"android.app.extra.PROVISIONING_TIME_ZONE": "Europe/Helsinki",
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": false,
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME": "<Package name>",
"android.app.extra.PROVISIONING_WIFI_HIDDEN": true,
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "<WiFi SSID>",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "<WiFi Password>"
}
Questions:
Question 1: What changed in Android 14 or One UI 6.1 related to:
- Sideloading DPCs during provisioning
- Play Protect enforcement during QR setup
Question 2: What is the new required approach to ensure the DPC installation is allowed? (e.g., signature checksum requirement, Play signing, allow list, new provisioning extras)
Question 3: Is there updated documentation that describes the new DPC provisioning security rules?
We need to understand the change and how to properly support Android 14+ devices in enterprise deployments.
Thank you!
Hello gekatz-mce and DsvEv
Just a quick message to let you know I've raised this with our internal tech team to see if they can help at all - please bear with us as their reply might take a few days to come.
I also wanted to share some additional resources:
- This article on Approved Android Enterprise device policy controllers allowlist might be helpful - is this reflecting what you're experiencing at all?
- This thread from December contains quite a few reading points and things you could try.
- You can also submit an appeal to have your DPC allowlisted.
If anything has changed in the meantime or if the resources I have shared are not quite tailored to what you're seeing, please let me know 🙂
5 Replies
Hello did you find a solution ? Im stuck on the same issue
Please submit an appeal with a detailed explanation of why your application should be included in the allowlist. It worked for me in the end
Hello gekatz-mce and DsvEv
Just a quick message to let you know I've raised this with our internal tech team to see if they can help at all - please bear with us as their reply might take a few days to come.
I also wanted to share some additional resources:
- This article on Approved Android Enterprise device policy controllers allowlist might be helpful - is this reflecting what you're experiencing at all?
- This thread from December contains quite a few reading points and things you could try.
- You can also submit an appeal to have your DPC allowlisted.
If anything has changed in the meantime or if the resources I have shared are not quite tailored to what you're seeing, please let me know 🙂
Emilie_B Hello. It appears that our DPC application has been allowed. Although I did not receive an official notification, QR activation has started working on devices where it previously failed.
Thank you for sharing the good news gekatz-mce 🤩
