Android Enterprise Documentation: Create a QR code
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
- Either of the two checksums below
android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
- A String extra holding the URL-safe base64 encoded checksum of any signature of the android package archive at the download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
- Note: for devices running
Build.VERSION_CODES.LOLLIPOP
andBuild.VERSION_CODES.LOLLIPOP_MR1
, only SHA-1 hash is supported. Starting fromBuild.VERSION_CODES.M
, this parameter accepts SHA-256 in addition to SHA-1. FromBuild.VERSION_CODES.Q
, only SHA-256 hash is supported. - If the APK is signed with the APK signature scheme v2 or JAR-signed v1 scheme (untested with v3 or higher), you can use apksigner with any of the following to get the SHA-256 signature checksum (assumes variable named
apk
contains the filepath to the APK):sh
apksigner verify --print-certs "$apk" | sed '/Signer #1 certificate SHA-256/{s/.*SHA-256 digest:\s*//;q};d' | xxd -r -p | openssl base64 | tr -- '+/' '-_' | tr -d '\n'
PowerShell
Coreapksigner verify --print-certs "$apk" | Select-String 'Signer #1 certificate SHA-256 digest:\s*(.*)' | % {[Convert]::ToBase64String([Convert]::FromHexString($_.Matches.Groups[1].Value)) -replace '\+','-' -replace '/','_'}
Windows
PowerShell
apksigner verify --print-certs "$apk" | Select-String 'Signer #1 certificate SHA-256 digest:\s*(.*)' | % {[Convert]::ToBase64String(($_.Matches.Groups[1].Value -split '(..)' -ne '' | % {[Convert]::ToInt32($_,16)})) -replace '\+','-' -replace '/','_'}
- If the APK is signed with the JAR-signed v1 scheme, you can alternatively use
keytool
(from Java's JRE/JDK) with either of the following to get the SHA-256 signature checksum (assumes variable namedapk
contains the filepath to the APK):sh
keytool -printcert -jarfile "$apk" | sed '/\s*SHA256/{s/.*SHA256:\s*//;q};d' | xxd -r -p | openssl base64 | tr -- '+/' '-_' | tr -d '\n'
PowerShell
Core or WindowsPowerShell
keytool -printcert -jarfile "$apk" | Select-String '\s*SHA256:\s*(.*)' | % {[Convert]::ToBase64String(($_.Matches.Groups[1].Value -split ':' | % {[Convert]::ToInt32($_,16)})) -replace '\+','-' -replace '/','_'}
- A String extra holding the URL-safe base64 encoded checksum of any signature of the android package archive at the download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
- A String extra holding the URL-safe base64 encoded checksum of the file at download location specified in
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
- Note: for devices running
Build.VERSION_CODES.LOLLIPOP
andBuild.VERSION_CODES.LOLLIPOP_MR1
, only SHA-1 hash is supported. Starting fromBuild.VERSION_CODES.M
, this parameter accepts SHA-256 in addition to SHA-1. FromBuild.VERSION_CODES.Q
, only SHA-256 hash is supported.
- A String extra holding the URL-safe base64 encoded checksum of the file at download location specified in
android.app.extra.PROVISIONING_LOCALE
android.app.extra.PROVISIONING_TIME_ZONE
– Wiki list of tz database time zonesandroid.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
android.app.extra.PROVISIONING_LOCAL_TIME
android.app.extra.PROVISIONING_WIFI_HIDDEN
android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE
android.app.extra.PROVISIONING_WIFI_PROXY_HOST
android.app.extra.PROVISIONING_WIFI_PROXY_PORT
android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS
android.app.extra.PROVISIONING_WIFI_PAC_URL
android.app.extra.PROVISIONING_SKIP_ENCRYPTION
Android Zero-Touch Enrollment EMM Provisioning Guide
Use the following intent extras to set up your DPC
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE
android.app.extra.PROVISIONING_LOCALE
android.app.extra.PROVISIONING_TIME_ZONE
– Wiki list of tz database time zonesandroid.app.extra.PROVISIONING_LOCAL_TIME
android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
android.app.extra.PROVISIONING_MAIN_COLOR
- ARGB color integer
(A & 0xff) << 24 | (R & 0xff) << 16 | (G & 0xff) << 8 | (B & 0xff)
- Uses a signed integer. Thus, it takes the two's
complement.
- E.g. 0xff000000: 0x7F000000 - 2^31 (
2130706432 - 2147483647 = -16777216
)
- E.g. 0xff000000: 0x7F000000 - 2^31 (
- White (0xffffffff): =
-1
- Black (0xff000000): =
-16777216
- LightGray (0xffcccccc): =
-3355444
- Red (0xffff0000): =
-65536
- ARGB color integer
android.app.extra.PROVISIONING_DISCLAIMERS
Don't include the following extras that you might use in other enrollment methods
android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION
android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM
android.app.extra.PROVISIONING_IMEI
android.app.extra.PROVISIONING_MODE
- 1 = Fully managed device
- 2 = Managed profile
android.app.extra.PROVISIONING_SKIP_USER_CONSENT
android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS
Thank you very helpful just the hash calculation seems to be wrong. It should be: