This documentation is for WSO2 Enterprise Mobility Manager 2.2.0. View documentation for the latest release.
Device Ownership on WSO2 EMM - Enterprise Mobility Manager 2.2.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

The device ownership application is a pre-configured application with special privileges to perform tasks, such as monitoring settings, managing settings, and other privileged tasks. In a COPE device use case, the organization will have complete ownership of the device by using this concept. See the subsections given below to fully understand the device ownership concept.

Device ownership application functionality

Let's take a look at how an application having the device ownership settings enabled, function.

  • Once the device ownership is assigned to an application, it gets access to a set of Android APIs, such as adding a user restriction policy on Android devices. These APIs are only accessible by the device ownership application.
  • At a given time a device can only have one application with the device ownership settings. It prevents another application that has the same device ownership settings from overriding the policies that have already been enforced on the device. 
  • If you wish to remove the device ownership application, you need to factory reset the device. For example, in a situation where the device needs to be given to a different user, you need to factory reset the device to remove the application.

Configuring the WSO2 EMM service application

Before you begin

Make sure to have the system service application installed on your device. For more information, see Integrating WSO2 EMM and the system service application.

Let's take a look at how WSO2 EMM configures the device ownership settings on the service application.

  1. Assign the device ownership settings to the service application using one of the following methods.

    The device ownership settings only work for SDK API levels 21 and above.

    • A command issued through the Android Debug Bridge (adb).

       Click here for more information.

      Follow the steps given below to assign the device ownership settings on the WSO2 EMM service application via the adb.

      1. Download and install Android Studio.

        For more information, see installing Android Studio.

      2. Build the WSO2 EMM Agent application:

        To build the WSO2 EMM Agent application, Android Studio should have API levels 16 and 23.

        1. Open Android Studio.
        2. Click SDK Manager.
        3. Click the SDK Platform tab and select the API levels 16 and 23.
          Example:
        4. Click Apply.
      1. Run the command given below:

        adb shell dpm set-device-owner org.wso2.emm.system.service/.ServiceDeviceAdminReceiver

        dpm is not supported by SDK API levels below 21.

         Click here for more information on what happens when you run the adb command

        The Android system creates an XML file in the device's <DEVICE>/data/system directory once you run the command to assign the device ownership settings in the service application as shown in step1.
        The name of the XML will be device_owner and it contains the package name of the service application having the device ownership.

        Example:

        device_owner.xml
        <device-owner package="org.wso2.emm.system.service" name="Your app name" />

        A non-system application can not modify the XML file that is in the device's <DEVICE>/data/system directory unless it's rooted. Therefore Android guarantees that only the configured application gets the privileged device ownership status.

    • Integrating Android for work. 

    The device ownership settings can also be assigned through a special Near Field Communication (NFC) message. Since this is a new feature, not all Android devices will have it. Therefore, this feature will not be supported by EMM 220.

  2. Reboot or restart your Android device.

    When your Android device restarts or boots up, it will check for the configured device-owner.xml file. If the file exits, the application mentioned in the XML file is assigned the device ownership settings. 

    Important

    Before restarting your device, make sure that the system service application is installed on the device. Not having the system application on your device can lead to device restarting/rebooting issues, after you have configured it for device ownership.

Integrating the service application with WSO2 EMM

To successfully integrate the service application with WSO2 EMM you need to have the WSO2 EMM Android agent installed as well. Take a look at the diagram given below to clearly understand the role of the EMM agent in this scenario.

  • No labels