In [0]:
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# https://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
This notebook shows you how to support the managed configurations and how to retrieve feedback from apps with the Android Management API. If an app supports managed configurations, sending keyed app states is recommended as a way to update IT admins on the status of the configurations they set.
To check if an app supports managed configurations:
You can use the Android Management API quickstart guide to become familiar with how to use this colab notebook. The quickstart will help you create a cloud project, enroll an enterprise, and provision a device.
In this colab you will need to have:
You will use the resources (Enterprises, Devices, Policies) that you have created from the quickstart.
To create and access resources, you need to authenticate with an account that has edit rights over your project. To start the authentication flow, run the cell below.
When you build a server-based solution, you should create a service account so you don't need to authorize the access every time.
In [0]:
import json
from apiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
import pprint
# To improve the readability of deeply nested data structures, we create a
# helper function to pretty print a result:
prettyprint = pprint.PrettyPrinter(indent=4).pprint
# This is a public OAuth config that you can use to run this guide.
# However, use different credentials when building your own solution.
CLIENT_CONFIG = {
'installed': {
'client_id':'882252295571-uvkkfelq073vq73bbq9cmr0rn8bt80ee.apps.googleusercontent.com',
'client_secret': 'S2QcoBe0jxNLUoqnpeksCLxI',
'auth_uri':'https://accounts.google.com/o/oauth2/auth',
'token_uri':'https://accounts.google.com/o/oauth2/token'
}
}
SCOPES = ['https://www.googleapis.com/auth/androidmanagement']
# Run the OAuth flow.
flow = InstalledAppFlow.from_client_config(CLIENT_CONFIG, SCOPES)
credentials = flow.run_console()
# Create the API client.
androidmanagement = build('androidmanagement', 'v1', credentials=credentials)
print('\nAuthentication succeeded.')
If you already have an enterprise, you can enter the enterprise name in the cell below and run the cell. If you do not have a enterprise, please go through the general Quickstart
In [0]:
# Paste your enterprise name here.
# It should be of the format 'enterprises/LC...'
enterprise_name = ''
You can check in Google Play if an application supports managed configuration.
In [0]:
# Paste the package name of an application here.
package_name = ''
Managed configurations allow the organization's IT admin to remotely specify settings for apps. To view sample apps with a managed configuration, see AppRestrictionSchema.
This section shows you how to support managed configurations iframe with the Android Management API. The managed configurations iframe is an embeddable UI that lets IT admins save, edit, and delete an app’s managed configuration settings.
In [0]:
IFRAME_URL = 'https://storage.googleapis.com/android-management-api-samples/managed_configuration_iframe.html'
# Creates a web token to access an embeddable managed Google Play web UI for a given enterprise.
web_token = androidmanagement.enterprises().webTokens().create(
parent=enterprise_name,
body={
'parentFrameUrl': IFRAME_URL
}
).execute()
full_iframe_url = IFRAME_URL + "?token=" + web_token["value"] + "&packageName=" + package_name
print('Open the managed configuration iframe:', full_iframe_url)
In [0]:
# Each time an IT admin saves a new configuration profile, the iframe returns a unique identifier called mcmId.
# Paste the mcmId of the managed configurations profile you just created here.
mdm_id = ""
Policies (also called a policy) are the core resource of the Android Management API. You use them to create and save groups of device and app management settings for your customers to apply to devices. Each configuration profile is saved as a unique mcmId. To apply a configuration profile to a policy, specify mcmId in managedConfigurationTemplate.
In [0]:
policy_name = enterprise_name + '/policies/managed-configurations'
policy = {
'applications': [
{
'installType': 'FORCE_INSTALLED',
'packageName': package_name,
'managedConfigurationTemplate': {
'templateId': mdm_id
}
}
],
'debuggingFeaturesAllowed': True
}
androidmanagement.enterprises().policies().patch(
name=policy_name,
body=policy
).execute()
In [0]:
# Pull the managed configurations of the application to edit in the next code snippet below
application = androidmanagement.enterprises().applications().get(
name= enterprise_name + '/applications/' + package_name
).execute()
prettyprint(application["managedProperties"])
Create your own UI and apply the settings via managedConfiguration in ApplicationPolicy.
In [0]:
policy_name = enterprise_name + '/policies/managed-configurations'
policy = {
'applications': [
{
'installType': 'FORCE_INSTALLED',
'packageName': package_name,
'managedConfiguration': {
# Enter your configuration using this key/value pair template.
'key1': 'value1',
'key2': 'value2'
}
}
],
'debuggingFeaturesAllowed': 'true'
}
# Write the new policy:
androidmanagement.enterprises().policies().patch(
name=policy_name,
body=policy
).execute()
This section shows you how to retrieve feedback from apps through the Android Management API. This communication channel allows IT admins to receive feedback about the status of the apps installed on the devices they manage.
Below is an example of how to create or update a policy for apps on a device with settings controlling the behavior of status reports. To enable reporting for a device, update the device policy and set StatusReportingSettings.applicationReportsEnabled to true. To enable device settings reporting set StatusReportingSettings.deviceSettingsEnabled to true.
In [0]:
# Update a policy without replacing the existing policy.
policy_name = enterprise_name + '/policies/managed-configurations'
policy = {
'statusReportingSettings' : {
'applicationReportsEnabled': True
}
}
androidmanagement.enterprises().policies().patch(
name=policy_name,
updateMask='statusReportingSettings.applicationReportsEnabled',
body=policy
).execute()
In [0]:
# List devices so you can get a device name to use to pull app feedback below.
androidmanagement.enterprises().devices().list(
parent=enterprise_name
).execute()
To review a devices's latest report at any time, call devices.get()
IT admins can use the data from keyed app states to retrieve information about device states.
In [0]:
# Enter the device name
device_name = ''
In [0]:
# Review a device’s latest report:
androidmanagement.enterprises().devices().get(
name=device_name
).execute()
As an alternative you can set up Pub/Sub notifications to receive alerts about newly enrolled devices, device reports, and recently issued commands. To set up Pub/Sub notifications, you need to enable the Pub/Sub API and create a topic. To receive messages published to a topic, create a subscription to that topic. After you create a subscription, you need to grant Android Device Policy permission to publish to your topic.
The set up link above will guide you on how to:
Go to your Cloud Console to get your project ID.
In [0]:
# Enter your Google Cloud Project ID below:
cloud_project_id = ''
In [0]:
# Go to the Pub/Sub topics page in the Cloud Console to get the topic name you created.
# Enter the topic you created below:
my_topic = ''
In [0]:
# Update the enterprise to support notifications:
androidmanagement.enterprises().patch(
name=enterprise_name,
body={
"name" : enterprise_name,
"enabledNotificationTypes" : "STATUS_REPORT",
"pubsubTopic": "projects/" + cloud_project_id + "/topics/" + my_topic
}
).execute()