Corona App doesn't support Android Enterprise Devices

[John4711]

Corona App doesn't support Android Enterprise Devices

This concern about 1000 devices. Installation was ok but it doesnt start properly.

Is there any solutions about this problem. Otherwise I have to uninstall the app on over 1000 devices.

[daimpi]

@John4711 some questions:

• which devices do you have?
• which Android version do they run?
• which Google Play Services version do they run?
• which ENF version do they run? See FAQ help on determining ENF version.

[MikeMcC399]

Hi @John4711

I saw that you found https://github.com/corona-warn-app/cwa-app-android/issues/604 in the meantime. Perhaps @svengabr has some current feedback?

There is mention in https://www.coronawarn.app/en/faq/#cause_3 "[Google/Android]: While setting up the app, I’m getting the following error: 'CAUSE: 3. Something went wrong. Error when communication with Google API (17).' What does this mean?" You have multiple user accounts on your device and the user that you use Corona-Warn-App with doesn’t have administrator rights.

Exposure Notification Status Codes show error code 39501 means: The hardware capability of the device was not supported.

I've seen this error code when trying to sideload the CWA app on an Android emulator with Android version less than 11 (API < 30) because there is no Bluetooth hardware emulation and CWA needs Bluetooth (Low Energy). That may give some clue in your case.

As @daimpi asked, it would be good to have the answers to his questions.

[MikeMcC399]

I found also this hint on https://developer.android.com/work/managed-profiles.html#testing_tips

Test on work profiles: tips and tricks

There are a few tricks that you may find helpful in testing on a work-profile device.

As noted, when you side-load an app on a work-profile device, it is installed on both profiles. If you wish, you can delete the app from one profile and leave it on the other.

(I should add that I have no experience with Android Enterprise, so just use the link for background reading, if you find it helpful.)

[dsarkar]

@John4711 some questions:

• which devices do you have?
• which Android version do they run?
• which Google Play Services version do they run?
• which ENF version do they run? See FAQ help on determining ENF version.

Dear @John4711 ,

Thank you for your contribution. In order to look further into this issue, please provide the details as requested by @daimpi.

Best wishes, DS

Corona-Warn-App Open Source Team

[John4711]

Hello DS,

I would like to answer as best I can.

they are samsung devices (S7, S8, S9) with activated Knox services. it depands. but they all have lates firmware and latest security patches it depands. but they all have Google Play Services Versions - They will all updated silently. ENF Version should be 1.5, but on Android Enterprise Installation Devices (DO) - I assume is/was not installable.

Best wishes, C.

[John4711]

Regarding this comment: Test on work profiles: tips and tricks

My Company has decided to install them only via DO-Installation - not with work profile

Best wishes, c.

[John4711]

This is 1st message: Best wishes, C.

[daimpi]

@John4711

ENF Version should be 1.5, but on Android Enterprise Installation Devices (DO) - I assume is/was not installable.

Does this mean the devices don't have ENF on them? What do you see when you try to find out the ENF version on one of the devices?

[MikeMcC399]

@John4711

That message shows the exact problem! You are missing the Google Exposure Notification System. Also it shows that you are using Corona-Warn-App version 1.3.1 not the latest 1.5.0 version. (I can see that from the space before "(17)").

[John4711]

Here are all detailt messages:

Best wishes, C.

[John4711]

any ideas? I guess, it has something to do with mobile iron. I createt also a support ticket there.

[daimpi]

@John4711

Could you do what is described in the FAQ entry regarding ENF version?

1. In the Settings, go to 'Google > COVID-19 exposure notifications'
2. Scroll down the 'COVID-19 notifications' page. At the very bottom, the version is displayed […]

Could you provide a screenshot of that if possible?

[John4711]

yes, I could do that on Monday at work.

[daimpi]

@John4711 Ok, thanks. B/c we need to know whether ENF is at all running on those devices b/c without it there is no chance to get any ENF based app working in the first place… and as @MikeMcC399 stated above: it looks like you're actually missing ENF on those devices.

[MikeMcC399]

@John4711 / @daimpi I think that @John4711 will find when he tries to look for Settings > Google > COVID-19 exposure notifications that "COVID-19 exposure notifications" will be completely missing, so it cannot be called.

The next step, if that entry is missing, would be to look in Settings > Apps for a system app "Google Play services" which is what delivers the Google Exposure Notification System.

I think this is all about making sure that the CWA app gets the right environment to be able to run. You may need help from somewhere which is more familiar with Android Enterprise and Google Play Store / Google Play services.

[MikeMcC399]

@John4711 The error screens you are seeing are identical to what I see on an Android 10 emulator which has no Bluetooth. My hunch is that there is a security policy enabled which prevents Bluetooth usage or access on your devices. CWA will not work without Bluetooth.

[dsarkar]

Hi @John4711,

thank you for response, and indeed, as @daimpi and @MikeMcC399 suggest, can you please confirm that ENF and Bluetooth are both activated on your devices?

Best regards, DS

Corona-Warn-App Open Source Team

[MikeMcC399]

@John4711 Did you manage to solve your deployment issue?

[John4711]

Hi @dsarkar,

I can confirm, that ENF isn't installed on it, but BT is still activated and working. I can confirm, that CWA is working on Android Enterprise Device Only Deployments, not on AE with Workprofiles. I guess, this is a Google Issue not an issue of MDM Vendor or CWA Dev Team. I cannot open a ticket at google, but may be the CWA Dev Team.

I can not recommaned to my hunderds of user to work with a workaround in their private profile...

Regards, J.

[MikeMcC399]

This is an old issue, however I noticed that the Google - Exposure Notifications implementation guide now carries the following:

"Note: Only applications running on the phone's primary profile can access the Exposure Notification APIs. Calling these APIs from an application running in a secondary profile or in a work profile will result in the ExposureNotificationStatus USER_PROFILE_NOT_SUPPORT."

[MikeMcC399]

@John4711 / @dsarkar

I suggest to close this issue if there is no further feedback. It seems to be a Google restriction which CWA cannot resolve.