SOTI Pulse Logo

Zebra TC72 and L10 - how to extract app signature and then give Display Over Other Apps permission to that app.

Solved
TK
Thomas Knudsen
Normal A/S

Android 11 and 13 on Zebra TC72 and L10

Lockdown in Mobicontrol, type "Activity suppression"

I have a communication app "SYNCH" (com.elbit.italk) that we lauch from the lockdown, but only if permission "Display over other apps" is give manually.

Am I allowed by Android to script this, perhaps using StageNow, as we have hundreds of devices. ?

I think so when I look at this link and video embedded

Enabling Display Over Other Apps Permission via MDM/EMM OEMConfig (zebra.com)

But my app is not installed from an APK file as shown in guide, but installed by a policy through Google Play store.

So how do extract the signature from an app, that is installed on one of my devices?

signature, extract display over other
a year ago
SOTI MobiControl
ANSWERS
SB
Simon Breuer
a year ago

The way ZEBRA is describing is the only way to silently grant this permission. The signature of the app is only extractable by the developer of the app.

TK
Thomas Knudsen
a year ago

Hey Simon, thanks for helping.

The video shows a tech using a Java program to extract the signature, so It looks possible.

Do you have a deep link to the "Zebra method", as I can only find something like the Zebra OEM config

SB
Simon Breuer
a year ago

I do not have a link at hand, but can show you how we granted a permission to a specific app. We used the following xml and distributed it via Package to the devices:

<wap-provisioningdoc>
  <characteristic version="10.4" type="AccessMgr">
    <parm name="PermissionAccessAction" value="1" />
    <parm name="PermissionAccessPermissionName" value="android.permission.SYSTEM_ALERT_WINDOW" />
    <parm name="PermissionAccessPackageName" value="com.app.packagename" />
    <parm name="PermissionAccessSignature" value="[PALCE APP SIGNATURE HERE]" />
  </characteristic>
</wap-provisioningdoc>

In the post-install section of your package place the following script to apply the XML settings:

mxconfig /sdcard/yourPath/yourXML.xml

TK
Thomas Knudsen
a year ago

<parm name="PermissionAccessSignature" value="[PALCE APP SIGNATURE HERE]" />

This is my big question :)

How do I find that value, for an app installed from Google Play using a policy.
Can I see it on the device?

LC
Leon Callsen
a year ago

Hi Thomas,

as you already described. The java tool which is used is this SigTools from Zebra. 
https://techdocs.zebra.com/emdk-for-android/latest/samples/sigtools/

You'll need the apk file to extract the app signature. If it's not possible for you then you need to contact the developer of your app to get this signature. 

I think there is no other possibility. 

MD
Matt Dermody Diamond Contributor
a year ago

This is the correct answer. You need access to the APK and then you need to run it through the Zebra SigTools utility to extract the signature. I also don't know if I would trust using OEMConfig for applying it and would instead recommend using a Package delivering the StageNow XML export processed with the mxconfig script. My experience with this indicates that the MX has to be processed after the application is already installed on the device but before it is launched the first time. I find it easier to control that order of operations with Packages versus using OEMConfig. 

Solution
TK
Thomas Knudsen
a year ago

Thanks Matt!
I contacted SYNCH through their website contact form and 30 min. later they called me on the phone,  send me the .APK file and offered help if needed. :) :)


So I will extract signatur and use StageNow to deploy permission. Agree with you, StageNow just work, OEMConfig work sometimes :)

C
Chris
a year ago

Hello,

test the following command as a legacy script send to the device:

afw_set_permission_grant_state com.elbit.italk android.permission.SYSTEM_ALERT_WINDOW allow

If this works, you can create a package with a post-install script and this command line.


MFG

TK
Thomas Knudsen
a year ago

Hey Chris

Thanks for the input

I tried that, but did not have any effect.

K
kmart
a year ago

Hey Thomas, 

I found this article and was able to get the Zebra PTT Pro application signature to work. I used ADB to extract the apk from where it was already installed. https://supportcommunity.zebra.com/s/article/000026191?language=en_US 

E
ESMOD@soti
a year ago

Hi Thomas Knudsen,

Greetings!

Thanks for posting on SOTI Pulse. Thanks to all for responding to the post, your expertise and willingness to help are greatly appreciated!

I am glad that your question is answered.

If you have any additional questions or concerns, please don't hesitate to reach out. We're dedicated to providing assistance and support.

Regards,
Technical Support, SOTI | Call Us | SOTI.net | Discussion Forum | Log a Case Online | LinkedIn | Instagram | YouTube

Similar Discussions