The Android Setup Wizard and How to Bypass It

Updated March 2020

This is the ninth in a series of blog posts looking at the considerations around adopting an Android Google Mobile Services (GMS) deployment in the enterprise.  Each post features a summary along with recommendations. For other posts in this series please see the links below:

• Preventing unattended application updates initiated via the Play Store
• Understanding Google’s terms of service and privacy policy
• The managed Google Play Store
• Application deltas between Android GMS and AOSP
• GMS Location services and tracking
• Distributing private apps in the Managed Play Store
• Data usage of GMS applications and services
• Factory Reset Protection
• The setup wizard and how to bypass it

GMS devices feature a Setup wizard which is presented to the user when the device is first started or after a factory or enterprise reset.  To a consumer the setup wizard is a onetime operation done maybe once a year but to an enterprise managing multiple (perhaps thousands of) devices which are often remote it is often desirable to bypass the wizard.

There are currently two primary techniques for bypassing the setup wizard:

1. Managed Android devices can be provisioned either via zero-touch, an NFC bump or scanning a QR code; this bump or scan happens on the first screen of the setup wizard and conveys to the device sufficient information to allow it to bypass the rest of the wizard screens.
   • Note that tapping several times in the same place on the wizard will invoke QR code provisioning.
2. Zebra Android devices are capable of scanning a barcode in a specific format which will immediately bypass the wizard and allow additional staging to take place using StageNow.

We will look at each of these in turn:

Bypassing the setup wizard on managed Android devices

Google’s authoritative documentation on the managed device provisioning process is available on their developer portal and goes into a lot more detail than is warranted here including the format of data being encoded in the tag or barcode.

Google's recommended approach is to use zero-touch enrolment which requires the device to have been registered as sold to a particular customer who uses a particular EMM.  The out of box experience involves the device being given Internet connectivity (which may involve touching the device to configure WiFi), tapping a few enrolment screens and the rest of the provisioning is automatic.  The on-device experience is shown on a Pixel device on Google's YouTube video on the subject.

Enrolment via NFC tag or QR barcodes are considered 'legacy' deployment methods but still function.   The process involves creating an NFC tag; a QR barcode or an app which will run on another Android device to be NFC bumped against the device being provisioned. The NFC tag or barcode contains sufficient information to stage the device, i.e. WiFi connection settings, time zone, locale and the location of the EMM application which will take over the remaining steps to complete device provisioning (e.g. installing applications or setting device policies).  By tapping the NFC tag or scanning the QR barcode the managed Android staging process is initiated, the device enrolled in the EMM and the device provisioned.

So, managed Android devices enable an administrator to bypass the setup wizard (or at least, bypass most of the wizard) by design and more information will be available from your chosen EMM provider.

Note: It is possible, though less common, to enrol a Device Owner (DO) after bypassing the setup wizard using the Intent Manager CSP

Bypassing the setup wizard on unmanaged Zebra Android devices

Where supported, any user of unmanaged Zebra Android devices can take advantage of the feature to bypass the setup wizard entirely.

Supported devices are listed in the StageNow documentation which at the time of writing are:

• Android Oreo and higher
• Android Nougat with BSP 49 or higher
• Android Marshmallow with BSP21 (G-00-08) or higher

Before proceeding, it is important to understand the proposed workflow:

1. Device boots and displays the setup wizard
2. The user scans the special barcode with the Zebra device’s barcode scanner using the hardware trigger.
3. Device bypasses the setup wizard and launches the StageNow client
4. The user scans additional StageNow barcodes to complete device staging and provisioning.

There are a number of caveats:

• Devices which depend on Bluetooth scanners (e.g. WT6000) cannot take advantage of the setup wizard bypass feature.
• If any configuration is required which can only be done via the wizard, then the wizard cannot be bypassed.
  • For most use cases the capabilities of StageNow meet whatever configuration would have been manually entered in the wizard e.g. setting a device PIN or enrolling in a WiFi network.
  • Google's SUW location options for "Help apps find location" and "Improve location accuracy" are not accepted when the wizard is bypassed and it will be necessary for the user to manually agree to 'improved location accuracy' if you wish to use this feature, as explained in the earlier post on GMS Location Settings
  • Device diagnostics are denied when the wizard is bypassed as is configuring a Google account and signing up to Google’s Location History feature.

When bypassing the setup wizard several OS settings are configured which are required for Android to run properly, for this reason it is not recommended that you disable the wizard (com.google.android.setupwizard) with the MX AppManager as discussed in the earlier post on GMS applications.

To obtain the staging barcodes please see the official documentation for StageNow, specifically the wipe device profile section.  For convenience the barcode is also copied below and can be scanned at any stage during the setup wizard.

suw barcode.png

Users of StageNow 3.0 and higher will notice that the setup wizard bypass barcode is provided on the PDF exported from the profile; this does not change any functionality but just makes it easier to find the bypass barcode

suw bypass with StageNow.png

Troubleshooting the setup wizard bypass barcode

If you scan the setup wizard bypass barcode during the setup wizard and it has no effect then you may find the following troubleshooting steps helpful:

• Factory Reset Protection (FRP) could be in effect.  If you previously configured an unmanaged Google account on the device and performed an untrusted reset, as explained in the earlier post on factory reset protection, then the setup wizard bypass barcode will have no effect.  This is by design so FRP cannot be circumvented and you are required to complete the setup wizard manually.
• Device might not be supported.  If your device does not adhere to list of supported platforms as given in the StageNow documentation for wiping a device​ then either the bypass barcode will have no effect or no beam will emit from the barcode scanner when you press the hardware trigger during the setup wizard.
• Barcode is out of date.  Though unlikely, it is conceivable that the barcode embedded above may become out of date. Please ensure you are using the latest bypass barcode available from the StageNow documentation.

Bypassing the setup wizard following an Enterprise Reset

This document has discussed bypassing the setup wizard when the device is new out of the box or following a factory or enterprise reset.  There is an additional, related feature supported on devices running MX 7.1+ which is the ability to bypass the setup wizard following an enterprise reset initiated by StageNow or the EMDK.  This feature, SUWByPass, is part of the MX Power manager in StageNow, EMDK for Android and EMDK for Xamarin and the expected workflow is as follows:

1. Device is running, StageNow or an application triggers an enterprise reset via the MX power manager.
2. SUWByPass option is set to ‘true’
3. Device performs an enterprise reset, device contents is wiped and /enterprise partition remains
4. Setup wizard is not presented to the user and the device boots straight into the launcher
5. Any configuration defined via the persist manager is now applied.

Recommendations

All GMS Zebra devices have undergone Google GMS certification and as such will present the user with a setup wizard out of the box or following a factory (or enterprise) reset.  The setup wizard cannot be disabled but it can be bypassed using the techniques described in this document.

• Managed Android can bypass the setup wizard as part of the standard setup process.
• Customers deploying devices which will not be controlled by a device or profile owner should consider using the setup wizard bypass barcode to expedite their configuration of GMS Zebra devices.
  • Any configuration previously done manually in the setup wizard should be moved into a StageNow profile.
  • Customers performing an enterprise reset on their device and re-staging should consider using the enterprise reset SUWbypass feature.