When managing an Android Enterprise work managed device, you may want to deploy internal applications (called side-loaded) onto your devices. One of the challenges with internal apps is the possibility to grant permissions of the app on behalf of the user.
In order to do so, you will need to prepare the Android code with the specified permission you want to Grant, Deny or Prompt user. You will then need to compile this in base code 64 and add it to our custom xml script that you will push down to the devices using profile in Workspace One Console. Please see the breakdown of the steps below:
1. Below a sample code with permissions set. Please note that you are only required to insert the permission you want to with the right value: 0 to Prompt the user, 1 to Grant and 2 to Deny. Adjust the code below as your need (Don’t forget to change the bundle ID of your app).
[{“packageName”:”com.evernote”,”permissions”:[{“name”:”android.permission.ACCESS_COARSE_LOCATION”,”value”:”0″},
{“name”:”android.permission.ACCESS_FINE_LOCATION”,”value”:”1″},
{“name”:”android.permission.ACCESS_NETWORK_STATE”,”value”:”2″},
{“name”:”android.permission.ACCESS_WIFI_STATE”,”value”:”0″},
{“name”:”android.permission.AUTHENTICATE_ACCOUNTS”,”value”:”0″},
{“name”:”android.permission.CAMERA”,”value”:”0″},
{“name”:”android.permission.FOREGROUND_SERVICE”,”value”:”0″},
{“name”:”android.permission.GET_ACCOUNTS”,”value”:”0″},
{“name”:”android.permission.INTERNET”,”value”:”0″},
{“name”:”android.permission.MANAGE_ACCOUNTS”,”value”:”0″},
{“name”:”android.permission.READ_CALENDAR”,”value”:”0″},
{“name”:”android.permission.READ_CONTACTS”,”value”:”0″},
{“name”:”android.permission.READ_EXTERNAL_STORAGE”,”value”:”0″},
{“name”:”android.permission.READ_PHONE_STATE”,”value”:”0″},
{“name”:”android.permission.READ_SYNC_SETTINGS”,”value”:”0″},
{“name”:”android.permission.READ_SYNC_STATS”,”value”:”0″},
{“name”:”android.permission.RECEIVE_BOOT_COMPLETED”,”value”:”0″},
{“name”:”android.permission.RECORD_AUDIO”,”value”:”0″},
{“name”:”android.permission.USE_BIOMETRIC”,”value”:”0″},
{“name”:”android.permission.USE_CREDENTIALS”,”value”:”0″},
{“name”:”android.permission.USE_FINGERPRINT”,”value”:”0″},
{“name”:”android.permission.VIBRATE”,”value”:”0″},
{“name”:”android.permission.WAKE_LOCK”,”value”:”0″},
{“name”:”android.permission.WRITE_EXTERNAL_STORAGE”,”value”:”0″},
{“name”:”android.permission.WRITE_SYNC_SETTINGS”,”value”:”0″},
{“name”:”com.android.launcher.permission.INSTALL_SHORTCUT”,”value”:”0″},
{“name”:”com.android.vending.BILLING”,”value”:”0″},
{“name”:”com.evernote.android.permission.APP_EVENT”,”value”:”0″},
{“name”:”com.evernote.permission.C2D_MESSAGE”,”value”:”0″},
{“name”:”com.google.android.c2dm.permission.RECEIVE”,”value”:”0″},
{“name”:”com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE”,”value”:”0″},
{“name”:”com.sonymobile.permission.CAMERA_ADDON”,”value”:”0″},
{“name”:”samsung.snote.permission.EVERNOTE”,”value”:”0″}]}]
2. Now select/copy your code and you will encode it with base64 using any online tool like for example: https://www.base64encode.net/
3. Take the encoded string and insert into the applevelruntimepermission value field of the following xml custom script:
<characteristic uuid=”ece876fd-da7d-424f-9bab-85a1b483e95d” type=”com.airwatch.android.androidwork.permissions” target=”1″><parm name=”MasterRuntimePermission” value=”1″ type=”integer” /><parm name=”AppLevelRuntimePermissions” value=”W3sicGFja2FnZU5hbWUiOiJjb20uZjUuZWRnZS5jbGllbnRfaWNzIiwicGVybWlzc2lvbnMiOlt7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQUNDRVNTX05FVFdPUktfU1RBVEUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQUNDRVNTX1dJRklfU1RBVEUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQkxVRVRPT1RIIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLkNBTUVSQSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5JTlRFUk5FVCIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5SRUFEX0VYVEVSTkFMX1NUT1JBR0UiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uUkVBRF9QSE9ORV9TVEFURSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5VU0VfRklOR0VSUFJJTlQiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uV1JJVEVfRVhURVJOQUxfU1RPUkFHRSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImNvbS5mNS5lZGdlLmNsaWVudF9pY3MucGVybWlzc2lvbi5FREdFX0xPQ0FMX1NFUlZJQ0VfQlJPQURDQVNUIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiY29tLmY1LmVkZ2UuY2xpZW50X2ljcy5wZXJtaXNzaW9uLkY1X0JST0FEQ0FTVCIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImNvbS5mNS5lZGdlLmNsaWVudF9pY3MucGVybWlzc2lvbi5TRVJWSUNFX1JFUVVFU1RfQlJPQURDQVNUIiwidmFsdWUiOiIxIn1dfSx7InBhY2thZ2VOYW1lIjoiY29tLm1pY3Jvc29mdC5vZmZpY2UubHluYzE1IiwicGVybWlzc2lvbnMiOlt7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQUNDRVNTX05FVFdPUktfU1RBVEUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQUNDRVNTX1dJRklfU1RBVEUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQVVUSEVOVElDQVRFX0FDQ09VTlRTIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLkJMVUVUT09USCIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5CUk9BRENBU1RfU1RJQ0tZIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLkNBTExfUEhPTkUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uQ0FNRVJBIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLkNIQU5HRV9ORVRXT1JLX1NUQVRFIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLkNIQU5HRV9XSUZJX01VTFRJQ0FTVF9TVEFURSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5DSEFOR0VfV0lGSV9TVEFURSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5HRVRfQUNDT1VOVFMiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uR0VUX1RBU0tTIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLklOVEVSTkVUIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLk1BTkFHRV9BQ0NPVU5UUyIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5NT0RJRllfQVVESU9fU0VUVElOR1MiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uUkVBRF9DQUxFTkRBUiIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5SRUFEX0NPTlRBQ1RTIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfRVhURVJOQUxfU1RPUkFHRSIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5SRUFEX1BIT05FX1NUQVRFIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfU1lOQ19TRVRUSU5HUyIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5SRUFEX1NZTkNfU1RBVFMiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJhbmRyb2lkLnBlcm1pc3Npb24uUkVDT1JEX0FVRElPIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLlVTRV9DUkVERU5USUFMUyIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5WSUJSQVRFIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLldBS0VfTE9DSyIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5XUklURV9DT05UQUNUUyIsInZhbHVlIjoiMSJ9LHsibmFtZSI6ImFuZHJvaWQucGVybWlzc2lvbi5XUklURV9FWFRFUk5BTF9TVE9SQUdFIiwidmFsdWUiOiIxIn0seyJuYW1lIjoiYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX1NZTkNfU0VUVElOR1MiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJjb20uZ29vZ2xlLmFuZHJvaWQuYzJkbS5wZXJtaXNzaW9uLlJFQ0VJVkUiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJjb20uZ29vZ2xlLmFuZHJvaWQuZmluc2t5LnBlcm1pc3Npb24uQklORF9HRVRfSU5TVEFMTF9SRUZFUlJFUl9TRVJWSUNFIiwidmFsdWUiOiIxIn1dfV0=” type=”string” /></characteristic>
4. Before you can deploy the permission script you need to ensure that your app has been deployed to the device first. You can then go into the console under Devices –> Profiles & Ressources –> Profiles then create Android profile and add the above Custom Settings as per below:
Special credits to Monalisa for helping me with this procedure!
Dany Leclerc's Blog 
Great stuff! thank you so much it really helped a lot. Also, make note that I spent almost a day to realise that the double quotes are to be of the same format. It did not work initially but later when I edited all the quotes and then it works. But again it does not work for ACCESS_BACKGROUND_LOCATION… which I am still working through… thank you once again…
LikeLiked by 1 person