Installing without the Internet
TDM can be installed from a privately hosted web server hosted on a server connected via a Wi-Fi access point that has no onwards access to the Internet. If connecting to Wi-Fi is not possible, it can also be installed via USB using the Android Debug Bridge.
You’ll need to download the TDM android package file (APK) from an Internet connected host and import on to your private network.
Create a Proxy PAC file
You’ll need to generate a Proxy Auto-Config (PAC) file to use a Wi-Fi network with no Internet connectivity (this tells Android to not attempt to Google’s connectivity check servers). Create a file named proxy.pac with the following contents:
function FindProxyForURL(url, host) {
return 'DIRECT';
}
Setup a web server
You need to host the PAC and the APK within the root directory of the web service. If you don’t want to permanently run a web server, you can quickly start one with Python that will share the contents of the current directory and all of its sub-directories:
python3 -m http.server 8000
Generate a QR code
You need to generate a QR code with the Android provisioning information. Copy and edit the configuration below using a text editor:
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":
"com.xewli.tdm/.DeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":
"http://your_web_server_ip_addr:8000/xewli-tdm.apk",
"android.app.extra.PROVISIONING_WIFI_PAC_URL":
"http://your_web_server_ip_addr:8000/proxy.pac",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":
"Zf2Gj2O_5azDWIBTiycIqtIjgLmUGWqo6afFygDnfzU",
"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": false,
"android.app.extra.PROVISIONING_WIFI_SSID": "\"MyWifiAP\"",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "PASSWORD"
}
Replace the PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION and PROVISIONING_WIFI_PAC_URL
IP address values to match your web server’s host; and PROVISIONING_WIFI_SSID and
PROVISIONING_WIFI_PASSWORD to match your Wi-Fi network.
Note that the PROVISIONING_WIFI_SSID value should contain escape quotation marks ("): If the
access point is named MyWifiAp, then the configuration must state "\"MyWifiAP\"":
"android.app.extra.PROVISIONING_WIFI_SSID": "\"MyWifiAP\""
Furthermore, if a quotation mark appears within the SSID itself, it must be escaped by preceding
it with the backslash character (\).
Generate a QR code for the configuration: there are tools available online that generate the QR code as an image that can be downloaded and re-used later.
Install
At the first Android Setup Wizard screen, tap the screen until the camera appears for reading the QR code.
Move the device so that the front camera is pointing at the QR code. The QR code will be read automatically once it is in focus. You can move the device closer or further away from the QR code to help the camera focus.
Complete the Android Setup Wizard steps.
On the Tactical Device Manager splash screen, press Get started.
On the Terms & conditions screen, check the checkbox to accept the T&Cs then press Continue.
At the Hold the SmartLicence… screen, hold the smartcard to the rear of the phone until the next screen appears.
If you want to install applications:
At the Install applications screen, select Install apps from USB now.
Attach the USB media device and press Continue.
When the OS asks to allow TDM access to the memory device, press OK.
At the Initial policy screen, remove the USB media device and then select an initial policy and press Continue.
At the Administrator authentication screen, enter either an 8-digit PIN or a passphrase. This is used to lock TDM and prevent unauthorised changes to your device policy. This is used only by administrators.
At the User authentication screen, provide a PIN or passphrase for the device’s lockscreen. This will be used by the end user. Its length is determined by the initial policy.
At the Setup complete screen, press Finish.