How to save EAP wifi network in Android 10 after Android Enterprise provisioning

Question

Up to API lvl 29 we have been using WifiConfiguration to set up wifi connections with our DPC (both device and Profile Owner modes). Since API lvl 29 we can still save Open, WEP, WPA networks, but any attempt of saving EAP network is completely ignored. We tried to use WifiSuggestions method and the suggestion is properly displayed in the notification bar, but when the user taps on "allow" - nothing happens. There are no errors in the log, addNetworkSuggestions() method returns STATUS_NETWORK_SUGGESTIONS_SUCCESS.

This problem exists only when our DPC is provided Device/Profile Owner permissions with full provisioning process (work profile creation or fully managed during the first start). Getting Device Owner status using ADB lets us save the network by allowing the network suggestion.

This is how we set up the network suggestion:

@RequiresApi(api = Build.VERSION_CODES.Q)
public static WifiNetworkSuggestion setupWifiNetworkSuggestion (WifiConfiguration wifiConfiguration){
  return new WifiNetworkSuggestion.Builder()
          .setSsid(wifiConfiguration.SSID)
          .setIsHiddenSsid(wifiConfiguration.hiddenSSID)
          .setWpa2EnterpriseConfig(wifiConfiguration.enterpriseConfig)
          .build();
}

after that we call:

List<WifiNetworkSuggestion> networkSuggestionList = new ArrayList<>();
networkSuggestionList.add(setupWifiNetworkSuggestion(wifiConfiguration));

int status = mWifiManager.addNetworkSuggestions(networkSuggestionList);

if (status != WifiManager.STATUS_NETWORK_SUGGESTIONS_SUCCESS) {
  _logger.error("Problem adding network suggestion, status code: " + status);
}

Are we missing something? The same code works in our other app where we do not use EMM provisioning to get Device Owner. All the requested permissions are the same in both apps. We tried to get some error info or set up some logs but we only get success statuses all the way.

Answer 1

We finally made it work! The problem was caused by three separate issues:

1. We were lacking allowed key management setting WifiConfiguration.KeyMgmt.WPA_EAP

2. Our test RADIUS server rejects connection attempts when any domain is provided in the enterprise config. It was giving us unnecessary disconnections even at the point when we resolved Android-side issues

3. MOST IMPORTANT: For some reason our password policy was not enforced and on test environment we use self-signed certificates. Without at least PIN-lock set up on the device, the certificates cannot be attached to the network profile, therefore it cannot be added/connected to. Even if the network is saved, it lacks the certificate which has to be selected manually (it is deployed properly to the certificate store, though)

Answer 2

WiFi networks added through addNetworkSuggestions do not appear on the system-provided list of saved WiFi networks. But if the device sees the WiFi, it will add a note that this network was suggested by this and that app. Then the user can connect with the WPA Enterprise credentials configured in the code.

From my understanding, it is expected behavior that nothing happens that the user could see.

Also, if you uninstall the app, the suggested networks disappear again.

As a Device Owner, you should be able to use the otherwise deprecated WifiManager.AddNetwork() method to add the network to the system list. I haven't tested that myself.

On Android 12 (but not with 10 and 11), you can ask the user to add a network to the system list using this code:

    var suggestionsList = new WifiNetworkSuggestion[]
    {
        networkSuggestion
    };

    Bundle bundle = new Bundle();
    bundle.PutParcelableArrayList(
        Android.Provider.Settings.ExtraWifiNetworkList, 
        suggestionsList
    );
    Intent intent = new Intent(Android.Provider.Settings.ActionWifiAddNetworks);
    intent.PutExtras(bundle);
    intent.AddFlags(ActivityFlags.NewTask);
    Android.App.Application.Context.StartActivity(intent);