My Application disabled camera function using DevicePolicyManager and manufacturer API.
But It has some problem because DevicePolicyManager is deprecated API 28.
So, I want to disable camera after API 29 device what is not supported manufacturer API.
I found it some solutions using EMM solutions. But it has to using Enterprise mode.
My Application's target is not Enterprise people just temporary enterprise visitor.
so it is not good for them to reset device to get device owner OR enroll device to Enterprise service to get profile owner.
Does anyone know the answer to this problem?
Looking for a replacement for DevicePolicyManager. But there is not replacement just have authority to use DevicePolicyManager.
There is two solution to get authority, profile owner and device owner.
But profile owner just prevent using camera in work profile's apps. it cannot disable camera in personal profile. it has to enroll the device to enterprise service.
And Getting Device Owner only can enroll while reset device or first boot. I think it only uses in Enterprise devices.
Related
in the guide for Android Management API it is said
Fully managed mode
In fully managed mode the entire device is managed and
the device needs to be factory reset before setup.
To set up a device in fully managed mode you need to use a QR code.
For devices running Android 7.0 or above:
Turn on a new or factory-reset device.
Tap the same spot on the welcome screen six times to enter QR code mode.
Connect to a WiFi network.
Scan the QR code.
My question is how to add TV that does not have touch support. Are TVs possible at all?
I am not sure if TVs are supported.
You can get more information at the below link :
https://www.android.com/intl/en_in/enterprise/devices/
You can also try DPC identifier method
If Android Device Policy can't be added via QR code or NFC a user or IT admin can follow these steps to provision a company-owned device:
Follow the setup wizard on a new or factory-reset device.
Enter Wi-Fi login details to connect the device to the internet.
When prompted to sign in, enter afw#setup, which downloads Android Device Policy.
Scan a QR code or manually enter an enrollment token to provision
the device.
No. Android Management API won't work on TV
I am trying to create an app that restricts camera on Android for my enteprise.
Until now I used device admin, but as far as I know, it's deprecated since API 28.
As I understand, I should use Device Management API and restrict camera using policies.
What I did is created an enterprise, and enrolled my device with a Work Profile that included camera disabled policy, but the Android stock camera app is still working.
The Android Device Policy app does show that the camera disabled policy is applied.
What am I doing wrong?
Also, I noted that the end user can simply go to the Account settings of the phone and delete the work profile.
Can it be prevented?
Thanks!
In order to disable the camera on the whole device you need to set up the device in fully managed mode. To do so you can use one of the available provisioning methods, like the QR code method. You will need to factory reset the device before provisioning it in fully managed mode.
You can set this policy when using AMAPI: "cameraDisabled": true, to disable camera usage on your managed devices.
From my last posted question below,
Not getting any idea about the workflow of managing an android device from another device using an pre installed android in both devices
I am here today with new problem. I used android management api to create enterprise, enrolling a device with device policies(Used the sample provided in here a link. But what I am trying to achieve I am not getting it. I want the app to be able to disable all normal apps and camera when parent app blocks them in childs device from its own device using android management api. But what I am getting is that upon upload of enrollment of the policy using enrollment token I see a separate work profile is being created in android device which is not my requirement in the app.
So if anyone out here can help me out in this one be very thankful.
TL DR:
To fully control a device you must enroll it in DEVICE OWNER mode.
I'll try to stick only to this question and address your other concerns answering the other.
You can enroll a device mainly in two modes WORK PROFILE and DEVICE OWNER, one is thought for enterprises that want to allow a BYOD model, the other for enterprises that provide company owned terminals and who wants exert full control on them.
From the docs: https://developers.google.com/android/management/provision-device
The work profile provisioning methods create a work profile on a device. A work profile is a self-contained space that separates work apps from personal apps (see employee-owned devices for more information). On devices with work profiles:
Android Device Policy is installed within the work profile.
devices.managementMode is set to PROFILE_OWNER.
Most policies and commands apply to the work profile only.
The fully managed and dedicated device provisioning methods provide enterprises with full management control over a device:
Android Device Policy is installed on the device's personal (primary) profile.
devices.managementMode is set to DEVICE_OWNER.
Policies and commands apply to the entire device.
Your idea probably needs DEVICE_OWNER mode but here there is the big problem, to enable them you must enroll a device that is factory reset!
So you need a much specific process to prepare a device before use, you cannot achieve a so strict control on a device just installing an app and control it from outside permissions or not. It's against the logic of a "personal device".
We have android app as an Enterprise App which disables the camera of the Device. This functionality breaks when user switch to Guest user or similar functionality. Having app as Device Administer is not enough, We have found one solution to it i.e making app Device owner with nfc-Provisioning and similar approach but this requires the device to be in factory reset mode. So is there any other approach than this which will help us to disable camera across all profiles without factory resetting of the app. I believe this is not an idle approach as per users point of view.
Here is the guide for android Mobile as Administrator here you can disable the camera programmatic ally. You can refer to this link
https://developer.android.com/guide/topics/admin/device-admin.html
You can't and, while it restrains developers, it is actually a good thing for user's security.
Among other things, a Device Admin app cannot
prevent the user from revoking the Device Admin rights,
enforce policies across users,
prevent the creation of new users.
It is relatively easy to lure Android users into giving Device Admin rights and many malwares have already tried to exploit this vulnerability through clickjacking or other means. So it is a good thing for users that Device Admin gives limited management capabilities and can be revoked.
In comparison Device Owner gives full management capabilities but requires factory reset which ensures there is a clear intent from the user.
I'm trying to put some pieces together regarding the Device Owner application.
With regards the the newly released EMM API, is there a way for the Device Owner application get system app permissions? I have noticed that the API allows remote package installation, but for this to work, the application needs to have INSTAL_PACKAGES permissions (reserved for system apps).
Also, is there any official documentation to the Android Hidden API, or is it all just code inspection and comments?
Device Owner does not have system app permissions.
On Marshmallow a Device Owner can call PackageInstaller and silently install apps.
The TestDPC basically shows all the features you can implement:
https://github.com/googlesamples/android-testdpc
For some more interesting info:
https://florent-dupont.blogspot.ca/2015/02/10-things-to-know-about-device-owner.html