I have an application that is a device administrator. First, a little disclaimer, our app has an MDM intention (Mobile Device Management), so it is not supposed to be used by end-users.
Since our app is mostly used as a background device manager, I'm testing the new flag that allows your app to not have all permissions reset. I noticed a strange behavior when the device admin is on, and I can't find any documentation about it in Android 11 changes, nor in sdk reference documentation. When your app is device admin, you can't toggle this flag anymore since it's disabled.
If, when I first open my app, asks for device administration and then test the result of context.packageManager.isAutoRevokeWhitelisted (ref) it returns false. But the toggle button in the app settings is disabled, so I can't turn it on.
If I, before asking my app to be device admin, go to app settings and toggle the flag to whitelist our app, then after admin is granted, the toggle is disabled, and this method returns true, which is what I'm looking for.
So my question is: if I turn on device admin for my app, does this means that it will automatically be whitelisted, so I don't need to worry about this (what would explain the toggle disabled, but not explain why the method returns false) or I should first ask for the app to be whitelisted (changing the toggle button in settings) and then ask for device admin?
Related
While applying lock command through android-management-api in the device, the device will be locked. But if users know the password, they can able to unlock the device and use the applications in the device.
My requirement is to disable all applications for a specific amount of time. Is there any possibility to achieve this functionality through android-management-api?
If you want to lock the device and prevent user access entirely, you can reset the device’s password and then lock the device using issueCommand: RESET_PASSWORD and LOCK.
You can also use Devices.patch() and set state to “DISABLED” to disable all the applications (for fully managed devices) or work apps (when enrolled in work profile) from the device.
If perhaps you want to achieve this because of compliance issues, then the IT admin can wipe the device (for fully managed), remove any corporate apps from the device, or remove the work profile. This can also be automated by using compliance rules.
use disable key word and set as true in application policy to disable the app.
Try this link.
And also vote me if it works fine.
https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#applicationpolicy
Can I "register" a (already installed) specific app to be launched when android device get physically connected to a specific usb device ?
Eg.
I connect a keyboard (of a certain brand or with a special USBid/class) and it automatically launch a text editor app
I connect an USB soundcard and it launches an audio app.
And "better", is there an autolaunch on Android ? I plug a keyboard+storage device to my smartphone and Android will ask me if I want to install the apk from the storage (or download it from predefined url)
Obviously for security reasons I understand installing the app from the storage will need confirmation by user. But, once the app has been "registered" would it be possible to launch the app automatically without having a confirmation screen ?
I know I could get USB info with android.hardware.usb.usbdevice. My question is more about how I can tell Android to launch this app rather than another when usb device is connected.
I think you could register your app to receive a system broadcast like USB_ACCESSORY_ATTACHED and make the logic to launch your app when this happens.
Check https://developer.android.com/guide/components/broadcasts
https://developer.android.com/reference/android/hardware/usb/UsbManager.html#ACTION_USB_DEVICE_ATTACHED
I have noticed in Android 6.0 that if you try to disable the permission for PHONE on the stock Phone app, the Settings app informs you that you are disabling a critical function. If this is disabled, "the basic features of your device may no longer function as intended". But, If you try to disable the permission for LOCATION on the phone app, the Settings app does nothing. What is the mechanism that the phone app uses to distinguish a critical function from a non-critical function?
I have an android application which lists installed and system applications separately. When the user tries to reboot the device from my application it will open my application instead of default home launcher.
But when the device is rebooted to 'safe mode' all logic crashes .ie, the device rebooted to my application in safe mode but it does not list any installed applications and stops its working.
Is it possible to make my application work in 'Safe mode' also?
Is there any way to prevent the device from going to 'safe mode' while running my application like using a RECEIVE_BOOT_COMPLETED broadcastreceiver?
What is device admin applications? Is it helpfull in this situation?
Is it possible to detect safe mode programmatically?
Thanks in advance
I know this question is old, but perhaps this will help someone. If your application is Device Owner or Profile Owner on the primary user, you can disable safe mode completely (it works without root):
DevicePolicyManager manager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName admin = new ComponentName(getApplicationContext(), DeviceAdminReceiver.class);
// To disable safe boot
manager.addUserRestriction(admin, UserManager.DISALLOW_SAFE_BOOT);
// To enable safe boot again
// manager.clearUserRestriction(admin, UserManager.DISALLOW_SAFE_BOOT);
EDIT: You can set Device Owner or Profile Owner simply via ADB: https://developer.android.com/studio/command-line/adb#dpm
adb shell dpm set-device-owner com.example.deviceownerapp/.DeviceAdminReceiver
Note that you must have no accounts added when activating device owner (you don't have to do system reset though, just remove all account from settings). After device owner is set, you can add any accounts again.
If you create a shortcut of that particular app that you want to launch in safe mode, you can do so while in safe mode. But you should be in normal mode when creating the shortcut.
The only way to do this is to make the user app a system app on /system/app
But if your device is rooted there is an easy way to do this
download lucky patcher and enable root access
use the search option to find the app you want to be able to use in safe mode or just find it in the scrolling menu
click on the app, click on tools, then press move to /system/app
after the process is complete the device will have to be restarted
the user app is now able to be accessed in safe mode
Device admin apps as well dont run.
To run your app in safe mode, you need to copy your app to /system/app, for which you need root access.
So only on rooted device it is possible.
Out of safe mode,Put an installed app on Home screen. Reboot into safe mode,and the app will be on Home screen, and the app will work in safe mode!
I have recently been reviewing Android's Device Administration API in order to find a way to protect a device from having certain apps forcefully stopped or uninstalled. I came across wipeData() as follows:
http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#wipeData(int)
What is the point of this if a user can simply wipe the data from the device's "Settings" menu? When I originally posted this question, I didn't realize that one effective use could be to remotely wipe a device. I get that, but what I'm specifically after is protecting certain features so that a user cannot access them outside of an app that has been granted policies that manager those features.
For example, on my particular device, I can choose System Settings->Backup & reset->Factory data reset and clear everything. A similar case can be made for many of the other options exposed by DevicePolicyManager.
When using the Device Administration API, is there a way to disable these built-in features so that only the app registered for the Device Administration API can perform them?
what I'm specifically after is protecting certain features so that a user cannot access them outside of an app that has been granted policies that manager those features
There is no meta device administration (i.e., the administration of device admins).
A similar case can be made for many of the other options exposed by DevicePolicyManager
The user has the ability to do nearly nothing offered by DevicePolicyManager.
For example, the user cannot block the camera from the lockscreen, nor can the user block app widgets from the lockscreen, which is why I had to write a utility to do that (as I didn't want to install a closed-source device admin from the Play Store).
Most of the methods on DevicePolicyManager revolve around password quality, and the user cannot set policies for his/her own passwords and have them be enforced.
And so on.
When using the Device Administration API, is there a way to disable these built-in features so that only the app registered for the Device Administration API can perform them?
By definition, only device admins can do device admin things. However, there is no way for one device admin to block another device admin. The only sort-of exception to this is in terms of the various password quality settings, where the strongest setting is applied.