I am trying to make my feedback app to support fully kiosk, I have tried a lot of solutions but Nothing is completely satisfying my need. Here are the things that I found yet.
1. Make my app as Device Admin/Owner App(Lock Task) -
If we follow this link/procedure https://developer.android.com/work/dpc/dedicated-devices/lock-task-mode, some limitations are there as follows -
a. We have to factory reset all the devices where Feedback app is installed, follow some steps to make it as admin app(launcher app).
b. Installation of the app will be possible using the command line, each installation will take some line of code through cmd, which means for installing a person has to go there with the computer and connect the device with USB and then install the app using commands.
c. Update on an app will also follow the same procedure (Couldn't be performed using google play store)
d. In this case, end-user will never be able to exit from our app, restart the device would also launch the same feedback app every single time.
2. Programmatically screen pinning + programmatically volume and power button controlling. (https://github.com/mrugacz95/kiosk)
a. In this, we will make the app in screen pinning mode where all the three bottom buttons(Overview, home, recent) will be hidden/disabled. and same with the power key and volume keys.
b. So As soon user clicks on kiosk mode, a screen pinning system generated prompt would be shown to user But the biggest disadvantage of it is that app would be unpinned/unlocked as soon as the user presses overview+recent buttons together.
3. The third Case is, where all the keys are controlled including power+voulme+back+overview etc.
Only pressing home will make the app to go on the background and within seconds it will again come foreground.
So all I found up until now, is not very satisfiable.
One more Question-
Is this something to be fully controlled by MDM(Mobile Device Management)?
Any help is appreciated.
1. Make my app as Device Admin/Owner App
a. A device owner can only be installed on a newly initialized device (before an account is added). I believe this is by design : A device owner can completely lock the device down, you don't want a malicious app to be able to seize the phone of an unsuspecting user after a few "I agree" popups.
b. You don't need to install it using adb. The simplest provisioning method is via NFC : While the device shows the very first screen of the setup wizard, touch it with a tag (or another device) containing the provisioning configuration, most importantly an URL where the apk can be downloaded and a WiFi config.
Another method is via QR code (Android 7+) : tap 6 times the first setup screen. It is a bit less convenient than NFC because you usually have to provision the WiFi manually.
c. A device owner can be updated like any other app. As it can itself install or update applications without asking the user, you can implement a fully automatized self update mechanism : check for update / download / update.
2. Lock task / screen pinning
Any application can programatically enter lock task mode. How it happens depends on whether the application is white listed by a device owner app (possibly itself) :
If not, the user is prompted and must accept, they can also exit at any time. This is basically the same thing as screen pinning.
If yes, there is no popup : the user can not decline to enter, nor exit, the lock task mode.
Additionally a kiosk application can act as a launcher. A device owner (again, possibly itself) can set it without user intervention
Is this something to be fully controlled by MDM(Mobile Device Management)?
While device owner apps are usually DPC connected to a MDM console of some sort, this is not a technical requirement. How you control it is completely up to you. (I hope I understood correctly the question)
Overall, I think that the only reliable way a device can be locked in kiosk mode is to use a device owner app (separately or included in the kiosk application). The setup via NFC or QR code is actually faster than a normal device setup. It can also protect against safe mode reboot or factory reset. The only real constraint is that you can not deploy this kind of application on existing devices without wiping them first.
Make my app as Device Admin/Owner App(Lock Task) -
a. If you are making it an 'admin app' this means you have signed the device image correct? Therefore you control the full flashing of the device - you can do anything in this scenario.
b. You can actually also do ADB over WiFi after you set it up the first time
c. You can update your apps from the playstore - even launcher applications
d. This fact is the whole point of Kiosk mode. Users should not ever be able to exit the application. Only you can exit, either with a remote command or with a invisible touch combination (for example touching each of the corners of the screen in sequence twice, or other 'secret unlock code')
Programmatically screen pinning + programmatically volume and power button controlling. (https://github.com/mrugacz95/kiosk)
b. This is the opposite of 1d, it is not clear what you want if you want neither.
The third Case is, where all the keys are controlled including power+voulme+back+overview etc.
This is also the opposite of 1d, it is not clear what you want if you want neither.
We need a few more details on your deployment scenario for this app to help you out further.
Related
I have application signed by platform key and I need to move device to kiosk mode.
What kiosk mode mean in my case:
Set user restrictions (change default activities, set VPN etc...)
Prevent user access to third party apps, some system apps etc...
Set custom Activity as Home activity without user interaction
Move application to lock task mode
I know that DevicePolicyManager could do that. But device doesn't have any google's provisioning system (like NFC or QR). Is exist any way to set device owner using application signed by platform key or use such application with benefits of device owner App?
I find out that application with system privileges could do al lot of thing that could be done with DevicePolicyManager. But some of functionality provided as hide API:
Set user restrictions - could be done with UserManager
Prevent user access to third party apps - could be done be disabling such apps with package manager
Set custom Activity as Home activity without user interaction - could be done with PackageManager
Move application to lock task mode - could be done by disabling UI components in status bar and system navigation bar with StatusBarService
The platform key only gives you certain permissions to take a certain role or to make some system settings, but for your task you are mainly right with the DevicePolicyManager. I do not see why you need NFC or QR for that, you could implement a simple code to unlock the kiosk mode.
There are of course finished applications to do that and you would not need to re-invent the wheel as this kind of application is not trivial.
I have the following problem.
I'm trying to make an app that locks the screen. The method via DevicePolicyManager works very well. So far so good. But when I lock my phone with DPM the fingerprint unlocking method is disabling and I have to enter my pattern (or PIN or whatever I set) to unlock the phone. If I lock it the normal way (ie with power button) the fingerprint unlocking works.
So my question is
How to lock the screen programmatically and be able to unlock it afterwards via fingerprint?
PS: I have an galaxy s5 mini with marshmallow lineage os
That is the normal flow. It takes the device to restarted state where the device will ask for a pattern or password. Google have not provided any api for this. You can check any app in PlayStore which has locking feature will behave like this.
Edited:
For the below queries you have asked response is shared here
How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?
There's intentionally no API for apps to call to lock the device.
Is there a security reason/concern around this?
Yes, there's a DOS (denial of service) concern if we allow apps to lock the device. Either intentional or accidental (app bug).
Found it here[https://code.google.com/p/android/issues/detail?id=79735#c115]
I think you need to search for how to lock with app shortcut and not with power button. Atleast I could help to this level.
Notice how the apex launcher or nova launcher got it way around. screen lock through apex launcher or nova launcher doesn't disable fingerprint scanner!
What it actually does is that it sets the screen to complete black i.e. soft lock (which gives user a false impression of screen off) and then after 5-10 seconds the display actually goes off due to time-out.
other app which implemented the same functionality OFF+ (Screen Off / Fingerprint unlock support).(I guess it modifys "lock screen timeout")
If the phone is rooted then a shell command can be executed to simulate the power key su input keyevent 26 but there might be a fraction of delay.
well, if some root user is looking, there's also a xposed module which solves this issue FingerprintEnabler
I would like to add some points to the JerryGoyal's excellent answer.
Below is the screenshot from Microsoft Launcher which shows the two ways to lock the screen. It clearly states that the method via Device Policy Manager will not work with fingerprint.
A work around is done by showing a black screen until the screen times out.
In the next screen it asks for permission to Modify system settings to alter the screen timeout period.
From https://issuetracker.google.com/issues/37010802#comment148 (posted Aug 9, 2018 08:26AM):
Android 9 finally added a solution for this (or a workaround, it
depends on how you look at it). A new AccessibilityService global
action was added for locking the device [1], [2]. Nova Launcher
already has a screen lock method using this service action in the
latest beta, and it allows for locking the device and keeping
fingerprint unlock and SmartLock working.
What sucks, though, is that users of your app have to enable the
accessibility service for your app. And having any accessibility
service enabled breaks Snackbar animation [3] (it no longer slides on
the screen, it just appears there without any animation).
[1] https://developer.android.com/about/versions/pie/android-9.0#a11y-convenience-actions
[2] https://developer.android.com/reference/android/accessibilityservice/AccessibilityService#GLOBAL_ACTION_LOCK_SCREEN
[3] https://issuetracker.google.com/issues/37092972
Hi all i want make app which run over volume key for example when we press the volume down key it turn camera open( when device is locked) similarly i want the same in my app.
I don't think that's possible
Those functionalities come from the factory OS you have, not from specific apps. The only way that could be possible is by rooting the device, in which case you may be able to listen to physical button clicks and modify their behaviour.
This page shows an application that can alter the buttons behaviour once the device is rooted, but again, this won't teach you how to do it, as again, it's not for the majority of the users and you'd need to root every device.
I'm writing an anti theft app, and I want when sim card is changed a dialog opens on boot and tell the finder to bring back the phone. This activity must be unleavable, so he can't leave it unless the correct code is entered.
Other situation is when user send a lock SMS to the phone.
I know how a device admin can lock the phone, but lock don't tell the message and the password can't be entered. And lock may not have a password or pattern so the finder can pass it easily.
Maybe a combination of device lock and a full screen activity which disable the keyguard do the job?
In my research, without being installed at the OEM level, you can't make it 100% un-leavable, just really annoying.
In an app I wrote for businesses which use a kiosk, since we weren't at the OEM level, we just kept the menu bar hidden and set the app to be loaded whenever Home was hit. Keeping the menu bar hidden was a pain, but was achieved by making it invisible and then when re-triggered, making it go away after 1 second. It's still able to be exited by hitting the clock in that 1 second, though. :(
Is it possible to have an application run on a device in such a way that it is the only application that can ever run and also prevent the user from using the operating system at all? Tapping on the Home key or Back button would not exit the application and allow the user to have access to anything. If the device boots up, only this application would run.
This would be desirable in situations where devices are installed at a business for point of sales purpose or possibly where the device acts like a terminal in public places.
You can achieve what you're describing by writing your app to replace the home screen (Launcher). From there, you control what other apps will run.
The Android SDK has a working Launcher project you can start from.
Be careful to allow some method of running a more powerful app (even if it's just enabling ADB access) -- otherwise you could leave your device in a state of needing a factory reset before it can be modified.
Yes, you can override the back and home button behaviour.
Start app, override all buttons, and the user cant exit the app, evil, but should work in your scenario.
info here