I'm trying to implement Android device administration on a range of company-owned devices. The network these devices will be on does not have an internet connection - It will only have Wi-Fi connection to the enterprise network.
I have the device working with a policy controller, all hard-coded into the app loaded via Android Studio.
My next step is creating an Enterprise Mobility Management (EMM) console, but the documentation seems to explain that it's cloud-based and require Google accounts. Is there a way to implement this functionality on an offline secure network without Google accounts?
Yes, there is a way to implement device management functionality on an offline network.
Headwind MDM, the project I am working on, is a self hosted mobile device management solution which can manage Android devices without Internet connection (using Wi-Fi or private APN in mobile networks). Also, it is open source so you can adjust the code for your needs.
The only exception is that you may need Internet connection during the initial setup of your Android devices, because some models require access to Google Play Protect when installing the device owner application.
Related
I have created a VPN Profile on my Android device. Now, I would like to create an Android application to manage (restrict and allow) which applications can access this VPN Profile.
So far, I've looked at Android's VPN Service which allows us to manage which applications can access the VPN Service but I am unable to correlate how this solution fits in with an already created VPN Profile.
There is no relation betweeen the VpnService API and VPN connections you create in Android's built-in VPN client. When using the VpnService API you'll have to implement a VPN protocol yourself and tunnel data read from the TUN device, which is created via the API, and back again (or use a library that implements a VPN protocol that does this for you), only then can you restrict apps from using the VPN using VpnService.Builder's addDisallowedApplication() method.
You can also look for VPN apps in the app store that already use this API and support excluding (or including) apps that may use the VPN.
you can find many free vpn or proxy servers. I use nord vpn and his efficiency I check on whats my ip service. You can also use it. Its free. VPN is important where you need to get access to blocked sites or social media like twitter or Facebook. During my trip to China I used vpn and whats my ip service.
I want create an app to restrict android system internet. I also want to block other applications and Bluetooth. (Without rooting device)
How can I achieve it using android device admin APIs?
Please let me know in case of any other solutions for enforcing such system level restriction.
These features are accessible to Profile owners and Device Owners. I would request you to Read about Google EMM and Device Provisioning. Google allows you to use their EMM API to manage devices via a Google EMM Community account. Alternativly you can use various 3rd party EMM or MDM solutions like Kardamom or IBM MaaS360
I wanted to create a payment portal, where the offline users would connect to my store Hotspot and make online payments. However, due to obvious reasons, i would like the users to be able to connect to the payment portal only. Is there a way i could do a whitelisting (or Blacklisting) of the URLs to which the network packets are destined ? Is there possibility that source code of tethering could be modified and an application could be built upon it that would get the job done ? If yes, then can it be done without rooting the phone.
P.S - I don't want to use Proxy.
I'm not a very big fan of Google play services. I don't know what they do under the hood and they are not open source.
I would still like to connect my app with Android Wear to have a basic communication without the google lib. Is it possible?
Your phone has bluetooth, your wear device has bluetooth, you can connect them using the standard bluetooth api. Or, as both devices have wifi, you can make them connect through a server. You have to write your own server for that, i.e. your own "Play".
Could you please give some guidance where to dig?
What I have:
I have a device (HTC One X) with ICS (Android 4.x) on board.
My Company has a corporate VPN server based on Microsoft VPN Services (RRAS and so on).
Microsoft VPN Server has a policy applied to it which tells it to accept only connections with MSCHAPV2 authentication.
What I need:
I need to make VPN connection from my device to my corporate VPN Server.
Questions:
Is it possible to get my need with ICS's onboard VPN client?
Is there any 3rd party VPN client which does it?
How to ask Google about my need?
Android supports MS-CHAP V2, but that is part of phase 2 authentication and is configured automatically during handshake. The question that needs to be answered first is what VPN protocol is being used?
PPTP? Check if you need to enable encryption (MPPE)
L2TP/IPSec? It's possible all of them are supported; you may also have to check whether it's PSK or RSA.
If it's RSA, you need to install the certificate for connecting.
SSTP? SSTP is only available on Windows.
You should also be aware that MSCHAPV2 on PPTP is considered broken (cryptographically unsafe). And SSTP is not supported on Android. I'm assuming SSTP is an option and OpenVPN isn't because the company is using MS VPN.
To answer your questions:
1. If the server enabled PPTP or (L2TP/)IPSec, Android 2.x+ should be able to connect, as long as the vendor didn't strip out the built-in VPN in stock Android.
2. Any 3rd party VPN client should support these two widely used protocols.
3. Google's android repository on Google Code should be consulted if there are issues with the VPN client: https://code.google.com/p/android/issues/advsearch
I don't have much idea about VPN in Android, but there are a couple of solutions you can try:
Install StrongSwan VPN client - https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_GB - but dunno if it would work or if it requires a server software. Best guess is to try it.
Install a custom ROM (CyanogenMod/AOKP/Pacman/Paranoid/etc) and then try. Usually, custom ROMs include such functionality that isn't present in the (crappy) stock ROMs.
Good luck :P