We've been working on a few applications in the past few months that are going to be used at work, (small company, apps are not going to be published to the app store). Our employees receive a phone that should only be used in a working environment, and we would like to prevent the user from taking pictures with the device and apps like facebook. This can be done by the Android's Device Admin API, so we will create an additional application to enforce the rule to block the camera from being used. But one of our applications has a feature to take a picture (from documents) and upload them to a server. And with the camera being disabled it's a problem.
My Question: Is it possible to allow certain applications to bypass the camera block? I've done some research but can not seem to find a callback for this feature.
My idea was the following: create a Device Admin application which contains the application id's from our applications (since we made them we know them) So if the Device Admin app receives a broadcast that app XX wants to access the camera and app XX is inside an array of allowed app id's, the device admin app returns a true state (allowing the app to access the camera) and apps that are not in the array will be blocked.
Is this possible and has someone done this before ? It would be nice if someone pointed us in the right direction :). Also i'm sure we are not the only one looking for an answer to this question. So we hope that this post will help people in the future struggling with this problem.
Related
I am creating an iOS and Android App and I want to create a screen where the player can start with a guest account or can connect his account with our own accountsystem.
But my question is: Can I detect a user after the app was uninstalled and installed again?
I know that there is something like the vendor. But this will change.
I know that other apps also can do this.
With the user's permission- have them log into an account. Or provide you with their google of facebook account info. So far as hardware ids, those are discouraged and actively being removed to prevent people from the API to prevent this.
Also remember- that unless the user logs in with an account, you don't really know whether it is the same person. You could know its the same phone, but you don't know if he gave it to his kid sister to play on. Or sold it when he got a new one, and now you've given the new owner access to someone else's account. Also, if you rely on hardware ids you won't know its me when I buy a new phone and download it on that.
So yeah- either have him log in with a username and password, or use a 3rd party signon mechanism like Google or Facebook.
For iOS, there is a recommended approach to do that: by using the DeviceCheck framework. The idea here is that it allows you to persist 2 bits of data across app installations on each device. You can set the first bit to 1 if the user has already installed the app or 0 otherwise. And use the second bit, for example, to check if the user has signed in or not.
The official documentation is pretty good, please check it out.
The downside of this approach is that you will also have to do some work on the backend side.
UPDATE:
If you specifically want to detect the account, there is no reliable approach. One of the options is to use identifierForVendor or generate some kind of device fingerprint (for example, by combining the device model, timezone, locale, etc.), but of course, this will not work every time.
Uniquely identifying a device is a security leak, and all platforms are putting serious restrictions on unique persistent identifiers because of privacy concerns.
I am currently working on a web app dashboard interface, the interface is basically a QA debugging tool, that will allow it's users to run playtest sessions. On my understanding terms, the dashboard connects/registers a game through an SDK key. the SDK key origins are generated in the web app and are used on a panel on Unity that our devs created and it successfully links a game to the web app interface.
I want to include a feature which will enable a user to connect their smartphone or tablet to their user profile in the web app...
Q. How do you connect a device,(a mobile device or a tablet) to the Web app, how do I get a user to register its device on their user profile and which informations should I provide and/or ask a user in order to do so?
notes:
1- I am not a developer, I am a UX Designer, I remembered this website which helped me in the past with some front-end questions and the devs at work are currently unavailable to answer to my endless questions. so I am doing this of my own volition.
2- On my understanding terms, I know that a device is linked via its device ID, which changes from app to app.
3 - if my question is not eligible for this site, please at least refer me to a better source. thank you in advance!
Thank you all !
It sounds like you want a tool to connect to this SDK (is this the Unity SDK?) and create fake game session data.
If that's the case, you'd use the SDK just like the actual game would. The only difference is that you don't want your QA tool getting its own id, but use the id of the game apk on the device? If this is indeed what you need to do the following methods should help:
Method 1: You're sharing various bits and pieces of data between the game and the QA tool
Set up a special permission in the actual game with the protectionLevel = signature (e.g. com.somegame.android.permission.PRIVATE_ACCESS). This documentation page on permissions should be useful
Have a BroadcastReceiver, ContentProvider, or Service in the main game that requires the above permission (Exactly which one you'd use depends on how much data you're sharing).
The QA tool declares a uses-permission element in it's manifest with the permission stated above
Sign both the QA Tool and the Game APK with the same keys
The QA tool and the actual game can now communicate with each other through the means you've provided above
The advantage this method has over the next is that even if you haven't run the game before, the QA tool can trigger the registration process in the game and get the id, without requiring you to actually ever run the game.
Method 2: All you need is the ID
Specify the same sharedUserId in both the actual game and the QA tool's manifest (see here for documentation)
Once the game acquires its id, it writes it to its SharedPreferences (preferrably a named preference file as opposed to the default)
The QA tool can now read the preference file (be sure to use the same name) and obtain the ID. The drawback here is that the game must have run before and saved its id in order for the QA tool to access it.
Method 3: If your game runs in a webview
Use a Javascript interface to obtain the info from the webview
Method 4: If your game runs on the web
Directly use the game APIs to access the id. Retrofit would be a great tool in implementing your API calls.
The wording in your question makes it rather difficult to exactly understand what your goal is. I suggest you consult with your dev to come up with a better problem description.
Best of luck.
We have android app as an Enterprise App which disables the camera of the Device. This functionality breaks when user switch to Guest user or similar functionality. Having app as Device Administer is not enough, We have found one solution to it i.e making app Device owner with nfc-Provisioning and similar approach but this requires the device to be in factory reset mode. So is there any other approach than this which will help us to disable camera across all profiles without factory resetting of the app. I believe this is not an idle approach as per users point of view.
Here is the guide for android Mobile as Administrator here you can disable the camera programmatic ally. You can refer to this link
https://developer.android.com/guide/topics/admin/device-admin.html
You can't and, while it restrains developers, it is actually a good thing for user's security.
Among other things, a Device Admin app cannot
prevent the user from revoking the Device Admin rights,
enforce policies across users,
prevent the creation of new users.
It is relatively easy to lure Android users into giving Device Admin rights and many malwares have already tried to exploit this vulnerability through clickjacking or other means. So it is a good thing for users that Device Admin gives limited management capabilities and can be revoked.
In comparison Device Owner gives full management capabilities but requires factory reset which ensures there is a clear intent from the user.
The idea is that we want to process these images, videos, audio recordings for security requirements at a server BEFORE releasing them back to the user
I seriously doubt that this can be achieved via any legal way.
You want to collect all user data which are not even created using your app.
If a user grants the permission to your app then "Yes".
Your app can have the permissions accordingly which the user needs to agree before installing the app.
Your app now has access to images/video/sounds from user machine and you can sync it back to your server.
I personally will not install any such app.
On Android, no, you cannot do this. Through device admin APIs, you can enact policies that block the camera from use (I don't recall an equivalent option for the microphone). But given that the camera and microphone are available to apps, you have no way of intercepting them, processing them, and somehow seamlessly getting that data back to the apps that had requested the microphone and camera. Similarly, you have no guaranteed way of getting at "recordings", for the simple reason that these apps do not have to create files at all, let alone ones that you have access to.
You are welcome to create a custom ROM that contains this ..."feature"... and try to convince users to replace their Android installation with your ROM.
Any tips on how to implement a trialware model for Android apps? I plan to release my app as a free app that expires after 30 days unless the user buys the license via an in-app purchase.
I can use the Android Market API to tell if they bought the license, so my main question is how to prevent the user from un-installing and re-installing my app every 30 days? Can I save something to their phone in a permanent and reliable way that will remain on the phone even if they uninstall? I know nothing will stop a determined hacker, I just want to stop the average user.
I am also open to different approaches to going trialware on Android.
Thanks in advance,
Barry
Have you read the documentation on Application Licensing? Specifically, have a look at Implementing a Policy
I also have found this resource very helpful in determining the best way to get a unique ID for any one device. Android - Identifying App Installations -- They discuss pros/cons to the different approaches -- Straight from the developer's mouths!
I would avoid leaving unwanted remains of the application on their phone.
Instead, you can take some unique identifier of the device, and send it to your server, if this ID was not registered before, send it activation code, if it was, don't send it.
Store this activation code in some shared preferences etc. and when the application starts, check if the activation code is there and if it is valid.
They don't even have to uninstall, just clean app data. You can save something to an obscure location on the SD card, but that's also fairly easy to circumvent, even easier if they read this forum :) Your best bet is to have the app call home to your server and check if licensed periodically. That of course comes with it's own problems: do you allow it to run if network connection is never available, etc.