I am developing an app with requirement that one app can be there in android system. No other app can be installed or remove google play store application as well. How can i achieve this?
As long as your device runs Lollipop or greater, you will want to set your app as a device owner. Note, this is different than device administrator. An app is granted device owner permissions only during device provisioning at the welcome screen of the Google Setup Wizard. The device owner is restricted when it can be set because of the control it has. Only one app can be the device owner.
A kiosk solution will set a device up with an app as the device owner. It will suspend all packages that shouldn't be available using setPackagesSuspended.
Some additional links you may find helpful (all require device owner for a COSU/kiosk-mode solution):
setApplicationHidden
addUserRestriction
DISALLOW_INSTALL_APPS
Look into the TestDPC app. Google provides source code to it and it will have most, if not everything of what you need.
https://developers.google.com/android/work/build-dpc
https://github.com/googlesamples/android-testdpc
Other solutions I've seen (mostly on pre-Lollipop releases) are to use a custom launcher to hide non-approved apps. This custom launcher is sometimes referred to as a secure launcher, but hiding apps instead of suspending them as the device owner is much less effective. Secure launcher, IMO, is a misnomer.
Related
I'm trying to create an application that can disable or hide other applications. After going through some online resources i found out that i have to make my application the device owner to do so.
I would like to know, if i make my application the device owner, will that permission be removed when i uninstall the application?
You can't uninstall the device owner. You also can't become the device owner if you're a Play Store app. Device ownership really is only possible if its a device you physically own and can set up.
We have our own rooted hardware device with android OS 7.0
We are building an app for that device. We have to restrict the users to performing some of the actions who will purchase that device. Here are the list of actions We want user to be restricted to perform on the device through the app.
Stop installing/uninstalling any other apps from OS.
On/off wifi
Pair Bluetooth
Change wallpaper
Basic idea behind is to make an app which will be the system app and will restrict user from the things mentioned above.
Is this possible to make such app? Looking for help in any of the above tasks. Thanks
Shor answer: NO.
Here is why;
The Android operation System is based on permissions, and no app can restrict that actions even with the users' permission. The reason for this is because of the Android App Layer that provides all the capabilities you described above.
The only way you can do such thing is to Customize the ROM of the CellPhone. In this case, you can override the functions that allow the user to use such services.
Is there any difference in the privileges of an Android DPC application and a system application? Will a system application be able to perform all the functions that a DPC can perform such as setting the device to Single Use Mode?
Well, there is no-such difference in privileges as far as the Android system is concerned.
If you look at the Android Platform Architecture, you will find that the even a normal user app have the same access to all the system resources as a system app.
Apps included with the platform have no special status among the apps the user chooses to install. So a third-party app can become the user's default web browser, SMS messenger, or even the default keyboard (some exceptions apply, such as the system's Settings app).
You can read about more differences in system and user app here.
Also, another interesting point to note is that on a production device there are only 3-processes that run as root, the Zygote, the app_process and the adbd (though it doesn't allow root access directly using adb). That means, all other apps run under their own user_id with different permissions and since Android doesn't differentiate between apps, two apps having same permissions are allowed same privileges and access to resources, regardless of the fact whether it is a system app or a user app.
Now, to answer your question, if a system app has the same privileges as the DPC app, then yes the app would be able to perform the given task (like setting the device to Single Use Mode) same as the DPC without any problem.
As a side note, if you are planning to create a DPC for you organisation, using the DPC SUpport Library is better than creating and shipping a system app.
P.S. To change a System setting your app would need the WRITE_SETTINGS permission.
I've just found an app that allows to disable Samsung apps without root, and in the background:
https://play.google.com/store/apps/details?id=com.hecorat.packagedisabler
And also this free one:
https://play.google.com/store/apps/details?id=com.ospolice.packagedisabler
How could this be? It doesn't even show a system-type alertDialog to ask the user if it's ok to disable the app. Did they find a flaw that allows doing so?
Is it only for Some Samsung apps? What about other apps and other companies? Is is possible there too?
Could the same mechanism be used for other operations? Like enabling apps?
I currently don't have a Samsung device, so I can't even check this app.
You can hide or unhide the apps provided you make your app as device owner with the api setApplicationHidden of DevicePolicyManager
Your app needs to be the device owner of the device. In order to become a device owner, you either need to do an NFC configuration or adb command shell. You can find a very well written blog by Florent here.
However, there is a new method of getting your application to become a device owner starting with Android Marshmallow. With a lot of limitations though. You have to be an EMM provider and your client has to have a google business or edu licensing for this to work.
There is no application on the google play store that allows your app to become device admin. As a device owner you have a lot of things you can control on the device and hence, I believe Google may not want to provide this kind of control without proper safeguards.
With regards to Samsung Devices, they provide their knox sdk as mentioned with other answers here which gives you access to certain APIs that are not allowed via stock Android.
I've an application with DevicePolicyManager configured, on Android 5.0.1.
I don't want to create a work profile and control it, but i want to control my own (default) profile and hide some applications.
When i try to use the setApplicationHidden API, i'm getting a security exception, saying i'm not the profile owner...
Is it possible somehow to be the owner of the default profile?
Thanks.
Android for Work has two modes: Profile Owner or Device Owner. If you don't want to create a Managed Profile (Profile Owner), you can use Device Owner.
The setApplicationHidden API only works in these two modes.
If you want to disable (hide) applications, look at PackageManager.setApplicationEnabledSetting API which can be used to disable applications. But you can only disable other applications than your own if you have the CHANGE_COMPONENT_ENABLED_STATE permission which requires platform signing or system rights. More info: android permission - CHANGE_COMPONENT_ENABLED_STATE .
Otherwise you will have to use proprietary APIs. I know for a fact that at least Sony and Samsung have such APIs (I work for Sony Mobile).