Since the process of applying for EMM integration takes an unjustifiably big amount of time and the whole process is described as "incredibly painful" by those lucky ones that went through it, I want to know whether is it absolutely needed to become an EMM in order to have a working Device Policy Controller app (DPC).
If you faced this problem, please share the experience.
I am developing for COSU devices and want to go into a kiosk mode. I am aware of existence of ways of how to do it, but they all implement a bunch of workarounds - this is not an option - I want a controllable, safe and robust way of doing this. I don't care about not having the ability for remote managing also.
You can use Google's new Android Management API to manage Android devices without building a DPC or registering as an EMM.
You just want to write an app that uses Device Policy Owner? That's fairly simple, assuming you own the devices. Just install your app, adb shell in, and run the dpm command to set your app as owner. If you're buying in bulk from a manufacturer you can get them to do it for you in the custom image you install (although you may need to explain what you want, it isn't a common usecase).
Of course everything has its limits. This will work, unless the user manages to do a factory reset. Which you can prevent via the UI, but can generally be reached from recovery modes or from unlocking the bootloader. So its safe from casual intrusion, but if someone really wants to get at your device and they have physical access and time, they can.
It is definitely possible to write your own DPC without registering with the EMM community.
The most convenient option for provisioning the devices is via NFC. for example using a second device, as it is quite simple to write a provisioning application.
See Implementing Kiosk Mode in Android (part 3 and 4)
for a good example.
I had a few problems with some Android 5 devices, but since 6.0 it works quite well.
Related
My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".
The following criteria have to be met:
Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
The user should not be able to remove or disable the app
Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
Has to work with stock androids on regular consumer devices
In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.
Is such a project even possible with the current situation of Android?
No.
Has to work with stock androids on regular consumer devices
Mostly, this is your biggest hurdle to overcome.
What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".
If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:
Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/
Here is Samsungs effort at device control:
https://www.samsungknox.com/en
Here is Googles device management:
https://developers.google.com/android/management
You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.
The user should not be able to remove or disable the app
This is only possible if you have a system app.
Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).
maybe someone know , samsung have a powerfull core with name KNOX SDK.We have application which based on this sdk. And we are looking a way to do same application without knox sdk. But we stuck with simple function like kiosk mode. This mode not working if device owner is not setted for application (for me it's hard to understand) All what i found - it's this way :
This way is correct if im testing application myself. But when time is come and we will need to install this application on our 100-200 devices , then this way looks bad . Every device to do factory reset, and adb commands etc.
So question :
I'm sure there are should be a way to do this offically. But i can't find any info about this. Maybe some one know how to do this ? Please help. I'm sure i'm missed something somewhere. :)
You can get information about the ways to provision device here. They include:
QR code
Managed Google Play Accounts
Google Account
NFC
I've wrote an article where I've described provisioning with QR-code here. We've selected this way for our Kiosk application as the most optimal one, because:
zero touch enrolment works only on a small subset of devices;
NFC provisioning requires another device with special app;
Google Account requires having and managing this account.
On the other hand QR-code works almost on all Android 7.0+ devices ("almost" because some vendors disable this in their custom ROMs) and is easy to setup for end user.
But when you need to install it on multiple devices (and it's some internal app, so you do it yourself, rather than end user) Google Account can be more appropriate.
In production, you'll want to provision your dedicated devices from the factory reset state (on the initial blue screen) using NFC, a QR code, or if supported, zero touch enrollment. NFC can be used from another Android device using an app such as the NFC provisioning app. A dedicated NFC card can also be programmed using an app such as NFC Tools. Google provides provisioning instruction on their TestDPC github repo. EMMs will also provide instructions for their DPC app. Using Android Management is usually a better alternative to TestDPC for production deployments under a 1000 devices. Additonal provisioning options and increased API usage limits are available if you're part of the EMM Community.
Is there any possibility to make unity3d application use new possibilities in Android 5.0 device owner app?
http://developer.android.com/about/versions/android-5.0.html#DeviceOwner
I'm trying to make app in unity3d that will work in "kiosk mode".
I know nothing about Unit3d but if it is a regular apk you probably can make use of DeviceOwner features. Though, enabling DeviceOwner is not a task for regular user on regular apps.
First, it requires the device to not have being provisioned - most common scenarios there is no account setup in the device. The process can be done either through a second device using NFC and a provisioning app or via adb shell dpm set-device-owner app.package/.DeviceAdminReceiver... not trivial, neither can be done by regular end users. May be what you want is just full screen mode? That can be done in the manifest... Kiosk mode will actually pin your app in the device.
If you are willing for setting up an actual kiosk to demo your app or something similar, it is indeed a good direction to go.
I am currently working on a research project which involves people playing games on an Android device. I am hoping to be able to write an android app that records the accelerometer and touch events. I would like my users to be able to play games such as angry birds, whilst I record their touching data.
I understand that this type of data collection is possible from inside the app, but is it possible from outside the app? (perhaps via an app running in the background?)
If this is not possible, are there alternatives? (I believe I could theoretically go into the android OS source code and make this happen?)
I understand that this type of data collection is possible from inside the app, but is it possible from outside the app? (perhaps via an app running in the background?)
For touch events, no, for obvious privacy and security reasons. It used to be possible (research the term "tapjacking"), but current versions of Android finally blocked this behavior.
For accelerometer events, you can record those, because they are the same for all apps simultaneously. Bear in mind that your sampling rate may not exactly match that of the app being used.
I believe I could theoretically go into the android OS source code and make this happen?
Yes, though you would then need to turn that modified Android into a ROM mod and install it on devices.
Apps are not allowed to do this on a secured device (ie, consumer phone/tablet that has not been 'rooted').
However, depending on your needs it may be possible with the development tools connected to a computer. If you can do some moderately annoying setup before each controlled-circumstances trial, I believe you can do it on some stock devices by using the USB cable to switch ADB into wifi mode, then monitoring input events over a wireless ADB session. See
http://source.android.com/tech/input/getevent.html
That document seems to imply that 'su' is needed (which is odd as the official 'su' isn't usable by non-root users), however it works without on many stock devices.
You'd probably also want to be running logcat to figure out what application is in the foreground.
There are many applications in google play that take snapshot, they work without device root.
Am new to Android development, so I dont know much of what can be done and what can not be and how it's done.
Following is the link on which you can find the list of applications working without device root :-
http://www.androidzoom.com/android_applications/screen+capture+no+root
If you read the descriptions of those products, you will see phrases like "Rooting will be required depending on model". That is because you are not supposed to be able to take screenshots programmatically, though rooted device users may be able to pull this off, at least for some devices.
Another technique, that at least one such app uses, is to involve a developer computer in the process, using the mechanisms in Android used by DDMS and such for taking screenshots. In reality, it is the computer, not the device, taking the screenshots.
For the devices that such apps work on without requiring root and without requiring a developer computer, the authors of those apps are exploiting security holes in individual devices, just like a malware author would.
Check this library.
Their page seems to suggest it can take screenshot without root.
Android Screenshot Library (ASL) enables to programmatically capture
screenshots from Android devices without requirement of having root
access privileges. Instead, ASL utilizes a native service running in
the background, started via the Android Debug Bridge (ADB) once per
device boot.
Edit:
there are quite a lot of posts SO regarding this
Programmatic screencapture on mobile device
Screen Capture in android