I like to have single android app in our managed devices, we want only that app to be used on the device with necessary restriction, such that,
Single use - Device will have only one app, user can't use other apps, like browsing, youtube or anything,
the initial setting like notification sound, GPS always on, notification and ring sound maximum level can't be modified.
user can not power off the device.
this setting can only be changed by our servers.
i think i have 2 option,
1) Using samsung knox sdk on samsung devices,
Here's MDM proving feature of Samsung Knox Standard!
2) General Android way, Set up Single-Purpose Devices, COSU solution
Android Developer's site.
Wanted to know your's view on this, may be if you guys have done any of the two or any other ways, i could use some of the guidelines or a path.
Thanks for reading, and please comment if i was unable to articulate the subject or it needs editing.
You can use Google's new Android Management API, it seems to suit your needs.
It is a new cloud API that allows to manage Android devices from a server, without having to build an on-device agent (a device policy controller).
I have broad experience of using Samsung Kiosk Mode from Knox Standard SDK which is free and Pro-Kiosk mode from Knox Customization SDK (which has more functions but is not free).
So I can tell you for sure that all 4 points that you have mentioned can be achieved by using Knox Standard SDK.
Singe Purpose: https://seap.samsung.com/api-references/android-standard/reference/android/app/enterprise/kioskmode/KioskMode.html
LocationPolicy (you can turn on GPS and restrict changing): https://seap.samsung.com/api-references/android-standard/reference/android/app/enterprise/LocationPolicy.html
Yes. It is possible but I forgot the exact implementation.
Yes, as well.
Only downside of using this SDK is:
You are tied to Samsung (which I personally okay with, since Samsung has such market penetration and you could get service almost anywhere in the world and in enterprise world it is critical)
About Android native functionality: never tried it
Update March 7, 2019: Now I am playing around Device Owner, we use it for Kiosk mode, works well and works on android Device with Nougat and earlier.
Related
My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".
The following criteria have to be met:
Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
The user should not be able to remove or disable the app
Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
Has to work with stock androids on regular consumer devices
In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.
Is such a project even possible with the current situation of Android?
No.
Has to work with stock androids on regular consumer devices
Mostly, this is your biggest hurdle to overcome.
What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".
If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:
Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/
Here is Samsungs effort at device control:
https://www.samsungknox.com/en
Here is Googles device management:
https://developers.google.com/android/management
You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.
The user should not be able to remove or disable the app
This is only possible if you have a system app.
Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).
maybe someone know , samsung have a powerfull core with name KNOX SDK.We have application which based on this sdk. And we are looking a way to do same application without knox sdk. But we stuck with simple function like kiosk mode. This mode not working if device owner is not setted for application (for me it's hard to understand) All what i found - it's this way :
This way is correct if im testing application myself. But when time is come and we will need to install this application on our 100-200 devices , then this way looks bad . Every device to do factory reset, and adb commands etc.
So question :
I'm sure there are should be a way to do this offically. But i can't find any info about this. Maybe some one know how to do this ? Please help. I'm sure i'm missed something somewhere. :)
You can get information about the ways to provision device here. They include:
QR code
Managed Google Play Accounts
Google Account
NFC
I've wrote an article where I've described provisioning with QR-code here. We've selected this way for our Kiosk application as the most optimal one, because:
zero touch enrolment works only on a small subset of devices;
NFC provisioning requires another device with special app;
Google Account requires having and managing this account.
On the other hand QR-code works almost on all Android 7.0+ devices ("almost" because some vendors disable this in their custom ROMs) and is easy to setup for end user.
But when you need to install it on multiple devices (and it's some internal app, so you do it yourself, rather than end user) Google Account can be more appropriate.
In production, you'll want to provision your dedicated devices from the factory reset state (on the initial blue screen) using NFC, a QR code, or if supported, zero touch enrollment. NFC can be used from another Android device using an app such as the NFC provisioning app. A dedicated NFC card can also be programmed using an app such as NFC Tools. Google provides provisioning instruction on their TestDPC github repo. EMMs will also provide instructions for their DPC app. Using Android Management is usually a better alternative to TestDPC for production deployments under a 1000 devices. Additonal provisioning options and increased API usage limits are available if you're part of the EMM Community.
I've developed a couple of Enterprise iOS apps for our users in the field. Some have expressed a preference for Android devices over Apple, and I fully understand. I do not have an Android phone, nor do I want to get one and have a second account to maintain. I'm wondering if I can use an inexpensive Android tablet to reliably test an application that will ultimately be running on an Android phone? The app will need to communicate via internet to a server via cell connection or wifi.
Also, any advice for an Android newbie developer would be appreciated.
Yes you could test on a Android tablet but it would be hard to see how it render on a phone.
You could also use the Android Emulator to test different size and android configuration.
Yes. I developed my first major Android app using only a couple of cheap tablet devices. It's fine; the only thing you can't really test is "what happens to my app when a phone call comes in." Plus if you can get the emulator working under HAXM, or some other similar setup where it doesn't work like a tortoise trapped in amber, you can test on a variety of simulated devices perfectly well.
Other things to consider:
You'll probably want to test your app on a variety of different hardware and Android versions, in particular I'd recommend testing on older devices. This means that you friends' old Android phones are a great source of cheap test devices. I regularly gather phones from friends that would otherwise just end up lingering in the back of a drawer as a "spare" that will never actually get used. Bear in mind that you can use all the features of a phone apart from the actual phone bit without a SIM, including a WiFi-based data connection.
You may find that you can find good, contract-free "pay as you go" phone SIMs. I use a provider whose "credits" don't expire, so I have a phone connection for my test devices where there's no ongoing cost, apart from the actual calls I make when testing.
My company makes a tablet Android app to control an industrial process. We had been using a Galaxy Tab 10.1, but as that's no longer available in the US we're evaluating the Galaxy Tab 2 10.1, running 4.03. We ship the tablet pre-installed with our app, and the app is carefully tested with the version of Android software running on the tablet.
As I was setting up one of the new tablets the setup wizard put up a message saying "You agree that your tablet may receive and install updates from Google" It wasn't asking me, it was telling me; there was no place to say "no" or disagree. Auto update is DISabled in settings.
How can I programmatically prevent a force-feed update to the tablet? Our users are connected to a local area net because the tablets are used to control other industrial products, but there is never any need to connect to the web beyond the factory walls, but we have no way to enforce that on our customers. The risk is that Google could force a change onto the tablet that might break our app.
Thanks in advance.
How can I programmatically prevent a force-feed update to the tablet?
Build your own firmware and use that rather than the stock firmware.
The risk is that Google could force a change onto the tablet that might break our app.
The risk of blocking the firmware updates is that Samsung (not Google) could deliver an update to the tablet that fixes flaws in the firmware that your customers would appreciate (e.g., better WiFi connectivity).
Please understand that the devices that you are using are consumer devices. Such devices are not intended for use "to control an industrial process". The expectation is that if you are using Android in such settings, that you would source your own device and have control over your firmware. Alas, there is not a whole lot of support for that at the moment, something I blogged about recently.
As long as you target your desired API, an update to the system should not break any functionality of your app. To answer your question, you cannot programatically disable automatic updates, it is a user function.
Check this link as well: Programatically enable/disable market auto-update
We want to place a device in a store that operates as sort of a kiosk device. As in customers walk up to it and start interacting with our custom app. The app could be developed for Android or the iPad, so I'm trying to decide which one to use and would like comments on the following ideas:
Is it possible for Android or iOS to access services over the USB port? This would enable us to disable the network.
Is one particularly better for 24 hour always on?
I like the iPad as I think its supply will be more constant as we move forward and need to replace devices due to ones gone bad. Also, our app will probably work on future generations of the iPad. With Android, I'm not sure there will be that sort of consistency from the tablet vendors.
Kiosk mode? I think with the iPad by putting it in a kiosk case that removes access to the home button and turning on the restrictions we'll get what we want. What about Android? I'd rather not have to get into rooting devices and replacing their firmware.
Remote control? Any way to remotely control iOS or Android in a standard means? Our app will be a client to a master server which will obviously be able to control the app somewhat (when used purely as a display device to a customer, controlled from behind the counter).
My feeling is that neither Android tablets or the iPad is best suited for this. Are there other options?
I will try to answer your points, but know that I am probably biased towards Android, because that is where my experience lies.
With Android 3.1+, at least with the Xoom, you have full USB host capabilities. Things like USB flash/hard drives, keyboards, mice, even digital cameras, all work. If you need custom interop with a USB device, you could go as far as to write a driver for it.
24 hour always on is not good for any device with a battery, but neither is better in this situation.
While android apps are forward-compatible, bad programming practices and/or deviations from "vanilla" Android software and hardware CAN break forward compatibility. That being said, if you grab a Google Experience device like the Xoom, you won't meet as many surprises.
In Android 3.0, the navigation bar is built-in at a low level, and it is not possible for apps to remove it. Therefore, it is trivial for anyone to break a "software nanny."
I know that it is possible to control android devices remotely, but without knowing your specific needs, I can't really offer more information than that.
Good luck!
iPad NOOO believe me I am a convert to Apple for my home and business but when we went to launch kiosk the iPad FAILED Big Time.. Here are a couple of little (Big) issues we ran into.
If the device reboots you cannot auto launch you iPad app since Apple does not allow that.
There is a serious memory leak in the iPads browser. We were running javascript / CSS3 and it cratered intermittently. I literally spent 2 hours "today" on the phone with Apple getting the MAJOR run around. I finally said let me speak to an Enterprise Sales Manager as my project could mean thousands of iPads and I got NO WHERE. One Apple employee even told me they don't have enterprise sales managers.
If those weren't enough even though we are just in the proof of concept phase, we are already getting request for other options. These other options are going to require access to the OS which Apple yea right. We are moving to Android immediately.
Sorry Apple I love you but you loose here.
If your using an Ipad you should consider if it can support the power for the USB thing. Watch this Using Powered USB Port
Your idea about putting the tablet behind another piece of glass/plastic is neat. To then deal with remote controlling, you might consider doing some Bluetooth programming.
My mobile development has been primarily with iOS, so I am biased toward that SDK. I will mention that the data/sync/charge port for iOS has (I believe) never changed. Your Gen 1 iPhone sync cord works on your iPhone 4... and your iPad or iPad 2. So, in terms of third party hardware, you may see more consistency with Apple.
I haven't found a good answer regarding whether it is easier to do Bluetooth programming for iOS or Android, but I think to stay cost-effective, you might see which one is more open to third-party devices. Here is an SO post/answer about iOS and third-party Bluetooth devices; I've not found anything on Android regarding third-party Bluetooth remotes, but considering a lot of hardware running Android is third-party, your chances from a naive perspective seem pretty good. Here's the Android Bluetooth API.
Buying an iOS or Android handheld to remote control an iOS or Android tablet does seem a bit steep, but then again, maybe not. Cost also depends on your ratio of remotes to tablets. 1:1? 1:N? N:1? N:M?
The lowest end iPod goes for $229 as of May 20, 2011. Android does have more variety in terms of hardware. You may be able to get a cheap Android phone with no service plan to act as a Bluetooth remote for an Android tab.
I have provided a solution for the kiosk mode using iPad here Lock-down iPhone/iPod/iPad so it can only run one app
I am afraid that I don't really know for Android if the same thing is possible.
To address the issue of crashing applications you can use an exception trampoline (see discussion here https://blog.compeople.eu/apps/?p=275) to catch the crash and reboot your app.
If the entire device is restarted however then other apps that are on the device can be started and will subsequently be locked in.
To answer your other points:
You can use a configuration profile to control network access. Force it to use a VPN or Proxy that only allows your custom app with embedded credentials to use. That way other network access can be prevented.
Your concern over future compatibility is spot on. The Android marketplace is so fragmented then maintaining a fleet is difficult.
If you have an app that is behaving as a server and is locked in then remote control is possible.
We manufacture tablet kiosks that support both android and iPad devices. In fact we are the only iPad kiosk that has achieved apple approval.
Generally speaking i think you will have an easier time with an iPad as the software and hardware will remain more consistent over time. Which is important if you have to change out a fault unit or deploy more kiosks 6 months or year from now when the original device is no longer manufactured.