I have the following problem.
I'm trying to make an app that locks the screen. The method via DevicePolicyManager works very well. So far so good. But when I lock my phone with DPM the fingerprint unlocking method is disabling and I have to enter my pattern (or PIN or whatever I set) to unlock the phone. If I lock it the normal way (ie with power button) the fingerprint unlocking works.
So my question is
How to lock the screen programmatically and be able to unlock it afterwards via fingerprint?
PS: I have an galaxy s5 mini with marshmallow lineage os
That is the normal flow. It takes the device to restarted state where the device will ask for a pattern or password. Google have not provided any api for this. You can check any app in PlayStore which has locking feature will behave like this.
Edited:
For the below queries you have asked response is shared here
How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?
There's intentionally no API for apps to call to lock the device.
Is there a security reason/concern around this?
Yes, there's a DOS (denial of service) concern if we allow apps to lock the device. Either intentional or accidental (app bug).
Found it here[https://code.google.com/p/android/issues/detail?id=79735#c115]
I think you need to search for how to lock with app shortcut and not with power button. Atleast I could help to this level.
Notice how the apex launcher or nova launcher got it way around. screen lock through apex launcher or nova launcher doesn't disable fingerprint scanner!
What it actually does is that it sets the screen to complete black i.e. soft lock (which gives user a false impression of screen off) and then after 5-10 seconds the display actually goes off due to time-out.
other app which implemented the same functionality OFF+ (Screen Off / Fingerprint unlock support).(I guess it modifys "lock screen timeout")
If the phone is rooted then a shell command can be executed to simulate the power key su input keyevent 26 but there might be a fraction of delay.
well, if some root user is looking, there's also a xposed module which solves this issue FingerprintEnabler
I would like to add some points to the JerryGoyal's excellent answer.
Below is the screenshot from Microsoft Launcher which shows the two ways to lock the screen. It clearly states that the method via Device Policy Manager will not work with fingerprint.
A work around is done by showing a black screen until the screen times out.
In the next screen it asks for permission to Modify system settings to alter the screen timeout period.
From https://issuetracker.google.com/issues/37010802#comment148 (posted Aug 9, 2018 08:26AM):
Android 9 finally added a solution for this (or a workaround, it
depends on how you look at it). A new AccessibilityService global
action was added for locking the device [1], [2]. Nova Launcher
already has a screen lock method using this service action in the
latest beta, and it allows for locking the device and keeping
fingerprint unlock and SmartLock working.
What sucks, though, is that users of your app have to enable the
accessibility service for your app. And having any accessibility
service enabled breaks Snackbar animation [3] (it no longer slides on
the screen, it just appears there without any animation).
[1] https://developer.android.com/about/versions/pie/android-9.0#a11y-convenience-actions
[2] https://developer.android.com/reference/android/accessibilityservice/AccessibilityService#GLOBAL_ACTION_LOCK_SCREEN
[3] https://issuetracker.google.com/issues/37092972
Related
I am trying to make my feedback app to support fully kiosk, I have tried a lot of solutions but Nothing is completely satisfying my need. Here are the things that I found yet.
1. Make my app as Device Admin/Owner App(Lock Task) -
If we follow this link/procedure https://developer.android.com/work/dpc/dedicated-devices/lock-task-mode, some limitations are there as follows -
a. We have to factory reset all the devices where Feedback app is installed, follow some steps to make it as admin app(launcher app).
b. Installation of the app will be possible using the command line, each installation will take some line of code through cmd, which means for installing a person has to go there with the computer and connect the device with USB and then install the app using commands.
c. Update on an app will also follow the same procedure (Couldn't be performed using google play store)
d. In this case, end-user will never be able to exit from our app, restart the device would also launch the same feedback app every single time.
2. Programmatically screen pinning + programmatically volume and power button controlling. (https://github.com/mrugacz95/kiosk)
a. In this, we will make the app in screen pinning mode where all the three bottom buttons(Overview, home, recent) will be hidden/disabled. and same with the power key and volume keys.
b. So As soon user clicks on kiosk mode, a screen pinning system generated prompt would be shown to user But the biggest disadvantage of it is that app would be unpinned/unlocked as soon as the user presses overview+recent buttons together.
3. The third Case is, where all the keys are controlled including power+voulme+back+overview etc.
Only pressing home will make the app to go on the background and within seconds it will again come foreground.
So all I found up until now, is not very satisfiable.
One more Question-
Is this something to be fully controlled by MDM(Mobile Device Management)?
Any help is appreciated.
1. Make my app as Device Admin/Owner App
a. A device owner can only be installed on a newly initialized device (before an account is added). I believe this is by design : A device owner can completely lock the device down, you don't want a malicious app to be able to seize the phone of an unsuspecting user after a few "I agree" popups.
b. You don't need to install it using adb. The simplest provisioning method is via NFC : While the device shows the very first screen of the setup wizard, touch it with a tag (or another device) containing the provisioning configuration, most importantly an URL where the apk can be downloaded and a WiFi config.
Another method is via QR code (Android 7+) : tap 6 times the first setup screen. It is a bit less convenient than NFC because you usually have to provision the WiFi manually.
c. A device owner can be updated like any other app. As it can itself install or update applications without asking the user, you can implement a fully automatized self update mechanism : check for update / download / update.
2. Lock task / screen pinning
Any application can programatically enter lock task mode. How it happens depends on whether the application is white listed by a device owner app (possibly itself) :
If not, the user is prompted and must accept, they can also exit at any time. This is basically the same thing as screen pinning.
If yes, there is no popup : the user can not decline to enter, nor exit, the lock task mode.
Additionally a kiosk application can act as a launcher. A device owner (again, possibly itself) can set it without user intervention
Is this something to be fully controlled by MDM(Mobile Device Management)?
While device owner apps are usually DPC connected to a MDM console of some sort, this is not a technical requirement. How you control it is completely up to you. (I hope I understood correctly the question)
Overall, I think that the only reliable way a device can be locked in kiosk mode is to use a device owner app (separately or included in the kiosk application). The setup via NFC or QR code is actually faster than a normal device setup. It can also protect against safe mode reboot or factory reset. The only real constraint is that you can not deploy this kind of application on existing devices without wiping them first.
Make my app as Device Admin/Owner App(Lock Task) -
a. If you are making it an 'admin app' this means you have signed the device image correct? Therefore you control the full flashing of the device - you can do anything in this scenario.
b. You can actually also do ADB over WiFi after you set it up the first time
c. You can update your apps from the playstore - even launcher applications
d. This fact is the whole point of Kiosk mode. Users should not ever be able to exit the application. Only you can exit, either with a remote command or with a invisible touch combination (for example touching each of the corners of the screen in sequence twice, or other 'secret unlock code')
Programmatically screen pinning + programmatically volume and power button controlling. (https://github.com/mrugacz95/kiosk)
b. This is the opposite of 1d, it is not clear what you want if you want neither.
The third Case is, where all the keys are controlled including power+voulme+back+overview etc.
This is also the opposite of 1d, it is not clear what you want if you want neither.
We need a few more details on your deployment scenario for this app to help you out further.
I'm currently developing a lock screen application. I have used Next lock screen and realised that it can bypass the system lock screen if fingerprint is enabled. I have done several reseach to find out the way. Unfortunately, I could not do that. But I have some conclusions based on my research:
Next lock screen can ONLY bypass the system lock screen if at least 1 fingerprint is set.
Next lock screen can ONLY bypass the system lock screen PROPERLY on android 7.1.1 and below. It CANNOT do that on android 8.0. If you have a chance, please use it and you can understand what I am trying to say here.
There are differences between android 7.0 and 8.0.
On Android 7.0, when an activity shows up ON TOP OF the system lock screen, the keyguard behind stops reading fingerprint. Somehow, Next lock screen enables the keyguard to continue reading the fingerprint but I don't know. I'm trying to do this.
On Android 8.0, with the same case, the keyguard behind CAN STILL READ the fingerprint. Therefore, if the fingerprint is correct, the phone is unlocked and I can catch the event of "USER_PRESENT" to dismiss my lock screen. However, Next lock screen fails to function properly.
And now, my question is how I can make the keyguard to continue reading the fingerprint while my custom lock activity is showing on top?
This is what I want: My custom lock screen will show up on top of the system lock screen. The system lock screen can have any type of security methods (password or pattern). If and only if the user enables fingerprint unlock in the system, they can use fingerprint on my custom lock screen to unlock the device (the system lock screen is unlocked at the same time my lock screen disappears)
Thank you very much.
They do not run Activity as their lockscreen but they just draw their view into WindowManager and somehow listens for lockscreen unlock and then they hides their UI. Check this - Android Lockscreen with FingerPrint support
Background
Smart Lock feature allows to fully unlock the device under certain conditions, such as GPS location, connected Bluetooth, etc...
The problem
I'd like to make an app that does that, with other special conditions.
Given user's approval, is it possible to completely unlock the lock screen, even if it has a password, so that the user will continue as if he unlocked the device by himself?
What I've found
I know it's probably possible using accessibility service, to mimic user actions of entering the code or drawing the pattern.
There is probably a way to temporarily disable the lock screen, by using keyguard API (written here for example), but as I've read, those are deprecated and might not work on some devices and Android versions. I guess it also requires to have a foreground service for it to continue staying on this state.
The questions
Is there a better way? Is there a way to unlock the device, just like Smart Lock feature?
If so, how?
Is it true the Keyguard API is not recommended? What is there to worry about when using it? Or maybe it's completely safe to use, and can be used to fully unlock?
I am working on an android app that should be used by students in some kind of practical test.
I am using the screen pinning that was introduced in Lollipop (startLockTask()), so when my app is launched the user needs to allow the locking.
I couldn't find a way to know when the user click ok for the locking and when he unlock the pinning? (The user can cancel the lock by holding both the Back and Recent buttons).
I am not looking for a way to know if the user currently in lock screen (getLockTaskModeState ()), i want to know if i have a way to handle the events of locking or unlocking.
I want that in the begining of the test i will be able to send information to my server if the users 'logged in' properly (by allowing the lock), and as well if the user unlock the device before the end of the test.
EDIT
Hey, people!
Please explain yourselves after downvoting!
If I wasn't exaplaining myself - i will try again if you will let me know.
I read a lot of questions and answers about general lock screen, but not the one of app pinning, I also read about check the status of the current task- if it is locked or not, but i didn't find answer to what i am asking - is there a way to handle the event of unlocking the 'screen pinning' of a specific app.
So please, explain your downvotes!
Device Admin Recevier class give you the event of pinning and unpinning... However the example use the class when the installed app is provisioned for device owner.. Not sure if you could use it. You may refer to this too : How to be notified when screen pinning is turned off in Android 5.0 Lollipop?
https://developer.android.com/reference/android/app/ActivityManager.html#getLockTaskModeState()
Just use the function as stated in the link.
I'm writing an anti theft app, and I want when sim card is changed a dialog opens on boot and tell the finder to bring back the phone. This activity must be unleavable, so he can't leave it unless the correct code is entered.
Other situation is when user send a lock SMS to the phone.
I know how a device admin can lock the phone, but lock don't tell the message and the password can't be entered. And lock may not have a password or pattern so the finder can pass it easily.
Maybe a combination of device lock and a full screen activity which disable the keyguard do the job?
In my research, without being installed at the OEM level, you can't make it 100% un-leavable, just really annoying.
In an app I wrote for businesses which use a kiosk, since we weren't at the OEM level, we just kept the menu bar hidden and set the app to be loaded whenever Home was hit. Keeping the menu bar hidden was a pain, but was achieved by making it invisible and then when re-triggered, making it go away after 1 second. It's still able to be exited by hitting the clock in that 1 second, though. :(