I am creating an Android app in which the user must enter a code to use an action (Eg. Pay, add card etc. ).
Instead of implementing my own custom code, is there a way for me to verify if the entered code is the same code to unlock the device and if yes then allow, if not then dont allow.
I was not able to find the solution for this.
is there a way for me to verify if the entered code is the same code to unlock the device
No. From a security standpoint, that would be horrible, as it would allow you to brute-force determine what the user's PIN or passphrase is. Also note that users do not necessarily use a PIN or passphrase to lock their device (e.g., use a fingerprint).
Related
I tried to use:
(new Instrumentation()).sendKeyDownUpSync(KeyEvent.KEYCODE_H);
but I want to use it on other applications so I would need the INJECT_EVENTS permission which is only for system-apps (or rooted devices).
So, is there any possibility to input text outside of my app without system-app permissions?
No. On purpose- they don't want you to be able to pretend to be the user to other apps for security reasons. (Also- the keyboard actually probably doesn't send key events- only hardware keyboards do. So even if it worked, you may not get the result you expect because an input connection isn't active and tied to an individual view). If you do find a way, expect google to patch it with the next release.
I am working on an android app that should be used by students in some kind of practical test.
I am using the screen pinning that was introduced in Lollipop (startLockTask()), so when my app is launched the user needs to allow the locking.
I couldn't find a way to know when the user click ok for the locking and when he unlock the pinning? (The user can cancel the lock by holding both the Back and Recent buttons).
I am not looking for a way to know if the user currently in lock screen (getLockTaskModeState ()), i want to know if i have a way to handle the events of locking or unlocking.
I want that in the begining of the test i will be able to send information to my server if the users 'logged in' properly (by allowing the lock), and as well if the user unlock the device before the end of the test.
EDIT
Hey, people!
Please explain yourselves after downvoting!
If I wasn't exaplaining myself - i will try again if you will let me know.
I read a lot of questions and answers about general lock screen, but not the one of app pinning, I also read about check the status of the current task- if it is locked or not, but i didn't find answer to what i am asking - is there a way to handle the event of unlocking the 'screen pinning' of a specific app.
So please, explain your downvotes!
Device Admin Recevier class give you the event of pinning and unpinning... However the example use the class when the installed app is provisioned for device owner.. Not sure if you could use it. You may refer to this too : How to be notified when screen pinning is turned off in Android 5.0 Lollipop?
https://developer.android.com/reference/android/app/ActivityManager.html#getLockTaskModeState()
Just use the function as stated in the link.
I'm making a security program and I'm using DeviceAdmin mechanism. I'va made a DeviceAdminReceiver, it works flawlessly.
I need to protect my software from deinstalling. On the first run user enters the password for uninstallation.
In onDisableRequested I'm using setPasswordQuality(), setPasswordMinimumLength() and finally lockNow(). The device is locking and asks for my password. It is fine. When the user enters matching password the device unlocks, user sees my warning like #it's not a good idea to disable bla-bla-bla" and disables my admin app.
But! The password that was set by my code isn't cleared and if the user used some pattern to lock his phone the phone is locked by my password for good!
The question is: how can I revert changes to locking scheme? (i.e. restore it to visual pattern if it needs)
Roman, based on your description, I am not sure which case you are trying to protect from.
It looks like you are trying to protect from :
a thief, who knows a device passcode (so you are trying to use another passcode)
This is quite strange case. I would rather ignore it, because it has a lot of other implication.
a thief, which stole unlocked phone and wants to uninstall your device admin
In this case, you don't need to reset a password. All you need to do is lockNow() to make sure
that he can't uninstall (because he doesn't know the password)
Is there a way to programmatically change the phones screen lock method? For example, changing it to display a pattern, a pin, swipe unlock or none at all.
For example, think of a widget that lets the user toggle between swipe to unlock and pattern lock.
Cyanogenmod has something like this in their profiles, using PROFILE_SERVICE but that does not seem to be in the public API.
Not exactly. Through DevicePolicyManager, you can specify some minimum quality characteristics for a password, and force the user to reset their password to meet those characteristics. However:
The user can always choose something stronger than what you require
This requires that the user configure your app as a device admin
This requires additional permissions
The user is always involved in the password-reset process
I am developing an application where I have to change the screen lock password on a button click,can anybody tell me how can I do this.
If you are talking about the unlock pass word set in the device settings by the user then the answer is you can't.
If an application could change the unlock password/pattern without user interaction then these security features would be mostly useless. A rogue application could in theory lock the user out of their own device if this were possible.
Edit: if your aim is not to change this value without interaction but just to send them to the correct settings page. You might be able to do that some how. You'd want to look into what intents you can use to start the Settings Activities. But if you are developing this application for use by the general public I would strongly recommend you rethink having try to do anything with the users security settings. As a user if an application prompted and then sent me to the security settings page with the intention of having me change something in there I would immediately uninstall it.
Edit 2: I've never seen it until just now so I don't know for sure what they used to achieve that. Since it states that must be android 2.2+ though I would assume they are using the Device Administration APIs The docs seem to indicate that it can "Prompt user to set a new password." Which I would think means that it is just going to start the settings activity for them. It is not actually changing the password value by itself. This whole API is subject to user activation also. So even if you get installed on a device the user must explicitly "activate" your app before it is able to make use of any of the admin APIs
I am sure the only way this is possible is if you signed your APK with the device key. This way it could access API's that are limited to system applications. This isn't possible for a normal app, only one that is baked into a custom ROM or device manufacturer ROM when building Android from source.
I do not exactly understand what you are trying to do. If you wish to change the lock screen password programmatically, and your'e application is A device administration than you can call:
resetPassword method of DevicePolicyManager like this for example:
m_policyManager.resetPassword("bla bla", DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);