I've just found an app that allows to disable Samsung apps without root, and in the background:
https://play.google.com/store/apps/details?id=com.hecorat.packagedisabler
And also this free one:
https://play.google.com/store/apps/details?id=com.ospolice.packagedisabler
How could this be? It doesn't even show a system-type alertDialog to ask the user if it's ok to disable the app. Did they find a flaw that allows doing so?
Is it only for Some Samsung apps? What about other apps and other companies? Is is possible there too?
Could the same mechanism be used for other operations? Like enabling apps?
I currently don't have a Samsung device, so I can't even check this app.
You can hide or unhide the apps provided you make your app as device owner with the api setApplicationHidden of DevicePolicyManager
Your app needs to be the device owner of the device. In order to become a device owner, you either need to do an NFC configuration or adb command shell. You can find a very well written blog by Florent here.
However, there is a new method of getting your application to become a device owner starting with Android Marshmallow. With a lot of limitations though. You have to be an EMM provider and your client has to have a google business or edu licensing for this to work.
There is no application on the google play store that allows your app to become device admin. As a device owner you have a lot of things you can control on the device and hence, I believe Google may not want to provide this kind of control without proper safeguards.
With regards to Samsung Devices, they provide their knox sdk as mentioned with other answers here which gives you access to certain APIs that are not allowed via stock Android.
Related
I'm looking to change notifications settings for a single application remotely.
I've got the device enrolled into a MDM.
Android device running 6.01.
I can remotely deploy / update apps etc...
However, I want to disable notifications for this. I can't seem to find a hands off approach to doing this.
I'd have to break out of the end user lock down application.
Go to settings
apps
find app
notifications
block
restart device.
Is there a way I can remotely make this change?
Thanks in advance.
you might have more luck asking your MDM provider but there is no way to achieve this from the platform. This is not a requirement I have heard before, typically enterprise devices are configured to block all notifications or allow all. If you do not plan on using the application in question you could likely disable the entire app remotely but being able to disable notifications for that specific app remotely is not currently possible.
The MDM provider said it was an OS behavior and needs to be suppressed from the OS. I got it sorted by disabling them the manual way.
We have our own rooted hardware device with android OS 7.0
We are building an app for that device. We have to restrict the users to performing some of the actions who will purchase that device. Here are the list of actions We want user to be restricted to perform on the device through the app.
Stop installing/uninstalling any other apps from OS.
On/off wifi
Pair Bluetooth
Change wallpaper
Basic idea behind is to make an app which will be the system app and will restrict user from the things mentioned above.
Is this possible to make such app? Looking for help in any of the above tasks. Thanks
Shor answer: NO.
Here is why;
The Android operation System is based on permissions, and no app can restrict that actions even with the users' permission. The reason for this is because of the Android App Layer that provides all the capabilities you described above.
The only way you can do such thing is to Customize the ROM of the CellPhone. In this case, you can override the functions that allow the user to use such services.
I am developing an app with requirement that one app can be there in android system. No other app can be installed or remove google play store application as well. How can i achieve this?
As long as your device runs Lollipop or greater, you will want to set your app as a device owner. Note, this is different than device administrator. An app is granted device owner permissions only during device provisioning at the welcome screen of the Google Setup Wizard. The device owner is restricted when it can be set because of the control it has. Only one app can be the device owner.
A kiosk solution will set a device up with an app as the device owner. It will suspend all packages that shouldn't be available using setPackagesSuspended.
Some additional links you may find helpful (all require device owner for a COSU/kiosk-mode solution):
setApplicationHidden
addUserRestriction
DISALLOW_INSTALL_APPS
Look into the TestDPC app. Google provides source code to it and it will have most, if not everything of what you need.
https://developers.google.com/android/work/build-dpc
https://github.com/googlesamples/android-testdpc
Other solutions I've seen (mostly on pre-Lollipop releases) are to use a custom launcher to hide non-approved apps. This custom launcher is sometimes referred to as a secure launcher, but hiding apps instead of suspending them as the device owner is much less effective. Secure launcher, IMO, is a misnomer.
I've an application with DevicePolicyManager configured, on Android 5.0.1.
I don't want to create a work profile and control it, but i want to control my own (default) profile and hide some applications.
When i try to use the setApplicationHidden API, i'm getting a security exception, saying i'm not the profile owner...
Is it possible somehow to be the owner of the default profile?
Thanks.
Android for Work has two modes: Profile Owner or Device Owner. If you don't want to create a Managed Profile (Profile Owner), you can use Device Owner.
The setApplicationHidden API only works in these two modes.
If you want to disable (hide) applications, look at PackageManager.setApplicationEnabledSetting API which can be used to disable applications. But you can only disable other applications than your own if you have the CHANGE_COMPONENT_ENABLED_STATE permission which requires platform signing or system rights. More info: android permission - CHANGE_COMPONENT_ENABLED_STATE .
Otherwise you will have to use proprietary APIs. I know for a fact that at least Sony and Samsung have such APIs (I work for Sony Mobile).
I have recently been reviewing Android's Device Administration API in order to find a way to protect a device from having certain apps forcefully stopped or uninstalled. I came across wipeData() as follows:
http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#wipeData(int)
What is the point of this if a user can simply wipe the data from the device's "Settings" menu? When I originally posted this question, I didn't realize that one effective use could be to remotely wipe a device. I get that, but what I'm specifically after is protecting certain features so that a user cannot access them outside of an app that has been granted policies that manager those features.
For example, on my particular device, I can choose System Settings->Backup & reset->Factory data reset and clear everything. A similar case can be made for many of the other options exposed by DevicePolicyManager.
When using the Device Administration API, is there a way to disable these built-in features so that only the app registered for the Device Administration API can perform them?
what I'm specifically after is protecting certain features so that a user cannot access them outside of an app that has been granted policies that manager those features
There is no meta device administration (i.e., the administration of device admins).
A similar case can be made for many of the other options exposed by DevicePolicyManager
The user has the ability to do nearly nothing offered by DevicePolicyManager.
For example, the user cannot block the camera from the lockscreen, nor can the user block app widgets from the lockscreen, which is why I had to write a utility to do that (as I didn't want to install a closed-source device admin from the Play Store).
Most of the methods on DevicePolicyManager revolve around password quality, and the user cannot set policies for his/her own passwords and have them be enforced.
And so on.
When using the Device Administration API, is there a way to disable these built-in features so that only the app registered for the Device Administration API can perform them?
By definition, only device admins can do device admin things. However, there is no way for one device admin to block another device admin. The only sort-of exception to this is in terms of the various password quality settings, where the strongest setting is applied.