I'm trying to put some pieces together regarding the Device Owner application.
With regards the the newly released EMM API, is there a way for the Device Owner application get system app permissions? I have noticed that the API allows remote package installation, but for this to work, the application needs to have INSTAL_PACKAGES permissions (reserved for system apps).
Also, is there any official documentation to the Android Hidden API, or is it all just code inspection and comments?
Device Owner does not have system app permissions.
On Marshmallow a Device Owner can call PackageInstaller and silently install apps.
The TestDPC basically shows all the features you can implement:
https://github.com/googlesamples/android-testdpc
For some more interesting info:
https://florent-dupont.blogspot.ca/2015/02/10-things-to-know-about-device-owner.html
Related
I need to setup a WiFi AP with WEP security on an Android Phone or Tablet and I set out to build an App for this purpose.
Disclaimer: I am well aware of WEP shortcomings but I still need this. My app is only intended for a handful of people and clearly not meant to be published on Google Play or any other store.
Before I can set it, I tried reading the current configuration using the following piece of code but it fails with the exception:
java.lang.SecurityException: App not allowed to read or update stored
WiFi Ap config
private fun getCurrentConfig(conf: WifiConfiguration) {
val mGetWifiConfig = wifiManager.javaClass.getDeclaredMethod("getWifiApConfiguration")
return mGetWifiConfig.invoke(wifiManager)
}
I have tried adding <uses-permission android:name="android.permission.OVERRIDE_WIFI_CONFIG" tools:ignore="ProtectedPermissions"/> to AndroidManifest.xml to no avail.
My current understanding is that the App needs to be either system or privileged to be eligible to the relevant permission but I have no clue how to achieve either.
I am using Android Studio Dolphin (2021.3.1) an currently targeting Api 28, although this it not a requirement and I am flexible here. I'd like my App to be easily installed on reasonably current devices but I'm willing to compromise here as well but I don't want to rely on finding specific vintage devices either.
android.permission.OVERRIDE_WIFI_CONFIG is a system-level permission, meaning that your app has to be signed by a platform key (you would have to create a custom ROM, and sign your app with the same key). Alternatively, you would need to have a rooted phone, and move your app to the system partition.
I need some help with my app that I build for Android TV.
I already make a COSU app for Android TV, but the problem is I need to use adb shell to make my app as device owner. Is there a way to make my app as device owner programmatically? Because I will install my app in +100 STB devices. I tried a method from SO answer, but it's not working.
I still can't figure it out how to update my app later if there is a new version of my app, because like it said in here, I can't use Android Management API on Android TV and also I think I can't use Google Play to update a COSU app. Is there a better approach to update my app?
Need help.
Thank you.
Since your app got device admin permissions, your app can update itself silently in background using PackageInstaller API. All you have to do is to just download the new apk when available and forward it to PackageInstaller which can update and install your new apk.
Here's a sample if you wanna look how to implement it: author's link is dead (after edit link - I think they are similar).
You can't make your app device owner programmatically unless the device is rooted. Here's a list of options by Google to make device owner remotely.
Provisioning google dev docs.
My question is specifically about one line in Android documentation here. https://developers.google.com/android/work/prov-devices#set_up_device_owner_mode_google_account . Particularly item #2 where it says
The DPC is automatically downloaded to the device and launched.
How?
Specifically, what is the trigger that launches the DPC after download while still in the context of the startup wizard? I'm asking because it isn't working for me.
I've got Corporate-Owned Single Use (COSU) application, but I'm getting tripped up on deployment -- specifically the part where the DPC app sets itself as the device-owner. So far, I've loaded the app in Google Play Store as a private application. G-Suite exists in the same domain and Google is registered as the EMM for the account. The COSU app is whitelisted and installs as part of the setup wizard... but it doesn't launch.
To the best of my understanding, it has to launch within the context of factory-reset so that I can reset the device owner to the downloaded app.
Is there a specific Activity or BroadcastIntent I should be looking for? I'm new to Android, so I've been pouring through the TestDPC code, Android docs, and SO posts, but this deployment thing is a pain.
As a secondary query. How would you debug this situation? Its all factory-reset and install by wire, I don't have the opportunity to turn on developer mode and watch logs through Android Studio as it happens. And pushing new builds to Google Play and resetting hardware to download and install has a very long cycle time.
Thanks in Advance
For your DPC to be downloaded and launched after an account is added you need to register as your own EMM along with your DPC, and enroll your G-Suite domain with this EMM.
It might be simpler for you to instead use Google's new Android Management API which doesn't require implementing a DPC or registering as an EMM.
I'm a new Android developer and trying to make a package manager app. I have listed all installed apps, and now I want to uninstall the particular app without user interaction. Is it possible with unrooted phones?
The PackageManager class contains a #hide method : deletePackage. BUT you can't use it because :
It's an hidden method, therefore the only way to call it in a normal App is to use reflection (it is not recommended because it may break in future version of the Android API)
Usage of this method requires the permission android.Manifest.permission#DELETE_PACKAGES and this permission can only be granted to apps signed with the system key. (i.e. even if you ask this permission in your manifest it won't be granted unless your app is signed with the system key)
So you can't do it in a simple/standard app. Your only solution (on a non-rooted phone) is to sign your app with the system key and to do so you need to negotiate with the manufacturer so that your app get signed with their system key.
I'm writing a system app for android devices that we supply to customers. We control the firmware and can add apps to the android image, including into the priv-app folder.
One of the requirements for our app is that it is able to reset our device's password. In order for a 'normal' app to do this, android requires that the app is set up as a device administrator.
Is there any way to pre-configure our app as a device administrator for our firmware, or an alternative way of setting a device password specifically for system apps?
A device admin application may set itself as admin using the hidden DevicePolicyManager.setActiveAdmin method. To do this, however, the application needs the android.Manifest.permission.MANAGE_DEVICE_ADMINS permission which requires platform signing.
System permissions by placing this application in /system/priv-app is not required - the permission is of type "signature".
I assume the platform signing is necessary since otherwise, the user must first accept the device admin setting policies.
Once admin, the application may set any policies including setting the password using DevicePolicyManager.resetPassword method.
Hope this helps.
/Marek Pola, Sony Mobile.