I need to write a kiosk launcher for a number of Android devices. It is supposed to launch Chrome or Firefox, showing a specific webpage in fullscreen. That page already calls the HTML5 requestFullScreen() API, but it doesn't work because that call is not coming from a user-generated event, and therefore gets declined by a browser for security reasons.
I did some searching and I found the following questions:
https://android.stackexchange.com/questions/88031/how-to-set-kiosk-mode-in-chrome
https://android.stackexchange.com/questions/115258/android-kiosk-mode
Both of these answers end up pointing to the existing apps or browsers, some of those are doing exactly what I'm trying to accomplish. This feels like an overkill, as I'm already using an app to get this thing going. And I can't use a special browser like suggested here because major browsers like Firefox or Chrome are more reliable in terms of updates and supported features.
But at the same time, the fact that these apps exist means that whatever I need to do is, well, doable. From Kiosk Browser Lockdown:
[Pro features]
Fullscreen mode / Hidden Toolbar
My question is this: what are the Android APIs they use to accomplish this? Is there anything I'm missing at this point? What are the documentation pages, guides or articles I should be looking for?
Thank you
I have similar problem with an commercial application running either in the linux system or windows OS. This application is made to run in a browser.
By the past, we opened a browser window, that we customised. and closing main window. :
* hiding menubar.
* hiding button bar.
* keeping close / lower window buttons
Fullscreen mode can not be used, since it hides window buttons.
Today, more and more browser based applications will arise (angularjs and similar applications coming...).
I found Atom Application can do this, using chromium .
Does this mean I have to embed a webbrowser with my application setup ???
And stick to some browser (eg. chromium) , altough my application is compatinble with many .
Do you 100% have to use Chrome or Firefox?
It is easier to do what you are saying by developing a kiosk app with a custom WebView that only shows the webpage you want to show. I could be wrong on this, but I believe WebViews on Android are technically Chrome (or something like it) on the back end, but either way, using one I doubt you would need to worry about updates. However, that is not what you asked... so I will describe a solution using Chrome or Firefox. My solution also means you need to have access to the devices you are loading your software on though, not a commercial app, because you need ADB.
It is completely possible to setup a Kiosk app in Android to only allow Chrome or Firefox to be used, and this is easily done if you set the application you load onto the device (to do whatever task you need) as the device owner. This is easy to do via ADB using a Command Prompt or Android Studio Terminal.
Just FYI...I am not positive setting up a 'true' Kiosk App is possible without device owner privileges, you cannot actually lock an app to the screen without it. In the case I describe, you get a true Kiosk implementation using a device owner, not a nifty work around that mimics that functionality like most of the apps you see in the market, however, I would also bet that those apps have some type of device admin privileges, which are less powerful than device owner, but still powerful.
The 'real' way I describe would be done via ADB (or the command line) with a similar snippet to the following command (I used this in a recent enterprise application that seems pretty similar to what you are describing):
adb shell dpm set-device-owner
com.viatechsystems.guestservices/android.app.admin.DeviceAdminReceiver
You would replace "com.viatechsystems.guestservices" with your Kiosk application's package name. You will get a confirmation message on the console once the device owner is set via ADB, but realize that this command could fail if a Device Owner is already set via some other method. To fix that issue, reset your device and try the command again and you should be good to go.
As far as locking your app (or in your case Chrome or Firefox, just find out what the package name is first) into Kiosk Mode after device owner has been set, you need to run this snippet, or something like it, in your application's main activity:
DevicePolicyManager DPM =
(DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName ownerName = new
ComponentName(WHATEVER_CLASS_YOU_USE_TO_DISABLE_APPS.this
DeviceAdminReceiver.class);
//this.getPackageName() GETS CURRENT PACKAGE
String[] packages = {
//THIS IS CURRENT APP
this.getPackageName()
//YOU NEED TO USE CHROME OR FIREFOX PACKAGE
//NAME HERE INSTEAD FOR WHAT YOU WANT
};
DPM.setLockTaskPackages(ownerName, packages);
startLockTask(); //LOCKS PACKAGES IN KIOSK MODE
Now that should do what you needed, however in my recent app's case I needed to also ensure that if a user somehow got out of the Kiosk mode (which is technically possible on reboot, even with a Boot Listener implemented), they would only be able to open the application I wanted, and nothing else.
To do this you need to hide/disable applications with the device owner privileges you achieved earlier when you set your custom application to lock down Chrome, or Firefox, or whatever you want into Kiosk mode.
I can tell you how to find all of the package names on the device you load your app on, but I'm guessing you can figure that out... hint if you have issues, you use Android's Package Manager.
In this instance the package/app we want to hide is "com.example.HideThisPackage", simply replace it with whatever package name you want to hide/disable as the device owner.
//THIS VARIABLE AGAIN
DevicePolicyManager DPM =
(DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
//THIS VARIABLE AGAIN
ComponentName ownerName = new
ComponentName(WHATEVER_CLASS_YOU_USE_TO_DISABLE_APPS.this
DeviceAdminReceiver.class);
//USED TO HIDE INSTALLED APPS AFTER DEVICE OWNER ENABLED
DPM.setApplicationHidden(ownerName, com.example.HideThisPackage, true);
Then you should be good to go, let me know if you need any additional pointers but I used code almost exactly like this to do what it seems like you are describing a few months ago.
Related
If I have a suite of Android tablets, is it possible that I can have Chrome be the only app that is used on the tablet whilst also locking Chrome to access 1 URL?
We're building a web app for school kids and we want to lock down its use for everything else.
I understand there's a kiosk mode that will lock down to a single app, just can't see anything about disabling the ability to navigate to another website.
I guess you're better going with building an webview app.
That way, you can use android's native kiosk mode to lock the device into that app, that's actually just a webview to your web app.
Edit: Also, I found out something that could be interesting for your case: Android's Lock Task Mode
From documentation:
Android can run tasks in an immersive, kiosk-like fashion called lock task mode. You might use lock task mode if you’re developing a kiosk application or a launcher to present a collection of apps. When the system runs in lock task mode, device users typically can’t see notifications, access non-allowlisted apps, or return to the home screen (unless the home screen is allowlisted).
Adding another answer because I actually found what you're looking for.
You can setup an application to change the device's policies to lock-on on the Chrome app and then lock Chrome to a single website.
Here is the full reference of the answer you're looking for.
Since the process of applying for EMM integration takes an unjustifiably big amount of time and the whole process is described as "incredibly painful" by those lucky ones that went through it, I want to know whether is it absolutely needed to become an EMM in order to have a working Device Policy Controller app (DPC).
If you faced this problem, please share the experience.
I am developing for COSU devices and want to go into a kiosk mode. I am aware of existence of ways of how to do it, but they all implement a bunch of workarounds - this is not an option - I want a controllable, safe and robust way of doing this. I don't care about not having the ability for remote managing also.
You can use Google's new Android Management API to manage Android devices without building a DPC or registering as an EMM.
You just want to write an app that uses Device Policy Owner? That's fairly simple, assuming you own the devices. Just install your app, adb shell in, and run the dpm command to set your app as owner. If you're buying in bulk from a manufacturer you can get them to do it for you in the custom image you install (although you may need to explain what you want, it isn't a common usecase).
Of course everything has its limits. This will work, unless the user manages to do a factory reset. Which you can prevent via the UI, but can generally be reached from recovery modes or from unlocking the bootloader. So its safe from casual intrusion, but if someone really wants to get at your device and they have physical access and time, they can.
It is definitely possible to write your own DPC without registering with the EMM community.
The most convenient option for provisioning the devices is via NFC. for example using a second device, as it is quite simple to write a provisioning application.
See Implementing Kiosk Mode in Android (part 3 and 4)
for a good example.
I had a few problems with some Android 5 devices, but since 6.0 it works quite well.
I had implemented one launcher app for tab. This app is working good in normal mode but issue in safe mode. I am not able to set my app as launcher app in safe mode. Can anyone tell me how i can run my app as launcher app in safe mode.
Possible solutions is
Run my app as Launcher app.
Disable safe mode feature of android.
If device will go in safe mode, then ask password first to open this device.
If anyone knows better solution from above,please mention in comment. but i need this launcher app to be run in safe mode.
Thanks in advance.
Basically, you can't. The safe mode is designed to load built-in apps only
Only system apps run in safe mode. All the apps installed by the user doest not work..and there is a reason for that.
I think your ultimate goal is to create a kiosk mode. Where you want to restrict the user. You can two things:
If you are providing the mobile device you can use COSU from android 6.0 and above where there are APIs to disable safe mode. To access these apis your app needs to be the device owner.
You can access APIs to read UI contents of other apps and enforce clicks on them. To read other apps and enforce click you need to get special permission(Accessibility). Using this you can auto install apps, disable dialogs..
Is there any possibility to make unity3d application use new possibilities in Android 5.0 device owner app?
http://developer.android.com/about/versions/android-5.0.html#DeviceOwner
I'm trying to make app in unity3d that will work in "kiosk mode".
I know nothing about Unit3d but if it is a regular apk you probably can make use of DeviceOwner features. Though, enabling DeviceOwner is not a task for regular user on regular apps.
First, it requires the device to not have being provisioned - most common scenarios there is no account setup in the device. The process can be done either through a second device using NFC and a provisioning app or via adb shell dpm set-device-owner app.package/.DeviceAdminReceiver... not trivial, neither can be done by regular end users. May be what you want is just full screen mode? That can be done in the manifest... Kiosk mode will actually pin your app in the device.
If you are willing for setting up an actual kiosk to demo your app or something similar, it is indeed a good direction to go.
I'm planning to deploy an app on my android smartphone which is supposed to be used by multiple other persons. Now of course I do not want them to do things with the device they are not supposed to do so I informed myself about several different ways to make it as safe as possible (Lock-down apps, Kiosk mode, Mobile-device-management, Code-tweaks and so on).
I found some solutions that look really promising but they all share the same problem that a user could just restart the device and boot it in safe-mode where those helpful apps won't be started. However, there is one exception: I've installed a MDM app called maas360 which somehow manages to apply the restrictions that I defined even in safe-mode, for example by blocking access to the menu settings. How is that even possible? The thing is just that this is not a free app and it offers a huge variety of functions - overall it seems to be a bit excessive for my goals.
So my general question would be: is it somehow possible to restrict access to the safe-mode somehow? Maybe like a password? From what I understand it is not even possible to set a system password for Android devices that you'd have to enter once it boots (except if you set up a password for unlocking the screen first which would then be the same one... very redundant).
Disabling physical switch of volume down (in case of samsung devices) will stop access to safe mode on device. I dont find any other way to do so.