I'm creating an app, that heavily relies on LocationServices.
For now I'm asking user to turn them on, and everything works fine.
However, when user clicks "No", the whole point of this app goes to hell.
I can spam user to turn location services on from my Service, however I find this solution extremely non-elegant.
Is there a way to turn this setting on programatically? I don't care for additional permissions or so.
I did my research and I only got what I already did - ask user to turn on location services with a dialog etc.
Is there a way to turn this setting on programatically?
Fortunately, no, for obvious privacy and security reasons, except perhaps on rooted devices.
However, when user clicks "No", the whole point of this app goes to hell.
Then advise the user once (per run of your UI) that your app cannot function, and the user should uninstall your app.
Bear in mind that many more permissions will have this same sort of user-recovable behavior with Android M.
You simply cant , if that was possible then you can easily gather locations which is for some unethical reasons could be sold ... so for security reasons its not possible at all .
you can always force the user to click yes by making a really useful and helpful application that the user simply want to try and cant click no because it wont function at all ...
Related
In my android app there are certain requirements required in order to use the app (Internet access, GPS, etc.). Now I haven't really found anything dealing with this so I don't know if its a mute point or not. A user can leave your app at any time and turn things off/on on the phone. If I am checking to ensure that data access is available as well GPS in the app oncreate and onresume and just tell the user they need to switch it on, would that probably be enough? I'm thinking not. I'm thinking of redirecting the user to a new layout telling them what is missing and what needs to be done in order to use the app. This layout would also include a button for them to continue once settings are turned on. Is this a good idea or bad? I don't know if there is a better way of handling this or not so all input is appreciated. What do you do?
You might find some of your answers in Find Success on Google Play. If a user performs an action without satisfying all of the requirements, you could present a dialog explaining to the user what the requirements are and why they are necessary. You might also provide a link to redirect the user to the proper settings.
EDIT: The best practices in this situation are probably similar to Requesting Permissions at Run Time. Permissions Best Practices suggests something similar to what you are proposing, which is to show some sort of message or tutorial explaining to the user what is required and why, and then redirecting the user to the appropriate settings.
EDIT: One more example: That Android Documentation shows you how to use the Settings API to check which settings are enabled, and present the Location Settings dialog for the user to update their settings with a single tap. See Prompt the User to Change Location Settings
I would like to ask about something. I'm now aware that there's no possibility to turn GPS on via normal SDK application. My problem is that I need to do it without user's confirmation (my application's fundamental is to work silently). I need it because my application is meant to be used by a company to track their devices (tablets). It needs to turn on GPS to obtain location and after that turn it off. That means, if we prompt user to turn GPS on, he may not do it and the application (a service actually) will not work properly.
My next step is to find an alternative solution, I mean, if we turn GPS on using settings, it eventually gets turned on by a core application/service. My assumption is that it uses native code to access the GPS device and turn it on (if I'm wrong, please correct me and point to the right answer).
Therefore my question is - if possible, how can I do that in NDK and later on how to integrate it with my application. If NDK can't handle it, how it can be done? There must be a way, since it's eventually done in settings.
I would also like to ask the same question about Internet connection (to alternatively use network provider to obtain location).
Thanks in advance for any contribution!
You might find a way to handle GPS with NDK/JNI calls, but there's no such thing as GPS without notice to the user on an Android device. He can switch GPS off or refuse to switch it on. In such a case, that device itself (the hardware) switches the GPS sensor off.
What might be possible is to use other ways to locate the device:
Wifi gives you the position not as accurate as GPS, but better then nothing
Carrier track the position of a device according to the signal strength arriving at their antennas. But I haven't seen any Android interface able to handle that (might be a question to ask here, if anybody knows how to get that information)
The way, I'd handle your problem is on the organizational side (as this is company internal stuff): You basically say to the user: "Switch on GPS and you, user, get access to your emails" (well, as an example)
Give something and you will get something back :-)
"Settings" is not an application to begin with.
So if you already made an application you should understand somehow the basics of Android applications but if you didn't really understand them then I'd like to say that the applications generally run in a "sandbox" and these applications may be destroyed / terminated by the system should it deem it necessary. There's also no such thing as "silent mode" either. The user MUST ACCEPT / DECLINE permissions and the user MUST be in control of his device should you have the Android OS installed on your devices.
There are ways to circumvent that of course and those ways may be ranging from:
Make all devices have one central account on Google Play and activate the service to erase / destroy the device if they get lost, (You can find that in settings since you mentioned it ... under administrator accounts) and leave things right there as they are since that's all you need at the end of the day.
(Requires 1 to be enabled) You should make all your corporate devices (if you want to be that kind of jailer but going that path will make your employees just see you as a not so great employer) to run your piece of software and every single thing that needs access to your network will be running on a proprietary custom encrypted channel (no public encryption) and with the usage of the administrator account you being able to control what the users can install on their devices you can restrict that the only application is that said application that was mentioned above. Now make all that your employees need as a subapplication of your application ;) and on top of that enable these applications to be able to run ONLY if there's GPS signal (so if your employee gets in the tube ... his device will stop working) add / subtract whatever you feel right from this.
Be a good employer and just leave them do whatever they please with the devices you gave them. If you give trust you'll receive joy for the work they're doing meanwhile if you jail people you receive negative emotions and bad performance (eventually it can even go in the direction that people will just leave for a better employer)
From all the 3 I would certain go for the third option if I were in your shoes. From a technology challenge the #2 is I think the only way and a very interesting architecture that you could implement ... in a long time ... so you also need to make sure the effort invested in this is worth the 2 hours your employer will play angry birds at home with his child ;) nevertheless if you're in it for the challenge more than any real world application this is a great chance for you to learn the android operating system from all its perspectives. NDK may help you here but not the way you want it... more along the lines of custom encryption and so on.
EDIT: Sorry for my twisted logic and way of expressing but it's pretty late and has been a very long day.
Okay, I'm pretty sure that this is not possible but a client had asked me to do so in one of our Android application we developed for her.
What she had wanted is that if our application is running, and user navigate to:
Settings > Manage Application > [Our Application]
, the button for "Force Stop" is disabled.
Is this possible? If it is possible, could someone point me out which way I should walk, or if it is not possible, how, using a valid argument based on facts, should I break the news to her.
Update:
She just sent me a screenshot that, in her opinion, validates her request that there's an Android application that disables "Force Stop" button. How am I supposed to explain this to her?
How to disable the "Force Stop" button
Short answer: Use the Device Administration API.
How to explain this to my client?
Show this to your client. It is a nice slideshow providing an easy-to-understand overview of the Device Administration API and its uses.
How do I demonstrate that it works?
Yes, back to your job. Use the API link provided above and the Api Demos included in Google's sample
collection to figure out how to integrate this into your app.
Build the demo and run it on your device.
Choose API Demos->App->Device Admin->General->Enable admin.
Choose Activate once the Device Administration API prompts you with its enabling screen.
Exit the app and attempt to manage the app via your device's settings menu (specifics for this step varies by device).
When viewing the Api Demo's "app info" screen, you should see both Force Stop and Uninstall are disabled.
How do I do this in my own app?
Review DeviceAdminSample.java in the Api Demos app for inspiration. You will need the following:
The following code is what brings up the activation screen:
// Launch the activity to have the user enable our admin.
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdminSample);
intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION,
mActivity.getString(R.string.add_admin_extra_app_text));
startActivityForResult(intent, REQUEST_CODE_ENABLE_ADMIN);
However, there are a few other pieces you will need to get this to work:
A broadcast receiver that derives from DeviceAdminReceiver.
Entries in your manifest file that refer to the above broadcast receiver.
Permissions in your manifest for using the Device Administrator API.
An xml file stating what policies your app can access.
All of this can be found in the above links. Good luck with your client!
This is not remotely possible, for great reason.
You should tell her that making this possible would be a huge security disaster. Imagine what would happen if you could create apps which just ate at your processor time by holding a wake lock, and you couldn't kill them. This would be horrible.
In general, if you're wondering if you can modify the "extra-app" behavior of the device, the answer is usually *no*. You should take the viewpoint that nothing on the device is yours to control besides your app and (to a limited extent) the resources to which you're granted access.
No other app has this kind of control, so it's not reasonable to expect that your client's would either. However, the fact that she's asking for this control usually implies something else: that they are worried the user will stop the app and then something bad will happen (the locations will stop being synced, data will stop being sent out to the net, etc...). This would imply that you should look into improving the resilience of the app to different situations. Remember, your app can even be killed off at any time by Android (for example, in the case of low memory).
I think the device screen shot has confused us. Even I can show my application that is installed on the device and the "Force Stop" button is disabled. Where as I have not done any thing specific to that.
The reason of the "Force Stop" button being disabled is, that particular application is NOT running currently. Hence there is not meaning in having the button enabled.
#Rhama you can ask your client to start the application once, press the home button of the device, and goto the settings and see. Surely the "Force Stop" button will be enabled this time.
Regards,
Rajan
From ICS, disabling Force stop is possible. If your app has an active device admin then the framework will not allow user to kill the process
Hey I think it is quite possible to disable the "Force Stop" button...check Kaspersky
Parental Control from the market it is doing the same.
Its service is running in the background then also the force stop button is disabled.
The application service is running in background
you can disable the forcestop when the app has admin rights. but soon as those admin rights are revoked then it is back to normal. however in android 4, an application called applock (domobile) was able to prevent that by asking a password when you tried to change admin rights. It could only be done by installing an extra program that applock asked you to. And I guess this might even be seen as a security flaw, infact it no longer works in Android 5.
I am starting an application for child monitoring. This would involve mainly the logging of the SMS messages sent and received and logging other activities that may be of interest to the parents. It will also be nice to have something like access control lists for these, too.
Now, as far as I know:
It is not possible to make an app "not uninstallable".
It is not possible to prompt for a password to uninstall an app.
It is not possible to assure that your app is "always" running even if it's getting killed with something like Task Killer, although I think you can respawn the application at given time intervals.
So, any ideas on how to overcome these problems?
There is no way to work around these problems directly without creating your own build of the Android OS. Android always assumes the current user is the owner of the phone and should always be allowed to do whatever they need to do.
It's easy to see why the functionality you need isn't available if you replace "child monitoring" with "malicious data logging" in your question; if Android allowed an app to prevent the user from removing it, it would clearly be open to abuse.
The only thing I can think to do is to have your keep a log of when it is running. This would allow a parent to seen when the app had been running when they viewed the log of the collected data. So if the child had disabled the app the parent would know, but they wouldn't know what had been missed. Although you'd had to be able differentiate between when the phone was switched off and when the app just wasn't running which might not be straightforward.
What you said is true.
Also remember that applications like Task Killer have some sort of blacklist/ignore list so re spawning your app might not make it work.
PS: Without a rooted phone, there is no way you can save your app from a geek kid :)
I was thinking about writing a similar app and considered the same exact scenario. "What if the kid uninstalls the app?"
The only solution I was able to come up with was to have the app periodically ping a server with the a unique ID. Affectively having the app "Check in" with the server a few times a day. Kind of like when prisoner goes on parole. The app is the prisoner and the server is the Parole officer :)
If the app misses a checkin you could treat this as a potential uninstall. However, this could be caused by a lack of network connectivity. I'm sure you could come up with some interesting ways to flag and treat missed checkins. Maybe you could have the app send an SMS checkin or something instead of over HTTP. Then you wouldn't have to depend on Network connectivity.
Once you figure out how to translate missed checkins to an uninstall, you could shoot out an email to the interested party (i.e. the kids parent).
With this option in place, the parent can then have a "Conversation" with their kid before giving them the phone. Something along the lines of:
- "This phone's got parental controls on it. Yes, you do have the ability to uninstall them. However, if you uninstall them I'll know about it and I'll take the phone away."
I think there's definitely a market for this. Need some type of web-interface/dashboard for that parents can log into for monitoring too.
Hope this helps & best of luck.
Cheers!
Does anyone know if there's a way to either keep the user from uninstalling an app from an Android phone or reinstall it on removal? Before you flame me, please know that I have an app that's intended to be installed on the phone by a parent/employer/etc. and has a password-protected settings screen; the user would need to enter the password to remove the app.
What if you have it send an email alert to a registered email address on uninstall?
On the topic of email notification when your service is uninstalled--
A lot of security software runs multiple processes which monitor each other, so that it's more difficult to shut the system down. You could do something similar with two services installed, each monitoring to see if the other is installed. If something goes wrong, they can send off the e-mail.
Not without modifying the kernel, or reducing the user priviledges on the device. Think of it as a Linux computer, where the cell phone user has root.
Can you prevent them from removing your app? No.
But you can make it painful and difficult enough that it's not worth it, and include alerts that indicate it has been removed.
First, I would modify the software so it requests and successfully answers a cryptographic challenge/response periodically from a remote server - daily should be enough, and wouldn't impact battery use. This way your server knows when it has been disabled (could be sold as an additional $10/yr service charge) and you can alert the purchaser.
Second, I would tie the software into the system at the driver level so that removal also removes text services. There are drivers or services that the texting application uses that could be replaced with your custom versions, and on removal would render the texting app useless. Chances are good that you already tie into the system in a similar way to block the texting app (and other apps) while traveling too fast.
Third, I would consider installing a monitoring program that runs as a separate process (check out how the latest viruses operate for clues). It would check to make sure that not only is the app still running, but it's running the latest version, and there isn't a GPS simulator or other program that prevents your app from getting correct GPS data.
I'm curious how you differentiate between the driver texting and a friend in the passenger seat texting on the driver's cell, though.
-Adam
Well, solution would be to mount /system/apps/ to be writable and put your app there once.
When you restart the phone it would automaticly install it and prevent a user from uninstalling (as every app in that folder, list it to see it). That's how mobile providers force user to have they app.
However, user could always delete this app by rooting + mounting /system/app/ to writable and then to delete. But "normal parents" can't do that :)
Regards
P.S. This question is two years old, I've notice it just now... :S
I'd highly doubt that's possible. The permission structure of Android is going to give the user full control over what's happening on their phone (to some degree) and not being able to uninstall an app would be a pretty large security risk.
If you modified the Android core, it would probably be possible, but if you're trying to force something onto an end-user, that's a bad idea.
Maybe there's a better approach to what you're doing? If there's some required functionality in the app to keep the user from uninstalling it, that would be a small incentive to keep the app, but there's no way to keep a user from removing something they really don't want. You could have the app report uptime to a seperate server so you could be notified if the app was removed, but I think that's as far as you're going to get.