I've recently created an app which is basically a webview component that displays a website, when I want to install the app on an android phone (havent tried on iOS yet) the privacy setting and device permissions/access you have to agree with are far more than what the app requires, if it is a simple webview app it should not need access to anything other than full network access, however other requirements that you have to agree with before installing the app are "read contacts, read texts, make calls, send texts... etc." it pretty much requires all the possible device permissions that there is, and so some people might not want to install the app due to this reason. Is there any way I can cancel or disable the device access/permissions that the app requires?
Related
We have our own rooted hardware device with android OS 7.0
We are building an app for that device. We have to restrict the users to performing some of the actions who will purchase that device. Here are the list of actions We want user to be restricted to perform on the device through the app.
Stop installing/uninstalling any other apps from OS.
On/off wifi
Pair Bluetooth
Change wallpaper
Basic idea behind is to make an app which will be the system app and will restrict user from the things mentioned above.
Is this possible to make such app? Looking for help in any of the above tasks. Thanks
Shor answer: NO.
Here is why;
The Android operation System is based on permissions, and no app can restrict that actions even with the users' permission. The reason for this is because of the Android App Layer that provides all the capabilities you described above.
The only way you can do such thing is to Customize the ROM of the CellPhone. In this case, you can override the functions that allow the user to use such services.
Is there any difference in the privileges of an Android DPC application and a system application? Will a system application be able to perform all the functions that a DPC can perform such as setting the device to Single Use Mode?
Well, there is no-such difference in privileges as far as the Android system is concerned.
If you look at the Android Platform Architecture, you will find that the even a normal user app have the same access to all the system resources as a system app.
Apps included with the platform have no special status among the apps the user chooses to install. So a third-party app can become the user's default web browser, SMS messenger, or even the default keyboard (some exceptions apply, such as the system's Settings app).
You can read about more differences in system and user app here.
Also, another interesting point to note is that on a production device there are only 3-processes that run as root, the Zygote, the app_process and the adbd (though it doesn't allow root access directly using adb). That means, all other apps run under their own user_id with different permissions and since Android doesn't differentiate between apps, two apps having same permissions are allowed same privileges and access to resources, regardless of the fact whether it is a system app or a user app.
Now, to answer your question, if a system app has the same privileges as the DPC app, then yes the app would be able to perform the given task (like setting the device to Single Use Mode) same as the DPC without any problem.
As a side note, if you are planning to create a DPC for you organisation, using the DPC SUpport Library is better than creating and shipping a system app.
P.S. To change a System setting your app would need the WRITE_SETTINGS permission.
I've just found an app that allows to disable Samsung apps without root, and in the background:
https://play.google.com/store/apps/details?id=com.hecorat.packagedisabler
And also this free one:
https://play.google.com/store/apps/details?id=com.ospolice.packagedisabler
How could this be? It doesn't even show a system-type alertDialog to ask the user if it's ok to disable the app. Did they find a flaw that allows doing so?
Is it only for Some Samsung apps? What about other apps and other companies? Is is possible there too?
Could the same mechanism be used for other operations? Like enabling apps?
I currently don't have a Samsung device, so I can't even check this app.
You can hide or unhide the apps provided you make your app as device owner with the api setApplicationHidden of DevicePolicyManager
Your app needs to be the device owner of the device. In order to become a device owner, you either need to do an NFC configuration or adb command shell. You can find a very well written blog by Florent here.
However, there is a new method of getting your application to become a device owner starting with Android Marshmallow. With a lot of limitations though. You have to be an EMM provider and your client has to have a google business or edu licensing for this to work.
There is no application on the google play store that allows your app to become device admin. As a device owner you have a lot of things you can control on the device and hence, I believe Google may not want to provide this kind of control without proper safeguards.
With regards to Samsung Devices, they provide their knox sdk as mentioned with other answers here which gives you access to certain APIs that are not allowed via stock Android.
Is it possible to push content such as SSID and password of a certain wi-fi network via a script, or an app that can be launched from the Android device?
I was issued to pre-configure approx. 500 tablets with certain Apps and features, one of them being setting a password for a specific SSID.
The purpose of this is that when the users of the Android tablets at the conference turn them on for the first time they would be immediately connected to the internet and have access to the content regarding the conference.
I really wish such possibility exists, so I won't have to manually configure every device.
Thank you for any constructive comments :)
I'm currently doing some research about my project, a smartphone tracking native application, and I have four questions. Links to any material I can read up will be greatly appreciated, and the most useful/comprehensive response will be accepted.
The primary target smartphones are the Android, Blackberry and iPhone models.
For starters I found out here Uniquely Identify an Android Handset that IMEI can be used to uniquely identify Androids but I think I once read that it can be faked. I don't know about the iPhone and Blackberry.
What's the most reliable way to uniquely identify the smartphone device, if any? Can MAC addresses work or is it possible to spoof that? Can IMEIs truly be faked?
Is it possible to "lock" the device with a custom error message remotely via its unique identification, once the device is reported as stolen? This lock state will remain on the phone even when disconnected from the network, until it is reconnected to the network and unlocked remotely once again.
Assuming such a remote phone lock is possible, can such be reversible by the thief? The native app will run in stealth mode so that it cannot be uninstalled.
Can a cross-platform solution work in this case, or will I have to develop various native apps per platform?
EDIT:
Some more context. As Till rightly said, Apple's "Find my Phone" does this exact thing already (I am just finding out about it, but it looks like a perfect fit already). The user who is choosing to install the app is informed that the phone will be uniquely identified if they do install the app. As for locking the device, "Find my Phone" does it (I gather). Now I need to know how that might be possible on the two other platforms.
With regards the iPhone side of things:
You aren't allowed to uniquely identify the iPhone like that. Apple have just forbidden it unless you get the user's permission first. So if they refuse you permission, your app won't function and you'll need to find another way.
No, you can't do that.
See 2. Also you can't run an app in "stealth mode"
See 2.
Only the network operators can talk to the handsets on an IMEI level. The IMEI number IS the MAC address of GSM networks. However, you can't access that unless you have control of the network. Sure you can get the IMEI from the user, but you can't use that to locate the phone. On CDMA networks this address is called the MEID number.
But there are other ways:
You can get location data on either platform with the users' permission. This is the way you should think about developing your application. You'll want to assign a UUID to a user once they download and install your application on their phones. You can then have the phones report to a server every so often (heartbeat). As long as the phone is powered on and connected to a network, the user would be able to locate the phone.
You can also get the phones IP address on the network, among other things -- such as contacts, messages, files, cache data etc..
On Android it's pretty easy to implement this kind of functionality as a service that could would only be visible on the packages page. Further, if you have root access, you can write whatever kind of rootkit you want such that it hides itself from the system. Same with a jailbroken iPhone. I am not as knowledgeabe about iPhone services though.
Either way, the only cross platform compatibility you'd be able to exploit would be perhaps the way data is sent and received from the server. You could use some standard such as JSON to send and receive data (and hence the same server). Although, both platforms have JSON and Apache libraries, the other parts of the apps or services themselves will need to be completely and dependently developed for each platform (UI, Internal Content Handeling, Syscalls, Permissions, etc).
You can remotely lock, wipe, factory reset, etc. Android devices using the security and device administration Android system interface. This still requires the user to grant permission and it asks them an a more.. obnoxious.. way so that they know what exactly they are agreeing to when they give an app device administration permission. If you ever use an exchange server for business or school, it's likely you'll run into this.
I am unsure about remote iPhone device administration on a jailed system.
If you really want something that can't be removed lest you do a factory reset, you'll need to know a thing or two about Unix programming, and a lot about the operating systems that their respective SDK's don't (and probably shouldn't) tell you. You'll need to be comfortable poking around sources and even reverse engineering if called for. If you're still interested, you'll want to hang around the circles that work on custom phone firmware and software for the iPhone, and Android (and Blackberry). I would start with Android. It's probably the easiest since the sources for the AOSP are easily and legally available.