I've an application with DevicePolicyManager configured, on Android 5.0.1.
I don't want to create a work profile and control it, but i want to control my own (default) profile and hide some applications.
When i try to use the setApplicationHidden API, i'm getting a security exception, saying i'm not the profile owner...
Is it possible somehow to be the owner of the default profile?
Thanks.
Android for Work has two modes: Profile Owner or Device Owner. If you don't want to create a Managed Profile (Profile Owner), you can use Device Owner.
The setApplicationHidden API only works in these two modes.
If you want to disable (hide) applications, look at PackageManager.setApplicationEnabledSetting API which can be used to disable applications. But you can only disable other applications than your own if you have the CHANGE_COMPONENT_ENABLED_STATE permission which requires platform signing or system rights. More info: android permission - CHANGE_COMPONENT_ENABLED_STATE .
Otherwise you will have to use proprietary APIs. I know for a fact that at least Sony and Samsung have such APIs (I work for Sony Mobile).
Related
We have our own rooted hardware device with android OS 7.0
We are building an app for that device. We have to restrict the users to performing some of the actions who will purchase that device. Here are the list of actions We want user to be restricted to perform on the device through the app.
Stop installing/uninstalling any other apps from OS.
On/off wifi
Pair Bluetooth
Change wallpaper
Basic idea behind is to make an app which will be the system app and will restrict user from the things mentioned above.
Is this possible to make such app? Looking for help in any of the above tasks. Thanks
Shor answer: NO.
Here is why;
The Android operation System is based on permissions, and no app can restrict that actions even with the users' permission. The reason for this is because of the Android App Layer that provides all the capabilities you described above.
The only way you can do such thing is to Customize the ROM of the CellPhone. In this case, you can override the functions that allow the user to use such services.
I am developing an app with requirement that one app can be there in android system. No other app can be installed or remove google play store application as well. How can i achieve this?
As long as your device runs Lollipop or greater, you will want to set your app as a device owner. Note, this is different than device administrator. An app is granted device owner permissions only during device provisioning at the welcome screen of the Google Setup Wizard. The device owner is restricted when it can be set because of the control it has. Only one app can be the device owner.
A kiosk solution will set a device up with an app as the device owner. It will suspend all packages that shouldn't be available using setPackagesSuspended.
Some additional links you may find helpful (all require device owner for a COSU/kiosk-mode solution):
setApplicationHidden
addUserRestriction
DISALLOW_INSTALL_APPS
Look into the TestDPC app. Google provides source code to it and it will have most, if not everything of what you need.
https://developers.google.com/android/work/build-dpc
https://github.com/googlesamples/android-testdpc
Other solutions I've seen (mostly on pre-Lollipop releases) are to use a custom launcher to hide non-approved apps. This custom launcher is sometimes referred to as a secure launcher, but hiding apps instead of suspending them as the device owner is much less effective. Secure launcher, IMO, is a misnomer.
I'm developing application that provides child protection(blocking obscene contents, apps, etc.) kind of kiosk mode. And i want to disable factory reset. I found solution using Samsung KNOX SDK (for Samsung devices only) that provide to block factory reset and even wipe data from boot menu. But using other device i'm able only block screen with AccessibilityService when user opens factory reset settings. Does exsist SDK or built-in abbility to disable wipe data for all devices?
Thanks in advance
You can use the Android Management API to manage your device and set factoryResetDisabled to true in the device's Policy. This API supports any device running Android 5.1 or above.
Under the hood the Android Management API sets the DISALLOW_FACTORY_RESET restriction, which can only be set by a device owner or profile owner.
You can set device managment through adb, then you don't need to full reset your phone. See the Sourcecode and tutorial on TestDPC for help.
I've just found an app that allows to disable Samsung apps without root, and in the background:
https://play.google.com/store/apps/details?id=com.hecorat.packagedisabler
And also this free one:
https://play.google.com/store/apps/details?id=com.ospolice.packagedisabler
How could this be? It doesn't even show a system-type alertDialog to ask the user if it's ok to disable the app. Did they find a flaw that allows doing so?
Is it only for Some Samsung apps? What about other apps and other companies? Is is possible there too?
Could the same mechanism be used for other operations? Like enabling apps?
I currently don't have a Samsung device, so I can't even check this app.
You can hide or unhide the apps provided you make your app as device owner with the api setApplicationHidden of DevicePolicyManager
Your app needs to be the device owner of the device. In order to become a device owner, you either need to do an NFC configuration or adb command shell. You can find a very well written blog by Florent here.
However, there is a new method of getting your application to become a device owner starting with Android Marshmallow. With a lot of limitations though. You have to be an EMM provider and your client has to have a google business or edu licensing for this to work.
There is no application on the google play store that allows your app to become device admin. As a device owner you have a lot of things you can control on the device and hence, I believe Google may not want to provide this kind of control without proper safeguards.
With regards to Samsung Devices, they provide their knox sdk as mentioned with other answers here which gives you access to certain APIs that are not allowed via stock Android.
I am little confused about System.Global. According to this document (third point under Important Behavioral Changes) it says that few of the features like turning airplane mode on/off have been include in System.Global in Android 4.2 and higher so its now read only we cannot write it.
Along with airplane mode there is also Bluetooth turn on/off feature included in System.Global which means we shouldn't be able to toggle Bluetooth on/off programmatically since its read only.
But I have some app in my Nexus 7 which runs on version 4.4.2 where the app can easily turn on/off Bluetooth on voice command (one such app is 'Assistant')
How is it possible if the features in System.Global are read only?
Any explanation on this topic will be very much appreciated. Thanks in advance :)
System settings are generally read-only for normal apps. The "Assistant" or "Settings" applications are bundled with the platform and have special permissions. Bluetooth does expose the ability to turn a given "adapter" off and on via the BluetoothAdapter class.
Starting with Android 5.0, it's possible to access some of the settings.
You can use the method setGlobalSetting() in the DevicePolicyManager for that.
However, the caller app must be device owner which is not available to apps deployed on Google Play.
To deploy and activate a device owner, you must perform an NFC data
transfer from a programming app to the device while the device is in
its unprovisioned state. This data transfer sends the same information
as in the provisioning intent described in Managed provisioning.
Source: Android 5.0 APIs