Can MDM restrict user to change date time settings - android

Through MDM policy prevent user to change the date time settings? Can Device date and time should be controlled from server ?

MDM protocol/Configuration profiles doesn't have such functionality.
Potentially, you can find some private API's which can help you with that. However, it's time consuming (to find such a thing) and you can't release such things to App Store.

MDM does not support such functionality as Ram mentioned. In case you need to know if the user has changed time then following can help.
Date and time change listener in Android?
Please register the broad cast receiver in static way.

Related

Security of an Android application

I am developing an Android application and I am planning to release this build in “Open Beta” on the Google Play Store.
I want to implement the app security logic which can ensure that the beta build won't work after certain date dd/MM/YYYY.
Currently, I can think of two approaches for this logic:
Retrieve current date from the device (using Android code to retrieve system’s time)
Issue: User can change the device date to hack the security system
Use time server to check the current date

Issue: My application don’t need internet connection and hence it will be bad user experience if I am asking for internet connection at the start of the app
I have following questions:
What alternate approaches (other then checking dates) can be used to ensure that the app won’t work after date dd/MM/YYYY?
How can I detect that the user has changed device date manually?
Other approaches to find current date even if device is offline?
EDIT:
The beta build has all the premium features free and hence I don't want beta build to work after date dd/MM/YYYY.
NEW QUESTION:
I have implemented the code to check the real date using time server at the start of the application. What possible hacks can be done by users to access app after the date dd/MM/YYYY?
Thank you in advance.
Agreed you don't wish the device to be dependent on the internet. At some point however, the device will be online (A human will never leave his/her device offline since the installation of your app). At that point you check the time stamp and proceed from there. You could disable the app or perform any action. Many apps exhibit this behavior to run an action when and only when the net is connected.
Other than the net and device clock the only other final solution you have is to run a background timer from the moment the app is installed. Good luck
The new Permissions model includes "Internet" as default (you don't need to request it specifically anymore).
If you don't want to use internet you can use following idea. Get current timestamp when running application first time and save it preferences or in external storage. check current time stamp with saved timestamp every time user launches application. please check for negative values to prevent user setting previous dates.
You can check the date, and at the time that the date exceeds the deadline, you can save a variable in preferences, so that when you enter the application, even if they change the date, the application will detect that date been exceeded.

How to prevent user changing system date/time (in Android)?

I have googled, but I can find no advice to prevent user change system date/time in android.
We are developing an Enterprise Application, we would like to prevent the user of the device to be able to set time settings. In other words, we want to set a policy which defines, that user cant change date and time in android device.
Are there any recommendations to do this?
Thanks.
Here is a third alternative that should significantly save on battery life:
Register a BroadCast Receiver for when the time gets changed by the user. Then disable the app until the device time is checked against network-time or server-time.
Those Broadcast Receivers exist. I just checked now with this app called Internal Broadcast Monitor I just found on Google Play.
Here is the interesting part below where I changed both the time and the date:
And below is the part where I changed the time zone:
.
Since there is no policy support for this in the device administrator framework, you can't. File a feature request, it might get added in a next version.
I don't know of any way that you can change the default behavior of the device.
You can however prevent your application from running if the system time differs from the network time. Or you could use the network time in your app instead of system time.
The answer to this post explains how to access the network time.
How can I get the "network" time, (from the "Automatic" setting called "Use network-provided values"), NOT the time on the phone?
you can save current time to db when application start and check every 1 minutes if current time not equal to db time+60 set system time to db time+60.

Android notifications on defined time and date

I want my application to remind user to watch a tv-show weekly... Is it possible to make notification to popup every week in desired time?
Thanks in advance!
Yes. Setup your calender for a reminder on the day/time in questions, and then just set it up to remind weekly. its an option on there. it might be easier for you to set it up from the web version of google calender, but it is just as easy on your phone.

Screen Lock password in android

I am developing an application where I have to change the screen lock password on a button click,can anybody tell me how can I do this.
If you are talking about the unlock pass word set in the device settings by the user then the answer is you can't.
If an application could change the unlock password/pattern without user interaction then these security features would be mostly useless. A rogue application could in theory lock the user out of their own device if this were possible.
Edit: if your aim is not to change this value without interaction but just to send them to the correct settings page. You might be able to do that some how. You'd want to look into what intents you can use to start the Settings Activities. But if you are developing this application for use by the general public I would strongly recommend you rethink having try to do anything with the users security settings. As a user if an application prompted and then sent me to the security settings page with the intention of having me change something in there I would immediately uninstall it.
Edit 2: I've never seen it until just now so I don't know for sure what they used to achieve that. Since it states that must be android 2.2+ though I would assume they are using the Device Administration APIs The docs seem to indicate that it can "Prompt user to set a new password." Which I would think means that it is just going to start the settings activity for them. It is not actually changing the password value by itself. This whole API is subject to user activation also. So even if you get installed on a device the user must explicitly "activate" your app before it is able to make use of any of the admin APIs
I am sure the only way this is possible is if you signed your APK with the device key. This way it could access API's that are limited to system applications. This isn't possible for a normal app, only one that is baked into a custom ROM or device manufacturer ROM when building Android from source.
I do not exactly understand what you are trying to do. If you wish to change the lock screen password programmatically, and your'e application is A device administration than you can call:
resetPassword method of DevicePolicyManager like this for example:
m_policyManager.resetPassword("bla bla", DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);

android application uninstall protection

Just wanted to know is there a way to protect an application from getting uninstalled. I know it's possible if i add the application as a device administrator but this is not enough.
Is there a way I could pop up a message asking for the security code before un-installation starts ? any ideas highly appreciated.
You can create two applications. The first will be you application and the second will listen for remove intents and will triger an action if your first applications is removed, but this is only a basic protection since the user can remove the second application first.
The only possible solution is to modify the android source. As there are applications that can't be removed (gmail, contacts, telefon app, sms app, facebook, twitter) there must be a flag that you can use for your requirement. But I doubt that there is a way on a non customized android os...
I think it's impossible If application is installed by user.
Application can be uninstall by user too.
I think "application protection" on the market do what you want.
Try to implement an BroadCastReceiver listen ACTION_PACKAGE_REMOVED.

Categories

Resources