I'm using in my app Device Admin API but it requires actions from user to enable it - I was wondering that is it somehow install app and automatically enable admin on it without asking user?
Does anyone tried to do something like this
Enable Device Admin without asking user
Not a good idea. If that would allowed by android then anyone can play with users and user's data. Android not allowed , not allowing and will not allow this thing in future. You better stop wondering ;)
This is not possible because of OS security
This isn't possible, the device admin provides certain rights to the device for an app, that a standard app does not have. It would be a huge security risk if the user installed an app and it automatically set itself as a device admin without the users consent or knowledge.
There is no way to enable or disable Device Admin without asking the user for security purposes.
OK after long time I have to say that it's impossible to do it without OS moddification. Even I have tried to use Android hidden API by reflection but then looks that you need some system permission.
Use dpm set-active-admin, if you have root or system/signature privileges.
Related
We have android app as an Enterprise App which disables the camera of the Device. This functionality breaks when user switch to Guest user or similar functionality. Having app as Device Administer is not enough, We have found one solution to it i.e making app Device owner with nfc-Provisioning and similar approach but this requires the device to be in factory reset mode. So is there any other approach than this which will help us to disable camera across all profiles without factory resetting of the app. I believe this is not an idle approach as per users point of view.
Here is the guide for android Mobile as Administrator here you can disable the camera programmatic ally. You can refer to this link
https://developer.android.com/guide/topics/admin/device-admin.html
You can't and, while it restrains developers, it is actually a good thing for user's security.
Among other things, a Device Admin app cannot
prevent the user from revoking the Device Admin rights,
enforce policies across users,
prevent the creation of new users.
It is relatively easy to lure Android users into giving Device Admin rights and many malwares have already tried to exploit this vulnerability through clickjacking or other means. So it is a good thing for users that Device Admin gives limited management capabilities and can be revoked.
In comparison Device Owner gives full management capabilities but requires factory reset which ensures there is a clear intent from the user.
Can I develop the app which should never delete even after reset the mobile Or It should block to RESET the mobile.
If any suggestion please help out.
Thanks in advance.
The proper way to do this is to require employees to install an app that provides whatever certificates/credentials necessary to access company resources. This app would use the Device Administration APIs to restrict certain policies on the device. As long as the app is enabled as a Device Administrator in the settings of the device, the user can't manually uninstall it. (They can still factory-reset their phone, but in that case they will no longer have the app and so lose whatever certificates/credentials allowing access to company resources.)
Is it possible to require a pass-code when the user tries to uncheck the app as an administrator under Settings->Security->Device Administrators?
This would add a roadblock to not easily allow the user to uninstall the app as they would first need to remove the admin privileges from the app (for which they would need to authenticate with a password) and then they could uninstall.
This is not possible AFIK. This is right of user.
You can show a dialog for confirmation about DE-activation of Device Admin, but neither default device admin API gives you a way to show password dialog while DE-activating device admin, nor EDM APIs gives you the permission.
Although EDM APIs gives a way where you can block the DE-activation of Device administrator. So user can not uncheck a particular Device admin.
It is possible, but you'd have to employ some pretty sketchy techniques to achieve that. For example, Cerberus has an option called "Protect device admin" which immediately locks your screen and asks for login and password as soon as you tap "Deactivate this device administrator".
I cannot recommend you do this though since it's considered to be malicious behavior. You should use corporate policies instead. AFAIK they've been implemented to newer versions of Android and are not tied to a specific manufacturer.
I'm developing an application for parents to watch out for their children. So this application cannot be removed by the child. I need to know how to make it uninstallable or the user need password to remove that application.
Ankur,
I think the closest thing to what your looking for is the Device Administration feature introduced in 2.2.
Once the application is registered as a Device Administrator, it can't be uninstalled unless its unregistered. This will prevent the app from being uninstalled.
While the Device Admin API doesn't allow for password protection of this particular feature, you can password protect your application to prevent someone from tampering with the Device Admin features in the app.
I use an app called SeekDroid that has a similar functionality.
I've only seen one app that does this, its called Prey and is used to track lost phones and computers. The project is open source so you could go through their code and see how they do it or contact the developer and maybe they'll tell you how they do it.
Hello is it possible to know if the user tries to uninstall an application and ask for password in order to continue? I have a security application and I would like to ask the user to authenticate before uninstalling the application is it possible and how?
Hello is it possible to know if the user tries to uninstall an application and ask for password in order to continue?
No, sorry. Applications do not get control when they get uninstalled.
Yes. It is possible. I do not know HOW but some security applications like AndroidLost, SeekDroid and so on do that. (I'm not sure now which one exactly do that, but I'm sure it does). Try to decompile some of these applications (if I was you I'd do that).
I guess they ask for Administration permission in your mobile and intercept the unnistall. Obviously if you remove the app from the Administration apps list, it does not work anymore.