I was thinking if Android applications or harbour applications can launch other application like Android/harbour application launching native applications OR other android or harbour applications? because this could be security risk if user permissions are not taken for the same or user permissions of launched application are used by applications launching these apps.
SailfishOS allows an QML application to ask the launcher to launch other application via Qt.openUrlExternally(). You can launch a given file/protocol handling app, or a given app via pointing its .desktop file.
The new application is launched by the launcher and there is no possibility for remoting a launched app, so unless the launched app is not dangerous in itself, you cannot force it to do something user would not do. But who would install & run "dangerous" app anyway? And you cannot sideload an random app, as the interfaces required to do so are not allowed in Harbor.
Also, you cannot abuse user permissions, as there is only one 'nemo' user running all user level apps and there is no direct root access. (You can enable developer mode and gain root access via devel-su, but that requires knowing devel mode password.)
Android layer (Alien Dalvik) has all the usual Android protection mechanisms in place.
Related
I am developing an app for an Android platform (OS 12).
This app will not have a UI and will have access to different media (camera, storage, ...).
My problem is that once the app is launched, different permissions are asked.
I would like two things :
to be the administrator of my app (so that I'm not asked to validate the permissions)
that my app is launched at Android startup (without the lockScreen).
I tested this link: https://snow.dog/blog/kiosk-mode-android
My app is launched automatically but I'm still asked for permissions.
Do you have any ideas?
I have application signed by platform key and I need to move device to kiosk mode.
What kiosk mode mean in my case:
Set user restrictions (change default activities, set VPN etc...)
Prevent user access to third party apps, some system apps etc...
Set custom Activity as Home activity without user interaction
Move application to lock task mode
I know that DevicePolicyManager could do that. But device doesn't have any google's provisioning system (like NFC or QR). Is exist any way to set device owner using application signed by platform key or use such application with benefits of device owner App?
I find out that application with system privileges could do al lot of thing that could be done with DevicePolicyManager. But some of functionality provided as hide API:
Set user restrictions - could be done with UserManager
Prevent user access to third party apps - could be done be disabling such apps with package manager
Set custom Activity as Home activity without user interaction - could be done with PackageManager
Move application to lock task mode - could be done by disabling UI components in status bar and system navigation bar with StatusBarService
The platform key only gives you certain permissions to take a certain role or to make some system settings, but for your task you are mainly right with the DevicePolicyManager. I do not see why you need NFC or QR for that, you could implement a simple code to unlock the kiosk mode.
There are of course finished applications to do that and you would not need to re-invent the wheel as this kind of application is not trivial.
I'm writing a remote management app for an android based device. The app currently runs under sharedUserId android.uid.system to enable access to restricted parts of the file system.
As a side effect of running under the system uid the app cannot access /mnt/extsd and a warning is logged every time we call sendBroadcast.
I'm looking for a way to run only the code that needs priviledged access as android.uid.system while the rest of the code can run as a standard uid. Is there any means to achieve this?
I want to make an android app that runs as the only app on the android device. If the unit is reset I want this app to start up and run.
The reason for this is we are going to be buying these special 7 inch wall mounted tablets which have android OS on them (here is a link to the device: http://www.geekland.co/7-Android-42-Panel-PC-Wall-or-Desk-Mounted-Tablet-with-RJ45-GK-Q896.htm). And we are going to be programming an app that does various things.
However, it is imperative that the app cannot be exited and that if the system restarts, that app is what runs. We don't want random people messing with the device. We want to restrict everything just to that app.
Of course, maybe with an admin password you would be able to exit the app.
Can this be done somehow within an android app? Or does this call for, I don't know, making some new android OS clone or something? (something I'm not sure of how to do).
As I know there are few ways to do this.
Override buttons as in here
Write a home screen application as in here
Lock apps using apps similar to AppLock some can even lock system apps and settings
If the devices are running Lollipop or newer, you can do this with the Task Locking API. First you need to make your app (or some other app) the device owner and grant your app the lock task permission so that locking can be done without user confirmation. Then just add a receiver in your manifest for the BOOT_COMPLETED intent and lock the task when the app starts.
I wrote an open source app that acts as the device owner and simplifies granting lock task permission to your own apps.
I'm looking for technical input on Android User Profiles (both full & restricted). More specifically I would like to understand:
Whether it is possible to create an app which runs across all profiles, i.e. is not stopped, paused, restarted when switching user profile. My focus is NOT limited to activities, but I'm also interested in knowing whether a system-app/service could be created that does this and if so how.
What life-cycle is maintained for services of the non-active users. I get the impression that (at least some) services of APKs of a user get started the moment it gets activated in the lock screen (even without unlocking) and then are allowed to keep on running. But what will happen in low-memory conditions? Will a service of a non-active user also receive broadcast intents? Can such a service interact with the user and if so how?
In general: can someone point me to any technical information on the Android profiles features? There's a lot of articles on how it "looks" to the user, but I could find very little (apart from info on the pm and am command-line tools' options) on how it really works technically.
Thanks in advance!
Whether it is possible to create an app which runs across all profiles, i.e. is not stopped, paused, restarted when switching user profile. My focus is NOT limited to activities, but I'm also interested in knowing whether a system-app/service could be created that does this and if so how.
Default Android behaviors
By default, an Android application runs in a specific Android user workspace, it does not run for all Android users.
It means that when the user starts an application, it is started for the current Android user only.
When the application is launched from another Android user, Android will recreate a new instance of your application. As Android users can run in the background it means that you can have several instances of the same aplication running in parallel.
All the Android components of you application (ie. Services, Activities, BroadcastReceivers and ContentProviders) will be re-instantiated.
Most of the time it's the wanted behavior, but it can be a problem for some applications that do system-level handlings that have to be done once for the whole system, without
taking into account Android users (ex: a JobService doing some handling on Bluetooth events).
Define a singleton component/application
For each component of your app which is not an Activity, you have the possibility to specify that you want it to run as a singleton (ie. only one instance will be created for all Android users.).
To do so, the property android:singleUser=”true” must be added to the attributes of the component in the AndroidManifest.xml of the application.
<!-- Declare a singleUser service in the AndroidManifest.xml -->
<service
android:name=".MySingleUserService"
android:singleUser="true" />
Any singleUser component will always run under the system Android user (ie. the user 0) which can't be stopped by Android, even if you're application is currently running for another Android user.
To be able to use the property android:singleUser=”true”:
your app has to be a system application (either in system/app/ or system/priv-app/).
you app has to be signed by the platform certificate (by specifying LOCAL_CERTIFICATE := platform in its Android.mk).
your app must declare the use of the following permission in its AndroidManifest.xml.
<!-- Permission needed to use android:singleUser. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS"/>
Additional remarks
If your app only contains singleUser components, the entire app will become singleUser (ie. only one instance of your app will run for the entire system).
android:singleUser=”true” forces android:exported=”false” for your component (except if your app is privleged).
If a component of your application wants to communicate with a singleUser component of the same app via Intents, the default Android APIs can't be used because Intents do not cross Android users.
In that case, you have to use the multi-user Intent exchanges dedicated APIs which are suffixed by AsUser (ex: sendBroadcastAsUser(), startServiceAsUser(), etc.) and which allow to specify the destination Android user (UserHandle.SYSTEM in that case). Note that one of the following permissions must be used:
<!-- Permission needed to send intents to components of the SAME app running in another Android user. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS"/>
<!-- Permission needed to send intents to components of ANOTHER app running in another Android user. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL"/>
What life-cycle is maintained for services of the non-active users. I get the impression that (at least some) services of APKs of a user get started the moment it gets activated in the lock screen (even without unlocking) and then are allowed to keep on running. But what will happen in low-memory conditions? Will a service of a non-active user also receive broadcast intents? Can such a service interact with the user and if so how?
As I've mentionned above, an Android user can continue to run in the background even if they are not the active one (at least until Android 10). If resources are low, Android can stop any Android user which is not the system user (ie. stop all their running applications). So a Service can continue to run on an Android user which is currently running in the background until the user is stopped.
As I've also mentioned above, Intents do not cross Android users. So if you have a BroadcastReceiver registered in the user 10 and that an Intent is sent from the user 11, it won't be received by your BroadcastReceiver. The only exception is if you use the AsUser Intent exchanges APIs to send it.
Also note that an Intent with the action BOOT_COMPLETED is sent whenever a new Android user is started. It is only sent to the components of the starting Android user.
Sources
Unfortunately, there is few Android online documentation about multi-user systems. Here are the only articles about it (if youd don't find answers there, I suggest you to directly look into the AOSP source code):
Building Multiuser-Aware Apps
Supporting Multiple Users
Manage multiple users