I've seen some "app locking" solutions in the Google Play store and I was wondering how those apps work. I'd like to build something similar.
I realize that this might require some special permission or maybe request the app to be added as device administrator.
Is there some broadcast that is triggered just before an app is launched that I can intercept and do some action (e.g. launch an activity that will request the user to fill a password)? I've read some lengthy discussions how this is not a good idea and the only idea is to have a background service that will continuously poll the running processes and check for changes, but I think retrieving this list every second and checking it for chances is not good for the battery and I think other app locking apps out there must be using a different approch.
If possible, without the need for a rooted phone.
Related
A client of mine is requesting for a very specific functionality, to keep the application always active, even after the user force kills it. He wants to ensure that the users have the application active at any time while using the device on which it is installed (the devices are managed in a constrained environment).
I've done some research on it, and already enabled background services for sending the user's location, but if they force kill the app then we are unable to send locations to the server. We've seen other apps do it, but wonder how they do it.
According to https://stackoverflow.com/a/34573169/640907 it should be possible in Android. We also found https://ssaurel.medium.com/how-to-auto-restart-an-android-application-after-a-crash-or-a-force-close-error-1a361677c0ce but I don't think this will work for our use-case, as the user can close the application without "force kill" aswell..
Anyone knows how to achieve this for a Flutter application?
After 3.1 , Android introduced a security feature, where the application's code can't be run unless the user opens the application. Check the link for more info http://commonsware.com/blog/2011/07/13/boot-completed-regression-confirmed.html
I would like to know if anyone has found any hack or work around for this problem, where i can listen to a system broadcasts like boot, connectivity changed and run a service without opening the installed application.
This is not what the posts said. You can still register broadcast listeners, or alarms. You just need the user to actually start your application once. And, if the user forcefully stops your application, they'll need to start it manually again.
Why would you want a way around this behavior? It seems to make a lot of sense.
I have created an app. Works great, but I want some same functionality as gmail uses:
When I receive a new email, I get a notification. I inspected my phone and saw no services or applications running that look like the gmail-app.
I have investigated the AlarmManager and services, but as soon as I stop the app both don't work anymore.
Could someone give me a hint how to accomplish this?
Thanks in advance
I inspected my phone and saw no services or applications running that look like the gmail-app.
Partly, that is because Gmail gets such notifications via broadcast Intents from the OS, via the subsystem we see as C2DM (which is why you do not see a process). Partly, that is because Gmail is part of the firmware and may get some extra benefits as a result, in terms of resisting the normal behaviors that befall an app that is force-stopped.
Could someone give me a hint how to accomplish this?
You can't. Particularly on Android 3.1+, if your app is force-stopped, it will not run again until the user manually runs one of your activities (e.g., from the launcher).
I am starting an application for child monitoring. This would involve mainly the logging of the SMS messages sent and received and logging other activities that may be of interest to the parents. It will also be nice to have something like access control lists for these, too.
Now, as far as I know:
It is not possible to make an app "not uninstallable".
It is not possible to prompt for a password to uninstall an app.
It is not possible to assure that your app is "always" running even if it's getting killed with something like Task Killer, although I think you can respawn the application at given time intervals.
So, any ideas on how to overcome these problems?
There is no way to work around these problems directly without creating your own build of the Android OS. Android always assumes the current user is the owner of the phone and should always be allowed to do whatever they need to do.
It's easy to see why the functionality you need isn't available if you replace "child monitoring" with "malicious data logging" in your question; if Android allowed an app to prevent the user from removing it, it would clearly be open to abuse.
The only thing I can think to do is to have your keep a log of when it is running. This would allow a parent to seen when the app had been running when they viewed the log of the collected data. So if the child had disabled the app the parent would know, but they wouldn't know what had been missed. Although you'd had to be able differentiate between when the phone was switched off and when the app just wasn't running which might not be straightforward.
What you said is true.
Also remember that applications like Task Killer have some sort of blacklist/ignore list so re spawning your app might not make it work.
PS: Without a rooted phone, there is no way you can save your app from a geek kid :)
I was thinking about writing a similar app and considered the same exact scenario. "What if the kid uninstalls the app?"
The only solution I was able to come up with was to have the app periodically ping a server with the a unique ID. Affectively having the app "Check in" with the server a few times a day. Kind of like when prisoner goes on parole. The app is the prisoner and the server is the Parole officer :)
If the app misses a checkin you could treat this as a potential uninstall. However, this could be caused by a lack of network connectivity. I'm sure you could come up with some interesting ways to flag and treat missed checkins. Maybe you could have the app send an SMS checkin or something instead of over HTTP. Then you wouldn't have to depend on Network connectivity.
Once you figure out how to translate missed checkins to an uninstall, you could shoot out an email to the interested party (i.e. the kids parent).
With this option in place, the parent can then have a "Conversation" with their kid before giving them the phone. Something along the lines of:
- "This phone's got parental controls on it. Yes, you do have the ability to uninstall them. However, if you uninstall them I'll know about it and I'll take the phone away."
I think there's definitely a market for this. Need some type of web-interface/dashboard for that parents can log into for monitoring too.
Hope this helps & best of luck.
Cheers!
Does anyone know if there's a way to either keep the user from uninstalling an app from an Android phone or reinstall it on removal? Before you flame me, please know that I have an app that's intended to be installed on the phone by a parent/employer/etc. and has a password-protected settings screen; the user would need to enter the password to remove the app.
What if you have it send an email alert to a registered email address on uninstall?
On the topic of email notification when your service is uninstalled--
A lot of security software runs multiple processes which monitor each other, so that it's more difficult to shut the system down. You could do something similar with two services installed, each monitoring to see if the other is installed. If something goes wrong, they can send off the e-mail.
Not without modifying the kernel, or reducing the user priviledges on the device. Think of it as a Linux computer, where the cell phone user has root.
Can you prevent them from removing your app? No.
But you can make it painful and difficult enough that it's not worth it, and include alerts that indicate it has been removed.
First, I would modify the software so it requests and successfully answers a cryptographic challenge/response periodically from a remote server - daily should be enough, and wouldn't impact battery use. This way your server knows when it has been disabled (could be sold as an additional $10/yr service charge) and you can alert the purchaser.
Second, I would tie the software into the system at the driver level so that removal also removes text services. There are drivers or services that the texting application uses that could be replaced with your custom versions, and on removal would render the texting app useless. Chances are good that you already tie into the system in a similar way to block the texting app (and other apps) while traveling too fast.
Third, I would consider installing a monitoring program that runs as a separate process (check out how the latest viruses operate for clues). It would check to make sure that not only is the app still running, but it's running the latest version, and there isn't a GPS simulator or other program that prevents your app from getting correct GPS data.
I'm curious how you differentiate between the driver texting and a friend in the passenger seat texting on the driver's cell, though.
-Adam
Well, solution would be to mount /system/apps/ to be writable and put your app there once.
When you restart the phone it would automaticly install it and prevent a user from uninstalling (as every app in that folder, list it to see it). That's how mobile providers force user to have they app.
However, user could always delete this app by rooting + mounting /system/app/ to writable and then to delete. But "normal parents" can't do that :)
Regards
P.S. This question is two years old, I've notice it just now... :S
I'd highly doubt that's possible. The permission structure of Android is going to give the user full control over what's happening on their phone (to some degree) and not being able to uninstall an app would be a pretty large security risk.
If you modified the Android core, it would probably be possible, but if you're trying to force something onto an end-user, that's a bad idea.
Maybe there's a better approach to what you're doing? If there's some required functionality in the app to keep the user from uninstalling it, that would be a small incentive to keep the app, but there's no way to keep a user from removing something they really don't want. You could have the app report uptime to a seperate server so you could be notified if the app was removed, but I think that's as far as you're going to get.