I can understand the security reasons behind not allowing a background service to dispatch touch events to the app (any app. that does not belong the context of the service) that is running in the foreground. But there are some apps available in the playstore that can be used to access a remote device. How are those apps generating touch events?
An example of such app. is Optia
https://play.google.com/store/apps/details?id=jp.co.optim.optiasmsng&hl=en
There's one hint in the system requirements:
It must be equipped with original Samsung firmware
I would guess that it has been built withing the Android build tree (to enable it to use methods marked with #hide too) and given a user ID that has system permissions (which regular apps doesn't have).
Related
I have application signed by platform key and I need to move device to kiosk mode.
What kiosk mode mean in my case:
Set user restrictions (change default activities, set VPN etc...)
Prevent user access to third party apps, some system apps etc...
Set custom Activity as Home activity without user interaction
Move application to lock task mode
I know that DevicePolicyManager could do that. But device doesn't have any google's provisioning system (like NFC or QR). Is exist any way to set device owner using application signed by platform key or use such application with benefits of device owner App?
I find out that application with system privileges could do al lot of thing that could be done with DevicePolicyManager. But some of functionality provided as hide API:
Set user restrictions - could be done with UserManager
Prevent user access to third party apps - could be done be disabling such apps with package manager
Set custom Activity as Home activity without user interaction - could be done with PackageManager
Move application to lock task mode - could be done by disabling UI components in status bar and system navigation bar with StatusBarService
The platform key only gives you certain permissions to take a certain role or to make some system settings, but for your task you are mainly right with the DevicePolicyManager. I do not see why you need NFC or QR for that, you could implement a simple code to unlock the kiosk mode.
There are of course finished applications to do that and you would not need to re-invent the wheel as this kind of application is not trivial.
I'm building an app that needs to restrict which apps can be run along with it.
In example, when my app is running (foreground or background) I can allow user to run only GoogleMaps, and MusicPlayer.
I've read a bit about Device Policy Controller and creating profiles, and up to some point it seems to have the feature I need, but it is designed for enterprise deployment, and user needs to encrypt their phone beforehand. Is creating personalized profiles a way to go?
My other idea was to run a service that each few milliseconds check if there is any forbidden app running and finish it, but it seems to be not robust.
Is there any way of handling this problem programmatically?
I don't think that Device Policy Controller is a right thing for you.
And you can't just kill other apps without root.
So some kind of user-friendly way to achieve the goal is to check running apps list with ActivityManager.getRunningAppProcesses and to notify user that he has to finish particular apps to use your app.
The Context
There's a certain app that competes with my app for a hardware resource that should be mutex-locked, but isn't. The hardware resource has no API in the public Android SDK, and the competing app expects to be the only app to ever need it. The hardware resource's governing firmware also expects it to only ever be acquired by one app at a time.
The Problem
Collisions over the hardware resource are not handled well in the firmware, and my test device will often need a reboot if the user launches the competing app while my app is running (I'm able to check for the competing app's service with ActivityManager.getRunningServices() and stop my app from trying to acquire the hardware resources if the user starts my app while the competing app is running).
I don't have access to the competing app's source code, or the system image source code, so my app has to be responsible for handling the competing app's bad behavior and/or the firmware's poor handling of competition for this hardware resource.
The Question
Is there a way for a normal (i.e. non-system) app running on Android Marshmallow to receive a callback when an app Activity or Service with a known component name is launched?
Is there a way for a normal (i.e. non-system) app running on Android Marshmallow to receive a callback when an app Activity or Service with a known component name is launched?
No. In fact, Android 5.0+ takes pains to hide the real-time knowledge of other running apps from you, for privacy and security reasons.
I'm looking for technical input on Android User Profiles (both full & restricted). More specifically I would like to understand:
Whether it is possible to create an app which runs across all profiles, i.e. is not stopped, paused, restarted when switching user profile. My focus is NOT limited to activities, but I'm also interested in knowing whether a system-app/service could be created that does this and if so how.
What life-cycle is maintained for services of the non-active users. I get the impression that (at least some) services of APKs of a user get started the moment it gets activated in the lock screen (even without unlocking) and then are allowed to keep on running. But what will happen in low-memory conditions? Will a service of a non-active user also receive broadcast intents? Can such a service interact with the user and if so how?
In general: can someone point me to any technical information on the Android profiles features? There's a lot of articles on how it "looks" to the user, but I could find very little (apart from info on the pm and am command-line tools' options) on how it really works technically.
Thanks in advance!
Whether it is possible to create an app which runs across all profiles, i.e. is not stopped, paused, restarted when switching user profile. My focus is NOT limited to activities, but I'm also interested in knowing whether a system-app/service could be created that does this and if so how.
Default Android behaviors
By default, an Android application runs in a specific Android user workspace, it does not run for all Android users.
It means that when the user starts an application, it is started for the current Android user only.
When the application is launched from another Android user, Android will recreate a new instance of your application. As Android users can run in the background it means that you can have several instances of the same aplication running in parallel.
All the Android components of you application (ie. Services, Activities, BroadcastReceivers and ContentProviders) will be re-instantiated.
Most of the time it's the wanted behavior, but it can be a problem for some applications that do system-level handlings that have to be done once for the whole system, without
taking into account Android users (ex: a JobService doing some handling on Bluetooth events).
Define a singleton component/application
For each component of your app which is not an Activity, you have the possibility to specify that you want it to run as a singleton (ie. only one instance will be created for all Android users.).
To do so, the property android:singleUser=”true” must be added to the attributes of the component in the AndroidManifest.xml of the application.
<!-- Declare a singleUser service in the AndroidManifest.xml -->
<service
android:name=".MySingleUserService"
android:singleUser="true" />
Any singleUser component will always run under the system Android user (ie. the user 0) which can't be stopped by Android, even if you're application is currently running for another Android user.
To be able to use the property android:singleUser=”true”:
your app has to be a system application (either in system/app/ or system/priv-app/).
you app has to be signed by the platform certificate (by specifying LOCAL_CERTIFICATE := platform in its Android.mk).
your app must declare the use of the following permission in its AndroidManifest.xml.
<!-- Permission needed to use android:singleUser. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS"/>
Additional remarks
If your app only contains singleUser components, the entire app will become singleUser (ie. only one instance of your app will run for the entire system).
android:singleUser=”true” forces android:exported=”false” for your component (except if your app is privleged).
If a component of your application wants to communicate with a singleUser component of the same app via Intents, the default Android APIs can't be used because Intents do not cross Android users.
In that case, you have to use the multi-user Intent exchanges dedicated APIs which are suffixed by AsUser (ex: sendBroadcastAsUser(), startServiceAsUser(), etc.) and which allow to specify the destination Android user (UserHandle.SYSTEM in that case). Note that one of the following permissions must be used:
<!-- Permission needed to send intents to components of the SAME app running in another Android user. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS"/>
<!-- Permission needed to send intents to components of ANOTHER app running in another Android user. -->
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL"/>
What life-cycle is maintained for services of the non-active users. I get the impression that (at least some) services of APKs of a user get started the moment it gets activated in the lock screen (even without unlocking) and then are allowed to keep on running. But what will happen in low-memory conditions? Will a service of a non-active user also receive broadcast intents? Can such a service interact with the user and if so how?
As I've mentionned above, an Android user can continue to run in the background even if they are not the active one (at least until Android 10). If resources are low, Android can stop any Android user which is not the system user (ie. stop all their running applications). So a Service can continue to run on an Android user which is currently running in the background until the user is stopped.
As I've also mentioned above, Intents do not cross Android users. So if you have a BroadcastReceiver registered in the user 10 and that an Intent is sent from the user 11, it won't be received by your BroadcastReceiver. The only exception is if you use the AsUser Intent exchanges APIs to send it.
Also note that an Intent with the action BOOT_COMPLETED is sent whenever a new Android user is started. It is only sent to the components of the starting Android user.
Sources
Unfortunately, there is few Android online documentation about multi-user systems. Here are the only articles about it (if youd don't find answers there, I suggest you to directly look into the AOSP source code):
Building Multiuser-Aware Apps
Supporting Multiple Users
Manage multiple users
Is there a way to subscribe to events from an installed app on a AVD? What I would like to do is, e.g., when I enter any text on a EditText field in the app, I want to automatically receive a notification in my program, with the details (entered value). Is there any way I can subscribe to the android app events from any installed apk ? If there are frameworks or any Android native drivers which can do this, please mention them.
It looks like you might be able to do something similar via Android's accessibility API. You'd need to write an Accessibility Service which would need to be installed and then explicitly enabled via the control panel (this is a security precaution to prevent arbitrary apps getting access to potentially sensitive contents of UI of other apps). Your service can listen to AccessibilityEvents - looks like TYPE_VIEW_TEXT_CHANGED event - "Represents the event of changing the text of an EditText" - is the one you want.
What you need is Google Analytics for Android