Is it possible to require a pass-code when the user tries to uncheck the app as an administrator under Settings->Security->Device Administrators?
This would add a roadblock to not easily allow the user to uninstall the app as they would first need to remove the admin privileges from the app (for which they would need to authenticate with a password) and then they could uninstall.
This is not possible AFIK. This is right of user.
You can show a dialog for confirmation about DE-activation of Device Admin, but neither default device admin API gives you a way to show password dialog while DE-activating device admin, nor EDM APIs gives you the permission.
Although EDM APIs gives a way where you can block the DE-activation of Device administrator. So user can not uncheck a particular Device admin.
It is possible, but you'd have to employ some pretty sketchy techniques to achieve that. For example, Cerberus has an option called "Protect device admin" which immediately locks your screen and asks for login and password as soon as you tap "Deactivate this device administrator".
I cannot recommend you do this though since it's considered to be malicious behavior. You should use corporate policies instead. AFAIK they've been implemented to newer versions of Android and are not tied to a specific manufacturer.
Related
I have a question about admin apps on Android that I can't find the answer to. I followed the guide on creating an admin app from here:
https://developer.android.com/guide/topics/admin/device-admin#java
I successfully created an admin app but there's something that's confusing me. I have a fresh device (Moto G6) and when I go into Settings->Security&Location->DeviceAdminApps I see a list of admin apps on the device. Right now it lists my app and a Google Play Services app titled "Find My Device". The only difference, though, is that the google app was on by default. Normally, and including in my app, when I try to use an admin feature (through DevicePolicyManager), an android page pops up asking me to enable it as an admin app. Since the Google app is already enabled, that pop up doesn't need to appear.
So, my question is how do I make an app an admin app by default (without needing the pop up page)? I assume something needs to be done on boot up but I have no idea what that Google app does. Does anyone out there have any idea?
So, my question is how do I make an app an admin app by default (without needing the pop up page)?
Build your own firmware with your own custom build of Android, where you pre-install your device admin app and set things up for it to be pre-enabled.
Alternatively, I think if you create a device owner app, it will be enabled upon installation, but that installation happens when the device is being first set up.
Ordinary device admin apps require users to agree to enable them, for blindingly obvious security reasons.
I developed one parent and child communication Android application in which I wanted to restrict the child from uninstalling application. I have one solution that uses DevicePolicyManager. But still the application can be uninstalled without asking for password. If I remove the Device Administrator permission from the settings, then application is uninstalled from device?
Can anyone provide the valid solution for this cause?
You cannot prevent a user from uninstalling an app, from within the app code itself.
There is suggestions here How to prevent an application from being uninstalled?, but they are not foolproof.
The way around this is to use an android device with lollipop and upwards, so you can create a user account.
On the admin account, install an app that requires a password to uninstall apps. They are on the market (and free) I've used them. Or write one yourself.
Then on the child's account allow them whatever privileges you want them to have. They will be unable to touch the apps and uninstall them, unless on the admin account and with the password required for that app to uninstall other apps.
I have tried and tested this and it works.
My use case is, My app should verify the device pin/password is set. if not then enforce the user to set it up. This has to be performed every time user launches my application and proceed after verification of the pin/password. Can some please help how to implement this. I am using apache cordova and jquery for my application development.
This would be plausible if there were, say, a manifest permission you could add since Android checks the permissions before installing the app, but there isn't that option... Personally, I wouldn't enter my phones "master password" into an app. Too sketchy. Your best option is to create your own password system handled by your app. So whenever the app is run (or whatever your specific need is) you can ask the user to input his password.
I'm using in my app Device Admin API but it requires actions from user to enable it - I was wondering that is it somehow install app and automatically enable admin on it without asking user?
Does anyone tried to do something like this
Enable Device Admin without asking user
Not a good idea. If that would allowed by android then anyone can play with users and user's data. Android not allowed , not allowing and will not allow this thing in future. You better stop wondering ;)
This is not possible because of OS security
This isn't possible, the device admin provides certain rights to the device for an app, that a standard app does not have. It would be a huge security risk if the user installed an app and it automatically set itself as a device admin without the users consent or knowledge.
There is no way to enable or disable Device Admin without asking the user for security purposes.
OK after long time I have to say that it's impossible to do it without OS moddification. Even I have tried to use Android hidden API by reflection but then looks that you need some system permission.
Use dpm set-active-admin, if you have root or system/signature privileges.
I'd like to use someone else's (Nexus 7) tablet for some development and testing, however it seems that the normal method of enabling developer mode only works for the 'owner' user. I could use the owner's account, but I'd rather it were possible to use my own.
Seems fairly straightforward that what I want is not allowed (perhaps it would be possible with some rooting and fiddling, which I may or may not bother with on this device).
Is this documented anywhere?
Yes. Enable whatever developer settings you want as the main user; then it will be the same across all users (at least, this is what worked for me). Note that often if you are connecting to something there will be a prompt on your device asking if it's okay to connect to the computer/application. You need to switch back to the main user to accept the prompt, then it should work on all users
If the developer settings is enabled by the admin user, then it is enabled for other users as well. If you have a debug version of the app on the device before creating a user, then remove the app and debug it again. If you dont remove the app, it will fail to install apk and start activity in other user.
Hi I had the same problem using two Galaxy Tab A tablets
On one I could debug using a guest account on the other not. I found that the difference was this
Logging in as the owner and attaching the debugger it asks to enable debugging.
There is an option there to say always allow this computer to access.
Clicking this and then changing the account lets you debug while using the
guest account.
Isn't "clicking the Build Number 7 times" all that is required to activate developer options (and checking enable usb debugging)??
I don't think anything else has any impact on being able to use a device for development...