How do I show lock screen if user tries to access critical part of my application. I want him to be able to access the critical part only if he can then unlock the device using the device credentials.
You can create a password screen for your application rather then depending on secure lock of android.
Because you can't manage lock screen on all versions of android.
Related
So maybe I'm wrong in assuming this but Google Smart Lock provides the same functionality as the iOS KeyChain solution, right (at least when it comes to saving passwords)?
Im seeing that iOS requires some sort of authentication every time we want to use a stored credential in the App but the Google Smart Lock just logs the user in without any extra authentication.
Could that be a security concern?
If my android device has no secure lock screen and there is an app that uses Smart Lock anybody that grabs my device would be able to login to the App.
When users device has some locking pattern on android or password, can my application make use of it? Does android allow my application to have system locking enabled ? Which APIs of Android do that purpose?
You can do that by this class: https://developer.android.com/reference/android/app/KeyguardManager.html#createConfirmDeviceCredentialIntent(java.lang.CharSequence,%20java.lang.CharSequence)
Did not understand it exactly but before using your application or accessing certain part of your application can be authenticated with phone lock screen, using this class
I want to create an app that requires the user to have a lock code set up on the device.
For example, when I link up to our Exchange server, it requires me to set a lock code on my Android and iOS devices. I would like to enforce the same rules for the app I am developing.
Is it possible to use the built in PIN/Password/Pattern in android for Android applications?
For instance, if a pin were set on the phone...it could be used to unlock an application. Otherwise, the user would have to set a pin for the application and/or phone.
I don't believe so and I hope they don't add one.
There are trusted path issues with allowing apps to request entry of the user's PIN.
The phone needs to make sure that apps don't keylog and exfiltrate PINs or administrative passwords, so user's need to be trained to only enter their PIN/password into a user-interface that sends events only to the OS. This is similar to the way that the Windows login is only displayed after Ctrl-Alt-DEL, a key sequence that is guaranteed to remove window focus and so stop the flow of key events to user-ring code.
Even providing an API that allows applications to request that the user confirm their administrative secrets weakens security by training users to enter important secrets in a variety of situations instead of only after Ctrl-Alt-DEL or other OS trapped sequence.
You could definitely make your own, but I don't think you can utilize the one from the OS.
I want to hide our Android application from remote Device Access like TeamViewer, anyDesk for security reasons.
Requirement is when user phone is given for remote access, if my application is opens then other person has to see black screen instead of my app.
For example:-
In Mobile A has my app let's say ABC App, Now Mobile A given remote access to Mobile B.Now when Mobile A opens ABC App then Mobile B has to see black screen instead of ABC App.
If FLAG_SECURE does not work (it is blocking screenshots and screencasts but not blocking a particular remote-support app), then the remote-support app vendor has partnered with the device manufacturer for low-level access (e.g., direct access to framebuffers). There are no defenses against this.
The best that you can do is try to come up with a blacklist of apps, use PackageManager to see if any of those apps are installed, and refused to show various screens in your app until the user uninstalls those other apps.
The best that you can try getWindow().getWindowManager() before setContentView() on Activity which you don't want to share. This will protect the screen.