Android Keyguard Lock - android

I am working on an application that will replace the default lock screen (swipe to unlock) for android devices. I have successfully done this by disabling the keyguard manager and showing my activity using the broadcast receiver for screen OFF and screen ON intent. Now, the problem is when I set the default screen lock again for any reason then my application would not disable the keyguard unless I force close it and launch it again.
km = (KeyguardManager) getApplicationContext().getSystemService(Context.KEYGUARD_SERVICE);
if( km.inKeyguardRestrictedInputMode()) {
//it is locked
km = (KeyguardManager) getApplicationContext().getSystemService(KEYGUARD_SERVICE);
kl=km.newKeyguardLock("com.example.helloworld.MainActivity");
kl.disableKeyguard();
} else {
Intent i = getIntent();
i.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
getApplicationContext().startActivity(i);
}

You cannot replace the lock screen with a user application. Anything you do is a hack and may or may not work on some device, and will likely break with new releases. You can create something that looks like a screen lock, but it won't work like one. Additionally, in recent versions of Android (post-ICS), unlocking the screen does extra things like unlocking the credential storage, which your app cannot possibly do (since it doesn't have system permissions).
If you really want to replace the screen lock, you need to build your own Android ROM, modifying/replacing the stock one.

The accepted answer may be out of date.
It's now possible to use Device Admin to create and remove device passwords.
An application can be placed above the current lock screen using FLAG_SHOW_WHEN_LOCKED (complete explanation in another answer)
The keyguard can be dismissed using FLAG_DISMISS_KEYGUARD
As a result, it's theoretically possible to secure the actual lock screen using an app-generated password (providing real security), float a custom lock screen above the android lock screen, and -- when a proper password is provided -- unlock and dismiss the real lock screen. Finally, you would use a receiver to restore or clear the password on relevant events like SCREEN_OFF or SCREEN_ON -- the latter could automatically clear the password if a timeout was not yet reached.
FWIW, I don't recommend this approach since a crash or uninstall would leave a user with a device locked by a password they do not know.

Related

How can Next lock screen (Microsoft) bypass the system lock screen with fingerprint?

I'm currently developing a lock screen application. I have used Next lock screen and realised that it can bypass the system lock screen if fingerprint is enabled. I have done several reseach to find out the way. Unfortunately, I could not do that. But I have some conclusions based on my research:
Next lock screen can ONLY bypass the system lock screen if at least 1 fingerprint is set.
Next lock screen can ONLY bypass the system lock screen PROPERLY on android 7.1.1 and below. It CANNOT do that on android 8.0. If you have a chance, please use it and you can understand what I am trying to say here.
There are differences between android 7.0 and 8.0.
On Android 7.0, when an activity shows up ON TOP OF the system lock screen, the keyguard behind stops reading fingerprint. Somehow, Next lock screen enables the keyguard to continue reading the fingerprint but I don't know. I'm trying to do this.
On Android 8.0, with the same case, the keyguard behind CAN STILL READ the fingerprint. Therefore, if the fingerprint is correct, the phone is unlocked and I can catch the event of "USER_PRESENT" to dismiss my lock screen. However, Next lock screen fails to function properly.
And now, my question is how I can make the keyguard to continue reading the fingerprint while my custom lock activity is showing on top?
This is what I want: My custom lock screen will show up on top of the system lock screen. The system lock screen can have any type of security methods (password or pattern). If and only if the user enables fingerprint unlock in the system, they can use fingerprint on my custom lock screen to unlock the device (the system lock screen is unlocked at the same time my lock screen disappears)
Thank you very much.
They do not run Activity as their lockscreen but they just draw their view into WindowManager and somehow listens for lockscreen unlock and then they hides their UI. Check this - Android Lockscreen with FingerPrint support

Lock screen without disabling fingerprint

I have the following problem.
I'm trying to make an app that locks the screen. The method via DevicePolicyManager works very well. So far so good. But when I lock my phone with DPM the fingerprint unlocking method is disabling and I have to enter my pattern (or PIN or whatever I set) to unlock the phone. If I lock it the normal way (ie with power button) the fingerprint unlocking works.
So my question is
How to lock the screen programmatically and be able to unlock it afterwards via fingerprint?
PS: I have an galaxy s5 mini with marshmallow lineage os
That is the normal flow. It takes the device to restarted state where the device will ask for a pattern or password. Google have not provided any api for this. You can check any app in PlayStore which has locking feature will behave like this.
Edited:
For the below queries you have asked response is shared here
How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?
There's intentionally no API for apps to call to lock the device.
Is there a security reason/concern around this?
Yes, there's a DOS (denial of service) concern if we allow apps to lock the device. Either intentional or accidental (app bug).
Found it here[https://code.google.com/p/android/issues/detail?id=79735#c115]
I think you need to search for how to lock with app shortcut and not with power button. Atleast I could help to this level.
Notice how the apex launcher or nova launcher got it way around. screen lock through apex launcher or nova launcher doesn't disable fingerprint scanner!
What it actually does is that it sets the screen to complete black i.e. soft lock (which gives user a false impression of screen off) and then after 5-10 seconds the display actually goes off due to time-out.
other app which implemented the same functionality OFF+ (Screen Off / Fingerprint unlock support).(I guess it modifys "lock screen timeout")
If the phone is rooted then a shell command can be executed to simulate the power key su input keyevent 26 but there might be a fraction of delay.
well, if some root user is looking, there's also a xposed module which solves this issue FingerprintEnabler
I would like to add some points to the JerryGoyal's excellent answer.
Below is the screenshot from Microsoft Launcher which shows the two ways to lock the screen. It clearly states that the method via Device Policy Manager will not work with fingerprint.
A work around is done by showing a black screen until the screen times out.
In the next screen it asks for permission to Modify system settings to alter the screen timeout period.
From https://issuetracker.google.com/issues/37010802#comment148 (posted Aug 9, 2018 08:26AM):
Android 9 finally added a solution for this (or a workaround, it
depends on how you look at it). A new AccessibilityService global
action was added for locking the device [1], [2]. Nova Launcher
already has a screen lock method using this service action in the
latest beta, and it allows for locking the device and keeping
fingerprint unlock and SmartLock working.
What sucks, though, is that users of your app have to enable the
accessibility service for your app. And having any accessibility
service enabled breaks Snackbar animation [3] (it no longer slides on
the screen, it just appears there without any animation).
[1] https://developer.android.com/about/versions/pie/android-9.0#a11y-convenience-actions
[2] https://developer.android.com/reference/android/accessibilityservice/AccessibilityService#GLOBAL_ACTION_LOCK_SCREEN
[3] https://issuetracker.google.com/issues/37092972

Executing application when Android is about to lock the screen / go sleep

I would like my application to react to screen locking / putting phone into sleep. Based on some condition my application could decide to allow locking/sleep or to do something.
I want to use it that way:
User install my application (he don't have to run it all the time).
When phone want to go sleep or the screen is about to lock, my application receive the "message".
My application run some logic and decided either to allow lock/sleep or to perform some operation (that will prevent screen from lock this time).
If the user turn off the phone, my application can but don't have to react to it.
Is it possible to receive and react to screen locking and/or start of the sleep in order to prevent it (sometimes)?
Well, you can first let your app receive the ACTION_SCREEN_OFF intent, which would do:
When phone want to go sleep or the screen is about to lock, my application receive the "message".
http://developer.android.com/reference/android/content/Intent.html#ACTION_SCREEN_OFF
You can also use the PowerManager to wake the device up too, which
will prevent screen from lock this time
http://developer.android.com/reference/android/os/PowerManager.html

Prevent access to activity by re-using Android's screen lock

In Android, you can go to system settings and enable screen locking whereby you can require a password, PIN, or some other means of unlocking the screen. This is typically used if you put your device into standby mode or it goes into standby mode after the screen dims out.
What I would like to do is to re-use this screen locking within my app but to prevent access to a particular activity. I would have a button that when pressed brings up the screen lock activity where the user must enter their PIN. If they enter it correctly, I then let them have access to the activity, otherwise they cannot use it.
Is it possible to re-use the screen locking activity in this scenario? If so, what API do I need? Would be nice if it worked on Android 2.3
EDIT:
Some of you are assuming that my app REQUIRES a PIN or password to operate. That is not the case. Users who want to protect certain data in my app can require it to have a PIN or password in order to view it. But why write my own password/PIN activity or dialog when the system already has one.
That kind of security is only available to inbuilt system components, like the settings app. Third party apps cannot request for the password dialog to be shown, and only continue working if the user enters the correct code.
Additionally, a decent amount of users simply do not have a pass code on their device.
You could look at KeyguardManager and KeyguardManager.KeyguardLock. There seems to be a change in how this functionality works starting in API level 13, but I'm not familiar with the topic in general, so you'll have to investigate that if you plan to go this route.
You are probably better off implementing something self contained in your app. It's very easy to cover the screen (perhaps with another Activity) or to hide UI elements programmatically and show an alternate UI with a password input field or something.
You can use the Screen locking feature from Android 2.2 itself.So, it will work in 2.3 easily.The method to use this feature can be done in basically two ways.
1st one is.
There are two way you can lock the screen:
PowerManager manager = (PowerManager) getSystemService(Context.POWER_SERVICE);
manager.goToSleep(int amountOfTime);
The second one is
PowerManager.WakeLock wl = manager.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK,Your Tag");
wl.acquire();
wl.release();
The permission is also needed.that is
<uses-permission android:name="android.permission.WAKE_LOCK" />

Do WakeLocks prevent the screen from locking (password/PIN lock)? If so, can I work around that?

I have a Service that keeps the display on at a dim level at certain times, and it uses a 'dim' WakeLock to accomplish this. It works well... except that the screen never locks. That is, while the dim WL is held, the lock screen never appears requiring the user to swipe and authenticate.
Note that I'm developing on a platform that may have vendor changes to the low-level Android Java framework code, so this might not be standard Android behavior. But also, I have access to the framework code and can change it, if necessary. I just can't figure out where this policy is enforced in the code.
When the device is on external power, we want to keep the screen contents visible - but we still want it to lock.
The only way I can think of to do that is for you to maintain your own timer for when to trigger the lock, then to use DevicePolicyManager and lockNow() to lock the device at that point. This requires extra permissions and extra setup work (enabling your app as a device manager).

Categories

Resources