I have a request on developing enterprice tracking application. The application should be able to get current postion of the phone and send it to server every 5 minutes. Even if application is running on background - user can easily shut it down. I need to create some sort of restriction for that, maybe password based. In order to shut down this application user must enter a password. And if he is rebooting, application should autorun after rebooting.
Is it possible to do this?
No it is not!
But... I know a trick that can do the work, it's name is AlarmManager
You can set alarm for your application that will alert every 1 sec, and if the application been shut down it will rebuild it self.
At this point you can set a password to shut down the alarmManager.
But just to let you know, I been trying this once, Google told me nothing, but users left me a comment that the application is hacking they device ;)
From ICS onwards, any app implementing Device Administration cannot be stopped. But the only drawback is the user can remove the Devvice Administrator.
You could restrict your app to work only when Administrator is On.
One more way is if the user removes the administrator you can lock the whole device with a custom password using resetpassword.
If the devices were rooted you could implement that but you probbaly wouldn't be able to distribute the app as an APK due to the required modification of system files. Maybe as a Zip that is flashed via Clockwork mod. Beware of voiding the devices' warranty though.
Babibu's suggestion regarding Alarms is a novel approach, but be cautious of waking the system constantly as that will drain the battery much faster.
Actually a big problem you'll face is that the user can disable GPS and then you can't programatically turn it back on again - unless you try to use an exploit which is obviously not ideal and won't work on all devices.
A better idea might simply be to report to your server whenever the user disables the application or GPS. You'll know which user disabled it so your organisation can punish that user appropriately.
What you are looking for is Device Administration
http://developer.android.com/guide/topics/admin/device-admin.html
This page explains how it works and how you can change all sort of policies about passwords and disable camera.. et cetera
What they barely talk about is as soon as an application is enabled as device administrator you can't kill it or uninstall it without disabling this feature first. It's up to you to implement enable/disable buttons the proper way.
To be sure the service always restart even if killed by system (in low ressources cases) you need to override this method of your Service :
public int onStartCommand (Intent intent, int flags, int startId)
{
return START_STICKY;
}
Finally to make your service start at boot you need to catch ACTION_BOOT_COMPLETED broadcast.
The main issue is you can't prevent user from disabling GPS or using mock locations but you can detect it and log it.
It is a good practice (actually it is mandatory in my country) to notice users they are watched so you can explain them at the same time that you'll know if they mess up with the GPS.
Rooting the phone is another solution but you will likely open more doors than you close ;)
Related
I've seen some "app locking" solutions in the Google Play store and I was wondering how those apps work. I'd like to build something similar.
I realize that this might require some special permission or maybe request the app to be added as device administrator.
Is there some broadcast that is triggered just before an app is launched that I can intercept and do some action (e.g. launch an activity that will request the user to fill a password)? I've read some lengthy discussions how this is not a good idea and the only idea is to have a background service that will continuously poll the running processes and check for changes, but I think retrieving this list every second and checking it for chances is not good for the battery and I think other app locking apps out there must be using a different approch.
If possible, without the need for a rooted phone.
I'm developing and Android application on CodenameOne that needs to send a web request every 5 minutes even when minimized. How can I achieve this behavior in order to prevent that the request get stopped or paused by the OS?
You cant do that from the activity, you'll need to create background service.
http://developer.android.com/training/run-background-service/create-service.html
Use AlarmManager to set up your every-five-minute operation. Have it trigger a BroadcastReceiver, which in turn passes control to my WakefulIntentService (or your own IntentService that handles the WakeLock, that you will need so that the device stays awake while you do your work). Have the service do the "web request".
This is still not 100% guaranteed:
The user can Force Stop you from Settings, in which case your alarms are gone and nothing will happen until the user manually runs your app again
The user might block alarms from firing on certain devices, like various SONY Xperia models, that offer "stamina mode" or the equivalent
However, it is the best that you are going to get, short of rolling your own Android OS version.
The other guys answers are correct that you need to create a service but they somehow ignored the mention of Codename One.
Under Codename One you need to create a native directory for android and just place the service source code there (just use a blank service class that doesn't really do anything). Then you need to add to the build arguments the option android.xapplication where you would state the service XML attributes.
Having said that what you are trying to do is VERY wrong and you shouldn't do it in Android! You will drain the battery life from the device in no time and the service will be killed by the OS eventually (since it will be a battery drain). The solution is to send a push notification to the device to wake up the application.
In Android 9 and newer you can prevent your App falling asleep with a battery setting.
Long click on your App -> App info -> battery -> optimize battery consumption
Here add your App from the list.Hint: maybe the menu entries have a different name, depending on your phone.
I have a very simple question. Can you force an app (from a development point of view) to run while the phone is off and plugged in. I know with my phone there is a battery display that shows while the phone is off and charging which I assume is controlled by software but I was wondering if that is possible with an app. After research my gut is telling me no but I want to make sure.
I know with my phone there is a battery display that shows while the phone is off and charging which I assume is controlled by software but I was wondering if that is possible with an app.
This is not possible from an app, only from firmware.
If you are not looking to update the screen, you can use a WakeLock to keep the CPU on. Or, use a different WakeLock and keep the screen on all of the time. Neither of these will make the user very happy, unless it is done completely under their control.
You will need create Service and on create or when you are about to do whatever your app does, create and acquire WakeLock. Once it's done you can startForeground to let user know that you are doing some important job and let Android to keep you alive/process and let your app finish work.
Does anyone know if there's a way to either keep the user from uninstalling an app from an Android phone or reinstall it on removal? Before you flame me, please know that I have an app that's intended to be installed on the phone by a parent/employer/etc. and has a password-protected settings screen; the user would need to enter the password to remove the app.
What if you have it send an email alert to a registered email address on uninstall?
On the topic of email notification when your service is uninstalled--
A lot of security software runs multiple processes which monitor each other, so that it's more difficult to shut the system down. You could do something similar with two services installed, each monitoring to see if the other is installed. If something goes wrong, they can send off the e-mail.
Not without modifying the kernel, or reducing the user priviledges on the device. Think of it as a Linux computer, where the cell phone user has root.
Can you prevent them from removing your app? No.
But you can make it painful and difficult enough that it's not worth it, and include alerts that indicate it has been removed.
First, I would modify the software so it requests and successfully answers a cryptographic challenge/response periodically from a remote server - daily should be enough, and wouldn't impact battery use. This way your server knows when it has been disabled (could be sold as an additional $10/yr service charge) and you can alert the purchaser.
Second, I would tie the software into the system at the driver level so that removal also removes text services. There are drivers or services that the texting application uses that could be replaced with your custom versions, and on removal would render the texting app useless. Chances are good that you already tie into the system in a similar way to block the texting app (and other apps) while traveling too fast.
Third, I would consider installing a monitoring program that runs as a separate process (check out how the latest viruses operate for clues). It would check to make sure that not only is the app still running, but it's running the latest version, and there isn't a GPS simulator or other program that prevents your app from getting correct GPS data.
I'm curious how you differentiate between the driver texting and a friend in the passenger seat texting on the driver's cell, though.
-Adam
Well, solution would be to mount /system/apps/ to be writable and put your app there once.
When you restart the phone it would automaticly install it and prevent a user from uninstalling (as every app in that folder, list it to see it). That's how mobile providers force user to have they app.
However, user could always delete this app by rooting + mounting /system/app/ to writable and then to delete. But "normal parents" can't do that :)
Regards
P.S. This question is two years old, I've notice it just now... :S
I'd highly doubt that's possible. The permission structure of Android is going to give the user full control over what's happening on their phone (to some degree) and not being able to uninstall an app would be a pretty large security risk.
If you modified the Android core, it would probably be possible, but if you're trying to force something onto an end-user, that's a bad idea.
Maybe there's a better approach to what you're doing? If there's some required functionality in the app to keep the user from uninstalling it, that would be a small incentive to keep the app, but there's no way to keep a user from removing something they really don't want. You could have the app report uptime to a seperate server so you could be notified if the app was removed, but I think that's as far as you're going to get.
Does anyone know if there's a way to either keep the user from uninstalling an app from an Android phone or reinstall it on removal? Before you flame me, please know that I have an app that's intended to be installed on the phone by a parent/employer/etc. and has a password-protected settings screen; the user would need to enter the password to remove the app.
What if you have it send an email alert to a registered email address on uninstall?
On the topic of email notification when your service is uninstalled--
A lot of security software runs multiple processes which monitor each other, so that it's more difficult to shut the system down. You could do something similar with two services installed, each monitoring to see if the other is installed. If something goes wrong, they can send off the e-mail.
Not without modifying the kernel, or reducing the user priviledges on the device. Think of it as a Linux computer, where the cell phone user has root.
Can you prevent them from removing your app? No.
But you can make it painful and difficult enough that it's not worth it, and include alerts that indicate it has been removed.
First, I would modify the software so it requests and successfully answers a cryptographic challenge/response periodically from a remote server - daily should be enough, and wouldn't impact battery use. This way your server knows when it has been disabled (could be sold as an additional $10/yr service charge) and you can alert the purchaser.
Second, I would tie the software into the system at the driver level so that removal also removes text services. There are drivers or services that the texting application uses that could be replaced with your custom versions, and on removal would render the texting app useless. Chances are good that you already tie into the system in a similar way to block the texting app (and other apps) while traveling too fast.
Third, I would consider installing a monitoring program that runs as a separate process (check out how the latest viruses operate for clues). It would check to make sure that not only is the app still running, but it's running the latest version, and there isn't a GPS simulator or other program that prevents your app from getting correct GPS data.
I'm curious how you differentiate between the driver texting and a friend in the passenger seat texting on the driver's cell, though.
-Adam
Well, solution would be to mount /system/apps/ to be writable and put your app there once.
When you restart the phone it would automaticly install it and prevent a user from uninstalling (as every app in that folder, list it to see it). That's how mobile providers force user to have they app.
However, user could always delete this app by rooting + mounting /system/app/ to writable and then to delete. But "normal parents" can't do that :)
Regards
P.S. This question is two years old, I've notice it just now... :S
I'd highly doubt that's possible. The permission structure of Android is going to give the user full control over what's happening on their phone (to some degree) and not being able to uninstall an app would be a pretty large security risk.
If you modified the Android core, it would probably be possible, but if you're trying to force something onto an end-user, that's a bad idea.
Maybe there's a better approach to what you're doing? If there's some required functionality in the app to keep the user from uninstalling it, that would be a small incentive to keep the app, but there's no way to keep a user from removing something they really don't want. You could have the app report uptime to a seperate server so you could be notified if the app was removed, but I think that's as far as you're going to get.