Is it possible to deploy a mobile profile on an Android device that enforces the use of a pass-code lock by the end user? Similar to how with iOS devices a company can deploy a mobile configuration XML file which enforce settings like the pass-code lock requirement. Is there an equivalent of this for android ? If so which versions of android support this?
Thank you.
yes. the way you do it is to use Android's device admin facility.
Android 2.2 introduces support for enterprise applications by offering
the Android Device Administration API. The Device Administration API
provides device administration features at the system level. These
APIs allow you to create security-aware applications that are useful
in enterprise settings, in which IT professionals require rich control
over employee devices.
in a nutshell, you send the user through a short workflow that ask them to approve your app's activity as a device admin, then you can you use the DevicePolicyManager API to define security policies for the device (such as password policy).
the first link i provided is very good and it walks you through the whole process, so i won't try to duplicate that here.
Related
I'm working on an application that uses Airwatch to enter the device into a single purpose device when only one app is opened for a user (not by Knox sealed mode) and also uses Knox SDK to manage device settings, etc.
I'd like to block system notifications when the app is in a kiosk mode (or it more preferably to block any notifications like a low-battery in any mode, not only a kiosk).
How can I do it using Knox SDK or can I do it using Airwatch?
As from official Airwatch response: there no such functionality in Airwatch and an appropriate feature request has been created in the internal tracker.
Unfortunately, there are no any estimations because of internal feature prioritization should be done.
I am developing an app that will work in 2 different Android environments (consumer & corporate markets). Lets say it is a texting app with a dozen configuration parameters to manage.
The first environment is a standard Android device that has no Android Enterprise (AfW) features enabled. So there is no EMM (MDM) to supply an Android Agent/Client app to be a device/profile owner implementing a Managed Configurations Provider.
The second environment is within a corporation. An EMM (MDM) is used to manage all their corporate owned devices. The EMM is either a device or profile owner. They are set up to use Managed Configurations and require remote configuration of this app.
To support both of these cases, how should this app retrieve configurations?
My current thought is to check if the instance of my app belongs to a device or profile owner. If it does, I will use managed configurations. If it doesn't, it will allow on-device, within-the-app configuration using SharedPreferences.
I believe this will work, but seems too much like a hack. It also restricts a company using a device/profile owner from giving their users control. I imagine other Android apps must be starting to encounter this situation with the adoption-rate of Managed Configurations increasing. Is there a better solution for this scenario?
You can always call RestrictionsManager.getApplicationRestrictions(), whether the device is managed or not:
if the device is managed and the company has configured the app, it will return the configuration,
if the device is not managed or if the company has not configured the app, it will return an empty Bundle and you can give control to the user.
I want create an app to restrict android system internet. I also want to block other applications and Bluetooth. (Without rooting device)
How can I achieve it using android device admin APIs?
Please let me know in case of any other solutions for enforcing such system level restriction.
These features are accessible to Profile owners and Device Owners. I would request you to Read about Google EMM and Device Provisioning. Google allows you to use their EMM API to manage devices via a Google EMM Community account. Alternativly you can use various 3rd party EMM or MDM solutions like Kardamom or IBM MaaS360
Can any one help me out how to do MDM Integration in Android from client and server prespective?
I want to do an enterprise application which having lock and wipe functionality. I have no any clue of workflow of MDM in Android.
Thanks.
Android Device Admin API will do both things what you want to do (lock/wipe device and even more). An example is given and also you can find this complete source code in your Android SDK directory.
Now as client server perspective:
You have to implement your task (lock and wipe) in your android application (in client, i.e. known as agent). Now your application should be capable to communicate with your server or vice-verse.
I am 100% agree with adamk as he said "Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that."
And Android gives your this feature too, as adamk said to use C2DM, he was right but now C2DM is deprecated, and GCM has been introduced, “a service that helps developers send data from servers to their Android applications on Android devices.” The service can send a message of up to 4 kb to an application on an Android device, most often to tell the application to retrieve a larger set of data. GCM will now handle all queueing and delivery for messages to Android applications.
You should read how to use GCM, and you can find sample code too. Download GCM Android Library from SDK Manager
and check android-sdk/extras/google/GCM directory
After establishing successful communication between your agent and server, evaluate msg in agent sent by server and perform desire action (lock/ wipe). This is again up to you how you define your message payload and how you handle those payloads in agent application.
Here is an article about Android MDM.
Happy Coding :)
You can use DeviceAdmin to gain privileges for managing the Lock preferences and performing device wipe (among other stuff).
(The user must add your app as a device administrator beforehand)
Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that.
You may want to consider using Google's C2DM API, which is a convenient push mechanism.
As mentioned in the above answer, DeviceAdmin API can help. If you are using an Android device, you might know about the Android Device Manager (the web-based version) which allows you to manage your device. Basically, you can track, locate, lock, and wipe your device, some of the basic features of an MDM solution. So, in coding (though I am not a coding expert), you need to get access to the Device Manager (I guess, using some listener codes, or notification access).
Apart from this, MDM allows creating policies and groups of users (which would be a part of the coding in the app itself), then pushing the command over the internet (or OTA) to the connected device.
MDM also allows managing Apps and Data on the device, for which, you need the app to get access to the internal as well as external device storage.
Hope this helps. Good luck creating your MDM software
I would like to build an enterprise application. So in these case. i want remotely manage my Android Device,
Example. I want to disable USB port my office users device & New application installation. Since device will be provided by us , So in order to main security.
How to achieve this. Did Google Provides any APIS
From the Dev Guide:
http://developer.android.com/guide/topics/admin/device-admin.html
Android 2.2 provides a Device Administration API that allows you to set certain policies for the device on which your app gets installed. There is also a step-by-step tutorial on the same page.
This API has been used in some of the existing apps that come bundled with the Android source code. For eg: Exchange Email.
The Device Administration API only supports certainpolicies. If you need to restrict the use of the device, it might also be a good idea to tie in your app with the Exchange Email (or a corporate account, since you mentioned it's for office users). A typical corporate Exchange account has a much larger policy set.