Is there a way to protect android devices so that the
user is no more able to download/install other apps?
The idea is to lend devices with specific apps.
Ideally the owner (that's me) should be able to remove the protection using a password/passphrase
Nope, don't think it can be done on a stock device.
If there is a way it is probably within the Device Administration API
Likely though is that if you want to achieve this you'd need at least a rooted device, and maybe even your own custom build of the OS to allow for it.
Related
My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".
The following criteria have to be met:
Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
The user should not be able to remove or disable the app
Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
Has to work with stock androids on regular consumer devices
In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.
Is such a project even possible with the current situation of Android?
No.
Has to work with stock androids on regular consumer devices
Mostly, this is your biggest hurdle to overcome.
What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".
If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:
Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/
Here is Samsungs effort at device control:
https://www.samsungknox.com/en
Here is Googles device management:
https://developers.google.com/android/management
You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.
The user should not be able to remove or disable the app
This is only possible if you have a system app.
Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).
Since the process of applying for EMM integration takes an unjustifiably big amount of time and the whole process is described as "incredibly painful" by those lucky ones that went through it, I want to know whether is it absolutely needed to become an EMM in order to have a working Device Policy Controller app (DPC).
If you faced this problem, please share the experience.
I am developing for COSU devices and want to go into a kiosk mode. I am aware of existence of ways of how to do it, but they all implement a bunch of workarounds - this is not an option - I want a controllable, safe and robust way of doing this. I don't care about not having the ability for remote managing also.
You can use Google's new Android Management API to manage Android devices without building a DPC or registering as an EMM.
You just want to write an app that uses Device Policy Owner? That's fairly simple, assuming you own the devices. Just install your app, adb shell in, and run the dpm command to set your app as owner. If you're buying in bulk from a manufacturer you can get them to do it for you in the custom image you install (although you may need to explain what you want, it isn't a common usecase).
Of course everything has its limits. This will work, unless the user manages to do a factory reset. Which you can prevent via the UI, but can generally be reached from recovery modes or from unlocking the bootloader. So its safe from casual intrusion, but if someone really wants to get at your device and they have physical access and time, they can.
It is definitely possible to write your own DPC without registering with the EMM community.
The most convenient option for provisioning the devices is via NFC. for example using a second device, as it is quite simple to write a provisioning application.
See Implementing Kiosk Mode in Android (part 3 and 4)
for a good example.
I had a few problems with some Android 5 devices, but since 6.0 it works quite well.
Is it possible to know whether an android phone has OTG support without rooting? If so how? I am asked to check some information before developing an app for android.
Yes, you can download a USB On-The-Go checking application from Google Play.
This one below for instance doesn't require root, although it does require that you follow the exact plugging and unplugging steps.
Before I give you the link thought, I must warn you that this app asks for way too many permissions and can display very intrusive ads that can draw themselves on top of other apps. If you install this, definitely uninstall it and get rid of it as soon as you're done with it.
Another thing you could do is just google for the exact model name. That kind of information is usually included in the specs, in the pdf specs, in wikipedia, or in some tear-down blog. If the specs won't even tell you the usb version number at the very least, then you'll know to keep on looking.
I'm developing a enterprise app for my client. He got the Companys phones rooted, but he need an app where he can control the background. But the problem is, he dont want so the app can be uninstalled. I know that you can make the app an system app, but it can still be deactivated.. Also you can use device admin, but it can just get unregistered, and then uninstalled.. Any way to make the app uninstallable? Of course is the app only going to get installed on the Companys phones, and not released om google play. Ask if you dont understand my question.. :-)
Depending on the manufacturer of the device, this might be possible. I'm most familiar with Samsung devices.
On Samsung devices, there is a special SDK called Knox which has many useful APIs. One of those allows you to disable uninstallation for any app you choose. Even with this, the app could still be removed by a factory reset (but Knox can disable factory reset as well).
If you aren't on Samsung, it's possible that whatever manufacturer you use has a similar SDK, so you should look into it. If you are on Samsung, you will need access to the Knox SDK, which isn't free, but since you said this is for a client maybe he would be willing to pay?
I am new android development and learning on emulator. What rooting of device means ?? it something like jail break for Iphone. How can i root emulator and why i need root a device ?
Rooting basically is giving the standard user root privileges, so that the normal user can do things that only the super user could normally do. On android devices this means being able to change several things, such as being able to modify the frequency of the processor, being able to install new firmware/ different versions of android that the manufacturer doesn't offer, or execute applications like the ones in here : http://androidforums.com/droid-x-all-things-root/131944-favorite-root-applications.html
It is fairly easy to do and very straightforward process in most of the android devices. You don't need to root the emulator, it is already rooted but you should better not be developing apps that require root access if you want to put them in the market -most of the people do not have a rooted device-.
Yes it is.
Because you perhaps want to use Android 2.3 on a phone where the manufacturer only supports 2.2 so far.
You do not need to root your device to do SDK development with it. You will never need this to build Android applications.
You root a device by exploiting a security hole in order to get a full access to the system. It then allows you to escape security to change system files that should not be modified.
It is a bit like jailbreaking. Rooting can allow you to install modified versions of your OS.
You are always root in the emulator, you do not need to "root it".