Im developing a parental app which restricts outgoing calls to limited defined numbers.
I need to set a password for the app log in and is it possible to set a password which can be set to control the process of uninstall of this application.
I had gone through some of the links,but haven't reached in any conclusion.
LINK 1
LINK 2
These cannot serve my purpose... that's also not a solution.
Can anybody tell how exactly to add a watcher to serve this purpose?
is it possible to set a password which can be set to control the process of uninstall of this application.
You are welcome to create your own custom firmware that contains your application, and install that firmware on whatever devices you are allowed to. Your application then cannot be uninstalled.
Android SDK applications cannot "control the process of uninstall".
Related
When you install a Worklight application onto an iPhone, in the settings there's a parameter "Custom Server URL" you can use to change the Worklight Server the app is to connect to.
I was wondering if there's such a parameter you can change on the fly on an Android device as well, or do I have to redeploy the application every time I want to change the server?
I was also wondering if it's possible to disable this feature? I'm thinking in a production scenario I probably don't want my users to be able to change the server they're pointing to.
Indeed, the Worklight Settings feature is meant only for development time, and should (I would say even, must) be turned off when moving to production (if the intended end-user is the Public and not in-house employees where it may be useful for specific use cases...).
It is available for both (and only) Android and iOS in application-descriptor.xml in their respective environment nodes.
You need simply change its value from the default true to false.
In iOS you access it from the Settings.app
In Android you access it by tapping on the device's physical Menu button
Is it possible to update application from itself in Android? The app in question is a system app, so I can execute privileged commands. Also note that I don't want to show any notification to user, so everything should work in the background.
It is actually pretty easy for an app to update itself, the hard part is doing it without putting up a prompt to the user. The app needs to download the APK, then send it to the PackageManager API to install it. Android will then put up the install prompt. There is a library to handle that part:
https://gitlab.com/fdroid/update-channels
As for doing it with prompting, the app needs privileged access. If the device is rooted, the app can request root access. The app can also be flashed as a "priv-app" so that it has privileged access. Or you can do it like F-Droid: flash the Privileged Extension as a "priv-app", and make your app send install/uninstall requests to Privileged Extension.
Otherwise, you need to download binary code, and dynamically load it, like #yusuf-x said. Be aware that Google is working to make that impossible in each new release of Android.
Use the Java ClassLoader to dynamically load code that was push or pulled down. – Yusuf X just now edit. I've used this for just such a purpose on Android.
Fdroid is an open source application repository.
Their client app can install/update/delete apps from the fdroid repository, including itself.
See the code for the installer part of the client app here:
https://gitlab.com/fdroid/fdroidclient/tree/master/app/src/main/java/org/fdroid/fdroid/installer
Is it possible to use the built in PIN/Password/Pattern in android for Android applications?
For instance, if a pin were set on the phone...it could be used to unlock an application. Otherwise, the user would have to set a pin for the application and/or phone.
I don't believe so and I hope they don't add one.
There are trusted path issues with allowing apps to request entry of the user's PIN.
The phone needs to make sure that apps don't keylog and exfiltrate PINs or administrative passwords, so user's need to be trained to only enter their PIN/password into a user-interface that sends events only to the OS. This is similar to the way that the Windows login is only displayed after Ctrl-Alt-DEL, a key sequence that is guaranteed to remove window focus and so stop the flow of key events to user-ring code.
Even providing an API that allows applications to request that the user confirm their administrative secrets weakens security by training users to enter important secrets in a variety of situations instead of only after Ctrl-Alt-DEL or other OS trapped sequence.
You could definitely make your own, but I don't think you can utilize the one from the OS.
a customer ordered us a tablet application, but they need a lot of access restriction to lock device functions such as:
Permit datas transfer only inside the application not outside
Restricted user access on the device (something close to admin and normal user permissions)
A framework/API that permit to create an internal mail reader/sender
Public API of iOS makes impossible to fulfill those requirements. I was wondering if Android makes life easier when there are those kind of restriction.
UPDATE: To make understand better the field of use. I'm talking about an application that "force" the device to be used just only with that application for an Enterprise use. The app is just like a CRM but the device should be blocked in some functions to make users only work with them and NOT playing or use facebook, market etc.
Not sure you can achiev all of those, but you should look into the device policy for android here and here.
1) Not sure what you mean by point 1. If you mean controlling all data transfer from the device, you might be a in a bind considering the only way to get a firewall running on android is by rooting the device. Perhaps you could look into writing a custom launcher/home like KidZone that only shows approved apps? - Not nearly as secure, though.
2) Honeycomb, so far, doesn't have multi-user support - though you can have multiple google accounts registered. The custom launcher could help in this regard though.
3) I don't see the point of doing this unless they already have a custom mail infrastructure in place. Otherwise just go with exchange.
Permit datas transfer only inside the application not outside
Do not request the INTERNET permission.
Restricted user access on the device (something close to admin and normal user permissions)
You would have to implement this yourself.
A framework/API that permit to create an internal mail reader/sender
I have no idea what this means.
I am just starting on Android development. To my nascent knowledge, it seems that anybody can grab any personal info and modify it or phone it home. Like with ContactContentProvider. I know these(permissions) have to be specifically declared in application manifest and the user would be presented with this info during installation. But still how would you you know the application handling your private data is not going to go rouge on it?
Example:
Suppose I create an app with internet
and contact-reading permissions. It
claims that it will backup contacts on
a server specified by user. While
secretly it also copies them to your
own server.
It's no different than you developing an app that does it that runs on a PC, or something that uses your gmail login to see if there's others you know on the same site.
It's all about trust. Also the Apple approval process doesn't safeguard against any of this if you hide it and when found out malicious apps can be killed & uninstalled instantly.