I am working on security Related application in android. I am using DeviceAdminReceiver to lock the device,set password and to wipe data.Everything working fine.But My problem is wen i lock device using admin other user(other than device owner)can Guess and enter any random passwords device may get Activated. If this is the case my Application not Effective.I am also using Maximum failed password attempts to wipe after few wrong attempts, I want to hide Enter password to unlock screen in some special situation.My Question is
When Device Locked by DeviceAdminReceiver, How i can prevent unauthorized user to enter password?
reference: developer.android.com sample code. Thanks in Advance.
I don't think you can completely hide this unlock screen. I would suggest setting a very hard to guess password (very long, mix letters/numbers etc).
I also used an android application at one point (Lost Phone) that put a screen overtop of the current screen (whatever it was) and whenever you tried to close it it reopened, effectively preventing anyone from using the phone until they wiped it, or entered the correct password. That approach is somewhat more 'hacky', and doesn't stop someone from uninstalling the application using adb.
Related
I am working on an android app that should be used by students in some kind of practical test.
I am using the screen pinning that was introduced in Lollipop (startLockTask()), so when my app is launched the user needs to allow the locking.
I couldn't find a way to know when the user click ok for the locking and when he unlock the pinning? (The user can cancel the lock by holding both the Back and Recent buttons).
I am not looking for a way to know if the user currently in lock screen (getLockTaskModeState ()), i want to know if i have a way to handle the events of locking or unlocking.
I want that in the begining of the test i will be able to send information to my server if the users 'logged in' properly (by allowing the lock), and as well if the user unlock the device before the end of the test.
EDIT
Hey, people!
Please explain yourselves after downvoting!
If I wasn't exaplaining myself - i will try again if you will let me know.
I read a lot of questions and answers about general lock screen, but not the one of app pinning, I also read about check the status of the current task- if it is locked or not, but i didn't find answer to what i am asking - is there a way to handle the event of unlocking the 'screen pinning' of a specific app.
So please, explain your downvotes!
Device Admin Recevier class give you the event of pinning and unpinning... However the example use the class when the installed app is provisioned for device owner.. Not sure if you could use it. You may refer to this too : How to be notified when screen pinning is turned off in Android 5.0 Lollipop?
https://developer.android.com/reference/android/app/ActivityManager.html#getLockTaskModeState()
Just use the function as stated in the link.
Hello stackoverflow users!
I'm making an app that requires reading and setting the lock screen password depending on which state the app is in.
Is there a way to do this without rooting? Or are there any alternatives like making the user reset the password for the different states so the app avoids the problems involved in reading the already existing password?
Just to make things clearer:
App state 1: pattern screen lock password
app changes screen lock password to state 2
App state 2: no password (slide screen lock)
Thank you in advance,
Peter
The only way to change the lock screen password is to make use of the device administrator class. Do note that it is only for Android 3.0 and up.
Here is the link
I'm making a security program and I'm using DeviceAdmin mechanism. I'va made a DeviceAdminReceiver, it works flawlessly.
I need to protect my software from deinstalling. On the first run user enters the password for uninstallation.
In onDisableRequested I'm using setPasswordQuality(), setPasswordMinimumLength() and finally lockNow(). The device is locking and asks for my password. It is fine. When the user enters matching password the device unlocks, user sees my warning like #it's not a good idea to disable bla-bla-bla" and disables my admin app.
But! The password that was set by my code isn't cleared and if the user used some pattern to lock his phone the phone is locked by my password for good!
The question is: how can I revert changes to locking scheme? (i.e. restore it to visual pattern if it needs)
Roman, based on your description, I am not sure which case you are trying to protect from.
It looks like you are trying to protect from :
a thief, who knows a device passcode (so you are trying to use another passcode)
This is quite strange case. I would rather ignore it, because it has a lot of other implication.
a thief, which stole unlocked phone and wants to uninstall your device admin
In this case, you don't need to reset a password. All you need to do is lockNow() to make sure
that he can't uninstall (because he doesn't know the password)
I'm writing an anti theft app, and I want when sim card is changed a dialog opens on boot and tell the finder to bring back the phone. This activity must be unleavable, so he can't leave it unless the correct code is entered.
Other situation is when user send a lock SMS to the phone.
I know how a device admin can lock the phone, but lock don't tell the message and the password can't be entered. And lock may not have a password or pattern so the finder can pass it easily.
Maybe a combination of device lock and a full screen activity which disable the keyguard do the job?
In my research, without being installed at the OEM level, you can't make it 100% un-leavable, just really annoying.
In an app I wrote for businesses which use a kiosk, since we weren't at the OEM level, we just kept the menu bar hidden and set the app to be loaded whenever Home was hit. Keeping the menu bar hidden was a pain, but was achieved by making it invisible and then when re-triggered, making it go away after 1 second. It's still able to be exited by hitting the clock in that 1 second, though. :(
I have created an app that can lock the phone with a pin code using DevicePolicyManager, resetPassword and lockNow(). It works perfectly on my Galaxy S and on all other phones but not on HTC Desire.
On a Desire the pin code screen appears but you can simply press the ok button without entering the pin code and the phone will still unlock.
A user says that the lock works if he does not use the phone for about 5 minutes. Does anyone have a hint of what could be wrong, or any suggestion of what to do?
It sound like the password value is being cached, allowing him to bypass the entry code. After a few minutes, the app is removed from memory (clearing the cached credentials) and forces the user to re-enter the phone. A possible solution is to clear every field that handles the password after the user has entered the correct password.
This may not be the actual problem/solution but hopefully it helps.
I consider this a bug on the Desire but I found a way around it by setting the lock timeout to 1 second, locking the device and then set the lock timeout back up again.