I have created an app that can lock the phone with a pin code using DevicePolicyManager, resetPassword and lockNow(). It works perfectly on my Galaxy S and on all other phones but not on HTC Desire.
On a Desire the pin code screen appears but you can simply press the ok button without entering the pin code and the phone will still unlock.
A user says that the lock works if he does not use the phone for about 5 minutes. Does anyone have a hint of what could be wrong, or any suggestion of what to do?
It sound like the password value is being cached, allowing him to bypass the entry code. After a few minutes, the app is removed from memory (clearing the cached credentials) and forces the user to re-enter the phone. A possible solution is to clear every field that handles the password after the user has entered the correct password.
This may not be the actual problem/solution but hopefully it helps.
I consider this a bug on the Desire but I found a way around it by setting the lock timeout to 1 second, locking the device and then set the lock timeout back up again.
Related
I'm writing a simple app for Android. It's very simple yet, it just take as input a username and a password.
I need to store those user and pwd firstly, then I need to make a textbox asking for those user and password appear when I try to turn off the smartphone.
Could you please help me on how to do it?
There is no way to do this reliably. Even if there was a systemwide shutdown message (and I don't think there is), the user could always just pull the battery. Or hold the power button for a few seconds to force a reboot.
Even ignoring that- there's no way to make shutdown wait until a user has entered the info you want. Even if you could display it, it would just go away and the phone would turn off. You'd be looking at a custom android os to do this.
I have the following problem.
I'm trying to make an app that locks the screen. The method via DevicePolicyManager works very well. So far so good. But when I lock my phone with DPM the fingerprint unlocking method is disabling and I have to enter my pattern (or PIN or whatever I set) to unlock the phone. If I lock it the normal way (ie with power button) the fingerprint unlocking works.
So my question is
How to lock the screen programmatically and be able to unlock it afterwards via fingerprint?
PS: I have an galaxy s5 mini with marshmallow lineage os
That is the normal flow. It takes the device to restarted state where the device will ask for a pattern or password. Google have not provided any api for this. You can check any app in PlayStore which has locking feature will behave like this.
Edited:
For the below queries you have asked response is shared here
How can a user lock his phone without using the power button (through an app for example) and still be able to unlock it using fingerprint?
There's intentionally no API for apps to call to lock the device.
Is there a security reason/concern around this?
Yes, there's a DOS (denial of service) concern if we allow apps to lock the device. Either intentional or accidental (app bug).
Found it here[https://code.google.com/p/android/issues/detail?id=79735#c115]
I think you need to search for how to lock with app shortcut and not with power button. Atleast I could help to this level.
Notice how the apex launcher or nova launcher got it way around. screen lock through apex launcher or nova launcher doesn't disable fingerprint scanner!
What it actually does is that it sets the screen to complete black i.e. soft lock (which gives user a false impression of screen off) and then after 5-10 seconds the display actually goes off due to time-out.
other app which implemented the same functionality OFF+ (Screen Off / Fingerprint unlock support).(I guess it modifys "lock screen timeout")
If the phone is rooted then a shell command can be executed to simulate the power key su input keyevent 26 but there might be a fraction of delay.
well, if some root user is looking, there's also a xposed module which solves this issue FingerprintEnabler
I would like to add some points to the JerryGoyal's excellent answer.
Below is the screenshot from Microsoft Launcher which shows the two ways to lock the screen. It clearly states that the method via Device Policy Manager will not work with fingerprint.
A work around is done by showing a black screen until the screen times out.
In the next screen it asks for permission to Modify system settings to alter the screen timeout period.
From https://issuetracker.google.com/issues/37010802#comment148 (posted Aug 9, 2018 08:26AM):
Android 9 finally added a solution for this (or a workaround, it
depends on how you look at it). A new AccessibilityService global
action was added for locking the device [1], [2]. Nova Launcher
already has a screen lock method using this service action in the
latest beta, and it allows for locking the device and keeping
fingerprint unlock and SmartLock working.
What sucks, though, is that users of your app have to enable the
accessibility service for your app. And having any accessibility
service enabled breaks Snackbar animation [3] (it no longer slides on
the screen, it just appears there without any animation).
[1] https://developer.android.com/about/versions/pie/android-9.0#a11y-convenience-actions
[2] https://developer.android.com/reference/android/accessibilityservice/AccessibilityService#GLOBAL_ACTION_LOCK_SCREEN
[3] https://issuetracker.google.com/issues/37092972
I installed an app on my android phone to safe lock certain apps with a password. Since I installed it, sometimes, regardless what i'm doing on the phone/which app i'm using, a full size screen with advertising appears and I have to click an "X" to close it or press back/home button.
(Can be that this screen appears randomly only when I digited a password to unlock an app therefore the safe lock app was active let's say, not sure.)
I was anyway wondering what sort of code is used for this? Anyone?
I'd need it for a less despicable cause: in order to show a transparent view with alertdialog when my timer is up and the app is closed, to imitate the original builtin countdown timer.
I'm writing an anti theft app, and I want when sim card is changed a dialog opens on boot and tell the finder to bring back the phone. This activity must be unleavable, so he can't leave it unless the correct code is entered.
Other situation is when user send a lock SMS to the phone.
I know how a device admin can lock the phone, but lock don't tell the message and the password can't be entered. And lock may not have a password or pattern so the finder can pass it easily.
Maybe a combination of device lock and a full screen activity which disable the keyguard do the job?
In my research, without being installed at the OEM level, you can't make it 100% un-leavable, just really annoying.
In an app I wrote for businesses which use a kiosk, since we weren't at the OEM level, we just kept the menu bar hidden and set the app to be loaded whenever Home was hit. Keeping the menu bar hidden was a pain, but was achieved by making it invisible and then when re-triggered, making it go away after 1 second. It's still able to be exited by hitting the clock in that 1 second, though. :(
I am working on security Related application in android. I am using DeviceAdminReceiver to lock the device,set password and to wipe data.Everything working fine.But My problem is wen i lock device using admin other user(other than device owner)can Guess and enter any random passwords device may get Activated. If this is the case my Application not Effective.I am also using Maximum failed password attempts to wipe after few wrong attempts, I want to hide Enter password to unlock screen in some special situation.My Question is
When Device Locked by DeviceAdminReceiver, How i can prevent unauthorized user to enter password?
reference: developer.android.com sample code. Thanks in Advance.
I don't think you can completely hide this unlock screen. I would suggest setting a very hard to guess password (very long, mix letters/numbers etc).
I also used an android application at one point (Lost Phone) that put a screen overtop of the current screen (whatever it was) and whenever you tried to close it it reopened, effectively preventing anyone from using the phone until they wiped it, or entered the correct password. That approach is somewhat more 'hacky', and doesn't stop someone from uninstalling the application using adb.