I want to write tests for an application that uses the android device administration API . My problem is that the user needs to manually grant one-time approval for the application to have admin rights, otherwise a SecurityException is thrown at runtime.
a user can manually enable/disable admin rights for applications by going to settings->location & security -> select device administators. I would like to do it programmatically from within an AndroidTestCase.
I did not find a way to grant admin automatically.
Luckily, however, the AVD remembers that the application was granted admin and does not revoke it after installing a later version of the same app. Thus, after a manual one-time process of enabling admin on the emulator I can run all my tests that require admin, as long as i don't switch to another AVD.
Related
I'm a new Android developer and trying to make a package manager app. I have listed all installed apps, and now I want to uninstall the particular app without user interaction. Is it possible with unrooted phones?
The PackageManager class contains a #hide method : deletePackage. BUT you can't use it because :
It's an hidden method, therefore the only way to call it in a normal App is to use reflection (it is not recommended because it may break in future version of the Android API)
Usage of this method requires the permission android.Manifest.permission#DELETE_PACKAGES and this permission can only be granted to apps signed with the system key. (i.e. even if you ask this permission in your manifest it won't be granted unless your app is signed with the system key)
So you can't do it in a simple/standard app. Your only solution (on a non-rooted phone) is to sign your app with the system key and to do so you need to negotiate with the manufacturer so that your app get signed with their system key.
I'm writing a system app for android devices that we supply to customers. We control the firmware and can add apps to the android image, including into the priv-app folder.
One of the requirements for our app is that it is able to reset our device's password. In order for a 'normal' app to do this, android requires that the app is set up as a device administrator.
Is there any way to pre-configure our app as a device administrator for our firmware, or an alternative way of setting a device password specifically for system apps?
A device admin application may set itself as admin using the hidden DevicePolicyManager.setActiveAdmin method. To do this, however, the application needs the android.Manifest.permission.MANAGE_DEVICE_ADMINS permission which requires platform signing.
System permissions by placing this application in /system/priv-app is not required - the permission is of type "signature".
I assume the platform signing is necessary since otherwise, the user must first accept the device admin setting policies.
Once admin, the application may set any policies including setting the password using DevicePolicyManager.resetPassword method.
Hope this helps.
/Marek Pola, Sony Mobile.
I saw applications for rooted devices allowing to revoke specific permissions given to app. Does non-root Android device allow this with some code?
UPDATE:
Having keyboard app with permissions FINE LOCATION and internet - it is weird to allow such permissions. They are not necessary to allow me to type.
I can imagine only one reason - to collect my login info.
This is not presently possible by any supported means. Android presently does not allow the user to revoke permissions, let alone allow random other apps to revoke permissions.
Having keyboard app with permissions FINE LOCATION and internet - it is weird to allow such permissions.
Agreed. Do not install that app.
Android M preview enables you to manage some permissions (like location) at runtime: https://developer.android.com/preview/features/runtime-permissions.html
With a rooted device, you can disable some app permissions on older Android versions, for that you can for example use the Xposed framework.
Is it possible to require a pass-code when the user tries to uncheck the app as an administrator under Settings->Security->Device Administrators?
This would add a roadblock to not easily allow the user to uninstall the app as they would first need to remove the admin privileges from the app (for which they would need to authenticate with a password) and then they could uninstall.
This is not possible AFIK. This is right of user.
You can show a dialog for confirmation about DE-activation of Device Admin, but neither default device admin API gives you a way to show password dialog while DE-activating device admin, nor EDM APIs gives you the permission.
Although EDM APIs gives a way where you can block the DE-activation of Device administrator. So user can not uncheck a particular Device admin.
It is possible, but you'd have to employ some pretty sketchy techniques to achieve that. For example, Cerberus has an option called "Protect device admin" which immediately locks your screen and asks for login and password as soon as you tap "Deactivate this device administrator".
I cannot recommend you do this though since it's considered to be malicious behavior. You should use corporate policies instead. AFAIK they've been implemented to newer versions of Android and are not tied to a specific manufacturer.
We can install an app with administrative privilege in android. This is very much possible. When the app is installed an activity appears showing up "If we want to activate the administrative privilege?"
But my doubt here is, I want the app to be installed with administrative privileges without user explicitly clicking on Activate(which appears when app is installed).
Actually in my app, there is no activity and the main class is extending application. With in the onCreate() of it, I gave necessary code for installing it as administrative privilege app. The app is getting installed and its even getting listed in the
select device administrators (Settings->Location & Security-> Select device administrators)
But, it is not checked by default after the install. Can I check that by default during the install.
Hope I was clear enough. Thanks in advance. :)
Can I check that by default during the install.
No, sorry.
I want the app to be installed with administrative privileges without user explicitly clicking on Activate(which appears when app is installed).
That would be a massive security hole.