Saturday, February 11, 2017

Android Device Administrator API

Apple is one step ahead of Google in terms of providing Security policies to control the devices in Enterprise over the air (OTA), But Google realise the importance of enterprise and provided an api named (Device Administrator) which allows developers to develop security awareness applications for enterprises.

This article only explains how to enabled & disable device admin api on the device.



The list of policies Device Administrator api support:
  1. Device password complexity setup
  2. Device Password Expiry 
  3. Force Reset Password
  4. Force Device Lock
  5. Disable Camera
  6. Wipe Data
  7. Encrypt Storage
There are three major classes Device Administration API includes the following classes

DeviceAdminReceiver: DeviceAdminReceiver

Base class for implementing a device administration component, with this class we can intercept the intents sent by the system to monitor policy changes & administrator changes by user

DevicePolicyManager: DevicePolicyManager

This class manages the policies enforced on a device & also manages policies for one or more DeviceAdminReceiver instances.

DeviceAdminInfo: DeviceAdminInfo

This class is used to specify metadata for device administrator component.

Creating the Manifest

The manifest for admin application must register your DeviceAdminReceiver as a <receiver>.

android:permission="android.permission.BIND_DEVICE_ADMIN" permission must be added in receiver to ensure system the system is allowed to interact with the broadcast receiver.

 <receiver  android:name=".DeviceAdministratorReceiver"  android:permission="android.permission.BIND_DEVICE_ADMIN" >  
   <intent-filter>  
     <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />  
   </intent-filter>  
   <meta-data    android:name="android.app.device_admin"    android:resource="@xml/device_admin_policies" />  
 </receiver>

An xml resource you must provide as metadat to  receiver which contains the required permissions your admin application needed.

device_admin_policies.xml

 <device-admin xmlns:android="http://schemas.android.com/apk/res/android">  
   <uses-policies>  
     <limit-password />  
     <watch-login />  
     <reset-password />  
     <force-lock />  
     <wipe-data />  
     <expire-password />  
     <encrypted-storage />  
     <disable-camera />  
   </uses-policies>  
 </device-admin>

Testing Whether the Admin Application is Enabled:

You can query the DevicePolicyManager to test if your admin application is enabled as follows

 DevicePolicyManager devicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);  
 ComponentName deviceAdminComponent = new ComponentName(context, DeviceAdministratorReceiver.class);  
 devicePolicyManager.isAdminActive(deviceAdminComponent);

Your application must explicitly request the user to enable it for device administration.

Create an implicit Intent with the DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN action & you can add explanation that why user should accept the permission with EXTRA_ADD_EXPLANATION flag

 Intent intent = new Intent(  
     DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);  
 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,  
     deviceAdminComponent);  
 intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION,  
     "Your It administrator asks the permission");  
 startActivityForResult(intent, ACTIVATION_REQUEST);

you can start the Intent with startActivityForResult() to display the activation dialog & for successful activation in your Activity’s onActivityResult() method

 @Override  
 protected void onActivityResult(int requestCode, int resultCode, Intent data) {  
   switch (requestCode) {  
     case ACTIVATION_REQUEST:  
       if (resultCode == Activity.RESULT_OK) {  
         Log.i(TAG, "Administration enabled!");  
         adminSwitch.setChecked(true);  
       } else {  
         Log.i(TAG, "Administration enable FAILED!");  
         adminSwitch.setChecked(false);  
       }  
       return;  
   }  
   super.onActivityResult(requestCode, resultCode, data);  
 }

You can disable admin by passing deviceadmincomponent to deviceadminmanger

  devicePolicyManager.removeActiveAdmin(deviceAdminComponent);

You can Download source code from Git hub - LINK 


Posted by at
Labels: , ,
Location: Gurugram, Haryana, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)