B4A Library Device Administrator library

Status
Not open for further replies.

Erel

Administrator
Staff member
Licensed User
Starting from Android 2.2 (api level 8), Android allows application to be registered as administrators.
Administrator apps have the following special features:
- Manually lock the screen
- Set the minimum password length and quality
- Wipe the entire device
- Set the maximum allowed time before the device locks
- Request the user to change password
- Manually set a new password
- Disable the camera
- Track password changes
- Some other security features as described here.

Note that the password is the screen lock password (other passwords are not affected).

The user needs to enable the admin app before it can have any special privileges.
This is done either by calling Manager.Enable or from the Security settings page.
The user will see a message with the policies that this app requests:



The user can always disable an administrator app from the Security settings page. The idea is that in your app you should check whether the admin is enabled and the password meets the requirements. If they don't then you do not give access to some resource such as the company's server.

How to
A working example is attached to this project. It is recommended to start with it.
Add the following code to the manifest editor:

B4X:
AddApplicationText(<receiver android:name="anywheresoftware.b4a.objects.AdminReceiver2"
  android:permission="android.permission.BIND_DEVICE_ADMIN">
  <meta-data android:name="android.app.device_admin"
  android:resource="@xml/device_admin" />
  <intent-filter>
  <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
  </intent-filter>
</receiver>)

CreateResource(xml, device_admin.xml,
<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
  <uses-policies>
  <limit-password />
  <reset-password />
  <force-lock />
  </uses-policies>
</device-admin>
)
3. Declare an AdminManager object. With this object you can ask the user to enable the admin app and access the special privileges.

4. (optional) Add a service named ManagerService. This service will allow you to track password changes and changes to the admin app enabled status. See the attached example.


The latest version of this library is included in the IDE.

Upgrading from v1.00

The receiver name has changed. You need to update the manifest editor code.
The user will probably need to re-enable the admin app. V1.00 library is attached to allow developers to keep the previous version if prefered.
 

Attachments

Last edited:

PFlores81

Active Member
Licensed User
Erel, You are the man.. Thank you very much. I appreciate this!

Edit: Erel, is it possible to use the reset password and have it read from a file to choose a randomized passcode?
 
Last edited:

fransvlaarhoven

Active Member
Licensed User
Question

Hallo,

I’ve a question:
The administrator is supposed to be able to
- Manually lock the screen
- Set the minimum password length and quality
- Wipe the entire device
- Set the maximum allowed time before the device locks
- Request the user to change password
- Manually set a new password
- Disable the camera
- Track password changes
- Some other security features as described here.

I’ve downloaded the example and now I start wondering how to:
- Wipe the entire device
- Disable the camera

Can you tell me how to do that?

Thanks
 

Erel

Administrator
Staff member
Licensed User
It can be done with Reflection. Disabling the camera is only supported by Android 4+.

B4X:
'wipe data
Dim r As Reflector
r.Target = admin
r.Target = r.GetField("dm")
r.RunMethod2("wipeData", 0, "java.lang.int") 'this will wipe your device. Be careful!

'Disable the camera
Dim r As Reflector
r.Target = Admin
Dim cm As Object
cm = r.GetField("rec")
r.Target = r.GetField("dm")
r.RunMethod4("setCameraDisabled", Array As Object(cm, True), _
 Array As String("android.content.ComponentName", "java.lang.boolean") 'change to False to enable camera
 

driesvp

Member
Licensed User
Hello,

Is it possible that an user cannot disable the administrator? I would like to prevent that an user can use their smartphone to surf on the net.
 

hursta

Member
Licensed User
Why do I not get an event when password is succeeded or failed?

Sub Service_Start (StartingIntent As Intent)
If StartingIntent.HasExtra("admin") Then
Select StartingIntent.GetExtra("admin")
Case "Enabled"
Log("admin enabled")
AdminEnabled
Case "Disabled"
Log("admin disabled")
Case "PasswordChanged"
Log("Password changed")
Case "PasswordFailed"
Log("Password failed")
Case "PasswordSucceeded"
Log("Password succeeded")
End Select
End If
End Sub
 

hursta

Member
Licensed User
Hi Erel,
yes, it its the example code and app is activated as admin app.
In log I can see "Password changed" but not Password failed and Password succeeded.
 

hursta

Member
Licensed User
I would like create an admin app that wipes the mobile device when password failed more than 3 times.
 
Status
Not open for further replies.
Top