B4A Library Device Administrator library

Starting from Android 2.2 (api level 8), Android allows application to be registered as administrators.
Administrator apps have the following special features:
- Manually lock the screen
- Set the minimum password length and quality
- Wipe the entire device
- Set the maximum allowed time before the device locks
- Request the user to change password
- Manually set a new password
- Disable the camera
- Track password changes
- Some other security features as described here.

Note that the password is the screen lock password (other passwords are not affected).

The user needs to enable the admin app before it can have any special privileges.
This is done either by calling Manager.Enable or from the Security settings page.
The user will see a message with the policies that this app requests:

The user can always disable an administrator app from the Security settings page. The idea is that in your app you should check whether the admin is enabled and the password meets the requirements. If they don't then you do not give access to some resource such as the company's server.

How to
A working example is attached to this project. It is recommended to start with it.
Add the following code to the manifest editor:

AddApplicationText(<receiver android:name="anywheresoftware.b4a.objects.AdminReceiver2"
  android:permission="android.permission.BIND_DEVICE_ADMIN"
  android:exported="true">
  <meta-data android:name="android.app.device_admin"
  android:resource="@xml/device_admin" />
  <intent-filter>
  <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
  </intent-filter>
</receiver>)

CreateResource(xml, device_admin.xml,
<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
  <uses-policies>
  <limit-password />
  <reset-password />
  <force-lock />
  </uses-policies>
</device-admin>
)

3. Declare an AdminManager object. With this object you can ask the user to enable the admin app and access the special privileges.

4. (optional) Add a service named ManagerService. This service will allow you to track password changes and changes to the admin app enabled status. See the attached example.


The latest version of this library is included in the IDE.

Upgrading from v1.00

The receiver name has changed. You need to update the manifest editor code.
The user will probably need to re-enable the admin app. V1.00 library is attached to allow developers to keep the previous version if prefered.

 

[vb1992]

nice

 

[PFlores81]

Erel, You are the man.. Thank you very much. I appreciate this!

Edit: Erel, is it possible to use the reset password and have it read from a file to choose a randomized passcode?

 

[Erel]

is it possible to use the reset password and have it read from a file to choose a randomized passcode?

Yes. The password value (the string) can come from anywhere you want.

 

[fpdianzen]

is this the same with keyguard manager, or is it a differnt one?

 

[Erel]

This library is not related to keyguard manager.

 

[newSteve]

Clear Password

Can it be used to remove the password?

 

[Erel]

You can try passing an empty string to ResetPassword method. I haven't tested whether it will clear the password or not.

 

[fransvlaarhoven]

Question

Hallo,

I’ve a question:
The administrator is supposed to be able to
- Manually lock the screen
- Set the minimum password length and quality
- Wipe the entire device
- Set the maximum allowed time before the device locks
- Request the user to change password
- Manually set a new password
- Disable the camera
- Track password changes
- Some other security features as described here.

I’ve downloaded the example and now I start wondering how to:
- Wipe the entire device
- Disable the camera

Can you tell me how to do that?

Thanks

 

[Erel]

It can be done with Reflection. Disabling the camera is only supported by Android 4+.

'wipe data
Dim r As Reflector
r.Target = admin
r.Target = r.GetField("dm")
r.RunMethod2("wipeData", 0, "java.lang.int") 'this will wipe your device. Be careful!

'Disable the camera
Dim r As Reflector
r.Target = Admin
Dim cm As Object
cm = r.GetField("rec")
r.Target = r.GetField("dm")
r.RunMethod4("setCameraDisabled", Array As Object(cm, True), _
 Array As String("android.content.ComponentName", "java.lang.boolean") 'change to False to enable camera

 

[fransvlaarhoven]

Thanks for your repply. I will try that out.

 

[Neojoy]

Is it possible deny uninstalling procedures?

 

[Erel]

No. You can however check whether a package is installed and if not deny access to something else.

 

[driesvp]

Hello,

Is it possible that an user cannot disable the administrator? I would like to prevent that an user can use their smartphone to surf on the net.

 

[Erel]

No. This is how Android is designed. The user can always disable an administrator app.

 

[driesvp]

Thanks!

 

[hursta]

Why do I not get an event when password is succeeded or failed?

Sub Service_Start (StartingIntent As Intent)
If StartingIntent.HasExtra("admin") Then
Select StartingIntent.GetExtra("admin")
Case "Enabled"
Log("admin enabled")
AdminEnabled
Case "Disabled"
Log("admin disabled")
Case "PasswordChanged"
Log("Password changed")
Case "PasswordFailed"
Log("Password failed")
Case "PasswordSucceeded"
Log("Password succeeded")
End Select
End If
End Sub

 

[Erel]

Please use [ code ] [ /code ] tags (without spaces) when posting code.

Are you running the example code?

Did you activate the app as an admin app?

 

[hursta]

Hi Erel,
yes, it its the example code and app is activated as admin app.
In log I can see "Password changed" but not Password failed and Password succeeded.

 

[hursta]

I would like create an admin app that wipes the mobile device when password failed more than 3 times.