Device Administration API in Android

Device Admin API is basically used for the access of the device at the administrative level. Like accessing the device password, disabling the device camera, limiting the size of the password, setting the maximum failed attempt for the password, erasing all the data of the device etc.

 

It basically is implemented with the use of three classes named as below,

 

DeviceAdminReceiver

DevicePolicyManager

DeviceAdminInfo

 

The first and the foremost thing you need to do is create the MyDeviceAdminReciever.java class obviously after creating a new project and the MyDeviceAdminReceiver class should extend the DeviceAdminReciever class. The DeviceAdminReceiver class is the base class for implementing the DeviceAdminApi and in the app must contain its subclass.

 

The MyDeviceAdminReceiver class looks somewhat like this

public class MyDeviceAdminReceiver extends DeviceAdminReceiver {

	/**
	 * method to show toast
	 *
	 * @param context
	 *            the application context on which the toast has to be displayed
	 * @param msg
	 *            the message which will be displayed in the toast
	 */
	private void showToast(Context context, CharSequence msg) {
		Toast.makeText(context, msg, Toast.LENGTH_SHORT).show();
	}

	@Override
	public void onEnabled(Context context, Intent intent) {
		showToast(context, "Sample Device Admin: enabled");
	}

	@Override
	public CharSequence onDisableRequested(Context context, Intent intent) {
		return "This is an optional message to warn the user about disabling.";
	}

	@Override
	public void onDisabled(Context context, Intent intent) {
		showToast(context, "Sample Device Admin: disabled");
	}

	@Override
	public void onPasswordChanged(Context context, Intent intent) {
		showToast(context, "Sample Device Admin: pw changed");
	}

	@Override
	public void onPasswordFailed(Context context, Intent intent) {
		showToast(context, "Sample Device Admin: pw failed");
	}

	@Override
	public void onPasswordSucceeded(Context context, Intent intent) {
		showToast(context, "Sample Device Admin: pw succeeded");
	}
}

and it has to be declared in the AndroidManifest like this

 	<receiver
            android:name="com.deviceadminapidemo.receiver.MyDeviceAdminReceiver"
            android:description="@string/sample_device_admin_description"
            android:label="@string/sample_device_admin"
            android:permission="android.permission.BIND_DEVICE_ADMIN" >
            <meta-data
                android:name="android.app.device_admin"
                android:resource="@xml/device_admin_uses_policies" >
            </meta-data>

            <intent-filter>
                <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
            </intent-filter>
        </receiver>

It should be the direct child of the application tag. Here theandroid:permission=“android.permission.BIND_DEVICE_ADMIN”  

Permission is for the DeviceAdminReceiver class so that it is ensured that only the system can interact with the receiver so that other apps are prevented from hindering the admin application. 

One more thing to notice here is theandroid:resource=“@xml/device_admin_uses_policies”. It refers to a xml file which declares the security policies it looks somewhat like this.

<device-admin xmlns:android="http://schemas.android.com/apk/res/android" >

    <uses-policies>
        <limit-password />
        <watch-login />
        <reset-password />
        <force-lock />
        <wipe-data />
        <expire-password />
        <encrypted-storage />
        <disable-camera />
    </uses-policies>

</device-admin>

It should be stored in the xml folder in the res folder of the project. It’s not necessary to include all the policies in this xml it can contain only the policies which will be required to use further in the application.

More information about the DeviceAdminReceiver class can be found here

http://developer.android.com/reference/android/app/admin/DeviceAdminReceiver.html

As far as the other two classes are concerned

DevicePolicyManager and the DeviceAdminInfo

The DeviceAdminInfo class is basically for providing the Meta data information of a device admin component. But in this example we have already done it in the  device_admin_uses_policies.xml 

More info of the class can be found here
http://developer.android.com/reference/android/app/admin/DeviceAdminInfo.html

Now let’s talk about the use of DevicePolicyManager class this class basically is used for managing the policies which are enforced on the device or you can say the for making use of the policies we declared in the device_admin_uses_policies.xml file.

It consists of various methods to carry out the same.

In the activity class the DevicePolicyManager Class should be instantiated like

// initialization of the Device policy manager class
mDevicePolicyManager =
(DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);

and then in order to perform various actions at the admin level the instance of the DevicePolicyManager class is used e.g.

mDevicePolicyManager.lockNow();

Invoking this method would lock the screen as if you pressed the power button. And many more features can be achieved.
Here are some of the methods which are being used in the activity class to perform various   functions.

 

/**
	 * method to set the password for the phone
	 */
	private void setPhonePassword() {
		Intent intent = new Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD);
		startActivity(intent);
	}

	/**
	 * method to set the password of the phone of defined length
	 */
	private void setPhonePasswordLength() {
		int pwdMinLength = 4;

		// setting the minimum password length
		mDevicePolicyManager.setPasswordMinimumLength(getActiveComponentName(), pwdMinLength);

		// message “phone password length set to 4”
	}

	/**
	 * method to reset the access password of the phone
	 */
	private void resetPassword() {
		// here PASSWORD is the String constant containing the new password
		//	and the 0 is the flag
		mDevicePolicyManager.resetPassword(PASSWORD, 0);
	}

	/**
	 * method to wipe out all the data
	 */
	private void wipeData() {
		mDevicePolicyManager.wipeData(0);
	}

	/**
	 * method to disable camera of the device
	 */
	private void disableDeviceCamera() {

		if (mDevicePolicyManager.getCameraDisabled(getActiveComponentName())) {
			// message “camera already disabled”
		} else {
			mDevicePolicyManager.setCameraDisabled(getActiveComponentName(), true);
			// message “camera disabled”
		}
	}

In most of the methods a Method names getActiveComponentName() is used . This method is for finding out the name of the component which is active.

/**
	 * method to get the active component name
	 *
	 * @return the active component name
	 */
	private ComponentName getActiveComponentName() {

		// declaration of component name
		ComponentName iComponentName = null;

		// getting the active admins in the list of component names
		List<ComponentName> actList = mDevicePolicyManager.getActiveAdmins();

		// checking the list for the active admins
		Iterator<ComponentName> iterator = actList.iterator();

		while (iterator.hasNext()) {

			// storing the component found
			iComponentName = (ComponentName) iterator.next();
		}
		//returning the active component name
		return iComponentName;
	}

these are basic few examples I have shown to make use of these on button click but not only this more methods can be used in the same way using the Device Admin API
List of such methods can be found here

http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html

now the most important thing before running the app in the device there is few settings in the device which has to be made in the Device Administration block of the device security settings.

Open settings —-> Security—->

—-Device administrators

Device administrators

Device administrators

—- sample_device_admin

sample device admin

sample device admin

— activate

activate

activate

 

Written By: Trayambak Mishra, Software Developer, Mindfire Solutions

Advertisements

One thought on “Device Administration API in Android

  1. Pingback: Learn enabling device administration APIs in Android – Humble Bits | Thoughts about product design and development

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s