Palak Kansal

Learn Enabling Device Administration APIs in Android

In android, Admin level features are like accessing the device password, enabling/disabling the device camera, erasing all the device data, limiting the maximum number of password attempt etc. But these admin features cannot be accessed directly in an android app. In order to use these features, we have to enable the Device Admin APIs.

For using Device Administration APIs in android app, firstly we have to register these APIs and then we can access the admin level functionality.

Steps for Registering the APIs:-

1. Create a sub-class of DeviceAdminReceiver.

public class DemoAdminReceiver extends DeviceAdminReceiver {
  @Override
  public void onEnabled(Context context, Intent intent) {
    super.onEnabled(context, intent);
  }
}

 

2. Register it in the manifest along with the BIND_DEVICE_ADMIN permission and the intent filter with the ability to respond back the ACTION_DEVICE_ADMIN_ENABLED and a declaration of security policies used in metadata as shown below:-

<receiver
      android:name="com.example.receiver.DemoAdminReceiver"
      android:description="@string/sample_device_admin_description"
      android:label="@string/sample_device_admin"
      android:permission="android.permission.BIND_DEVICE_ADMIN" >

           <meta-data
                android:name="android.app.device_admin"
                android:resource="@xml/device_admin_uses_policies" >
            </meta-data>
 
            <intent-filter>
                <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
            </intent-filter>
</receiver>

 

3. The security policies are declared in the xml file device_admin_uses_policies.xml as shown below:-

<device-admin xmlns:android="http://schemas.android.com/apk/res/android" >
    <uses-policies>
        <limit-password />
        <watch-login />
        <reset-password />
        <force-lock />
        <wipe-data />
        <expire-password />
        <encrypted-storage />
        <disable-camera />
    </uses-policies>
 
</device-admin>

It will be stored in the xml folder under res directory.

Steps for accessing the APIs:-

1. In order to make use of the device admin policies as defined in device_admin_uses_policies file in activity , we  have to instantiate DevicePolicyManager class in activity as shown below:-

DevicePolicyManager mDevicePolicyManager = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);

 
2. In order to perform various device admin level functionality we have to use the instance of the DevicePolicyManager.
For example:-

a. This method locks the screen as if the power button is pressed.

mDevicePolicyManager.lockNow()

 
b. This method clears all the data.

mDevicePolicyManager.wipeData(0)

 
c. This method is used to set the minimum length of the password.

mDevicePolicyManager.setPasswordMinimumLength(getActiveComponentName(), passwordLength);

 
d. This method is used to reset the password. In the method, PASSWORD is the new password and 0 is the flag.

mDevicePolicyManager.resetPassword(PASSWORD, 0);

 
e. This method is used to disable the device camera.

mDevicePolicyManager.setCameraDisabled(getActiveComponentName(), true);

 
In most of the devicePolicyManager methods, we use getActiveComponent method. This method is used to get current active component.

private ComponentName getActiveComponentName() {
 
        ComponentName componentName = null;
 
        List<ComponentName> activeComponentList = mDevicePolicyManager.getActiveAdmins();
 
        Iterator<ComponentName> iterator = activeComponentList.iterator();
 
        while (iterator.hasNext()) {
 
            	componentName = (ComponentName) iterator.next();
        }
        return componentName 
   }

Here I listed the usage of some of the admin level methods.List of all the methods can be found here:

http://developer.android.com/intl/ru/reference/android/app/admin/DevicePolicyManager.html

Device Admin APIs will not be enabled on its own after running the app. In order to enable them,

  • Run the app
  •  Go to settings -> security -> Device Administrators and enable the app there.

 

References:-
  1. http://developer.android.com/intl/ru/guide/topics/admin/device-admin.html
  2. https://mindfiremobile.wordpress.com/2014/05/01/device-administration-api-in-android-2/