Android DevicePolicyManager Example


Android DevicePolicyManager

Its always good to learn new things in the area of your interest. Recently while mucking around Android I came across the Android DevicePolicyManager class. After making a few searches here and there I found out its a very powerful concept of android and could make a device really secure. One should never underestimate Android, its full of numerous useful features. This Android DevicePolicyManager class could be a very useful concept for enterprise level applications.

I always used to toy with the idea of enterprise level apps for android, but the thing which always stopped me was enterprise level security. But with these device administration APIs its very simple for an app to implement some device level security policies which can be a savior incase of security breach, and in worst case a device wipe. Now since this Android DevicePolicyManager is a class which works in conjunction with two more classes DeviceAdminReceiver, and ComponentName, this is going to be a long tutorial hence I’ll be splitting it into two parts:

  1. Android DevicePolicyManager Example
  2. Android Device Administrator Example

Here in the first part Android DevicePolicyManager Example I would explain how to implement the DevicePolicyManager and in the second part I would make a separate app where we could detect these policies. The way I picture it: enterprise level apps would come in a bunch, one app would implement all the device management policies and all other apps would only run if those polices are accepted by user.

Now since this is a sort of security implementation, hence most of the code in this app would be at back-end, resulting a simple UI, where a check box would be used to activate the Android DevicePolicyManager. Please have a look at the screen shot and its layout file:

Android DevicePolicyManager

1. Device Management Policies

To start off, the first thing that should be discussed is the device management polices. In this Android DevicePolicyManager Example I am going to implement these six policies:

The above stated file is an xml file stating your app’s device administration policies. This file should be saved in your res/xml folder by the name of your choice, I named it device_policies.xml. Now since the names for device admin policies are self
explanatory I would give a detailed explanation to these policies in a later step. For now lets move on to next step i.e. defining Manifest, and declaring Android DeviceAdminReceiver.

2. Android DeviceAdminReceiver

Before declaring Android DeviceAdminReceiver we need to define it in our manifest file, please have a look:

Here in this manifest file the main things to notice are:

  1. The android.permission.BIND_DEVICE_ADMIN permission, as through this permission your receiver can listen to system broadcasts.
  2. The meta-data block where your XML file stating your policies is referenced, in my case device_policies.xml.
  3. The intent-filter block as this is the block which defines the intents which would be listened by our device DeviceAdminReciever.

Also have a look at the strings.xml:

Now that we are ready with the manifest and strings lets have a look at the Android DeviceAdminReceiver:

Have a look at the DeviceAdminReceiver.onPasswordExpiring method, here I have implemented a logic by the help of Android DevicePolicyManager class to increase the expiring password by ten seconds and prompt the user to change it immediately. Now untill the password is set it would keep on prompting to set the password.  Once the password is set then the PasswordExpirationTimeout is set to zero, which implies that this password wont expire.

3. Android DevicePolicyManager

Android DevicePolicyManager is a unique class through which an app can implement some special policies on the device it is installed. These polices could be anything, like device should have a password. You can also set rules for that password like number of digits in it, number of special characters etc. Number of retries for failed password attempts. Another great device admin policy that you can implement is to wipe out user data in-case of failed password attempts. As I said Android DevicePolicyManager is a powerful class, therefore it also gives you the ability to disable device’s camera. To make all this happen, all you need to do; is make the user accept and activate these policies. lets have a look at the complete DevicePolicyAdmin class:

Here in this class I have implemented Android DevicePolicyManager by a check box, on tap of check-box user is prompted to accept the device policies:

After user accepts the policies it is verified that is the active password sufficient by DevicePolicyManager.isActivePasswordSufficient() method, if it is then screen is locked by DevicePolicyManager.lockNow() method. Else user is taken to screen where he could set the password according to the device policy manager. Another great feature of Android DevicePolicyManager is that we can also set the maximum time in which device screen should lock by DevicePolicyManager.setMaximumTimeToLock() method. And if the amount of failed attempts cross the limit the device can also be wiped out:

To uninstall any android device admin you need to first deactivate it, which would result in a callback to DeviceAdminReceiver.onDisabled() method where you can write the code to do something like erase some secure data or a complete wipe-out. With this I would like to conclude this tutorial by saying that there may be a case where your device would be having more than one active device policy managers, in that case the more strict DevicePolicyManager would be enforced. If you would like to know which Android DevicePolicyManager is active please read my next tutorial on active device administrators. If you like this tutorial please share it with your friends on Google+, Facebook and also like our Facebook page, to get our updates.

About Mohit Gupt

An android enthusiast, and an iPhone user with a keen interest in development of innovative applications.


Leave a comment

Your email address will not be published. Required fields are marked *

4 thoughts on “Android DevicePolicyManager Example

  • Keyur

    Hello Mohit,

    It was really a great article about device admin policy and to developers who are really interested in developing apps for enterprises. I am working on enterprise application and one of the feature I am looking for my application is to prevent users (Employees of organization) to uninstall the app from the settings. I know this is possible via Android Device API, but I am not having any idea about it and I am searching all over the internet and learning it. While searching I got very good articles of yours and I thought if you can share some idea/tips for the same with me then I would be very much thankful to you.

    Thanks,
    Keyur

  • Aakash sharma

    Hello Mohit,

    It was really a great article about device admin policy, I want open camera on shake when device is locked.. Can u help me in this.
    It will be really great if i get something like this.

    Thanks,
    Aakash