Make a Device Admin Application (Android — EMM)
What is COSU?
COSU device is a Corporate Owned Single Use device. these devices mainly include one few android applications or services that able to manage device admin features such as Lock device, restart device etc…
In the enterprise world, we can find many COSU implementations such as Enterprise Mobility Manager (EMM) applications.
Other than COSU apps you can create other kinds of android enterprise work profile apps with Device policy management admin features.
What can you do with this kind of application?
As a developer, you can develop any kind of feature you want. such as tracker services, device info, and app usage tracking system, advertising based single-use system etc…,
How to develop an Android Admin Application?
After completing below steps you can start developing a simple android admin application using Android studio
Start android studio and create a new android project.
you need to define all the required device admin policies to make this kind of admin application. for that create a new resource XML file in your android application.
Policies supported by the Device Administration API as follows
after that, create a new child class of android.app.admin.DeviceAdminReceiver
import android.app.admin.DeviceAdminReceiver;public class AdminManager extends DeviceAdminReceiver{}
Its ok to keep it blank
Now go to your manifest file and create new receiver to the child class of DeviceAdminReciever. I named my class as AdminManager
This reciever comes under <application> Tag
<application><receiver android:name=".AdminManager"android:permission="android.permission.BIND_DEVICE_ADMIN"><meta-data android:name="android.app.device_admin"android:resource="@xml/policies" /><intent-filter><action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /></intent-filter></receiver></application>
Now create the new component and DeviceManager object in your activity and initialized as follows
DevicePolicyManager deviceManger;ComponentName compName;@Overrideprotected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); compName = new ComponentName(this, AdminManager.class);
deviceManger = (DevicePolicyManager) getSystemService(
Context.DEVICE_POLICY_SERVICE);
if(deviceManger.isDeviceOwnerApp(getPackageName())){ setDefaultCosuPolicies(true); }
else {
Log.e(TAG,"This application not whitelisted"); }
}
}
Now you can define the user restrictions and other device management features that you want. in the following method, there are few admin features. you can go through that method and create your own function. or use it directly
private void setDefaultCosuPolicies(boolean active){// Set user restrictions setUserRestriction(UserManager.DISALLOW_SAFE_BOOT, active); setUserRestriction(UserManager.DISALLOW_FACTORY_RESET, active); setUserRestriction(UserManager.DISALLOW_ADD_USER, active); setUserRestriction(UserManager.DISALLOW_ADJUST_VOLUME, active); setUserRestriction(UserManager.DISALLOW_INSTALL_APPS, active);
// Disable keyguard and status bar deviceManger.setKeyguardDisabled(compName, active); deviceManger.setStatusBarDisabled(compName, active);// Set system update policy if (active){
deviceManger.setSystemUpdatePolicy(compName, SystemUpdatePolicy.createWindowedInstallPolicy(60, 120)); } else {
deviceManger.setSystemUpdatePolicy(compName,null); } // set this Activity as a lock task package deviceManger.setLockTaskPackages(compName,active ? new String[]{getPackageName()} : new String[]{});
IntentFilter intentFilter = new IntentFilter(Intent.ACTION_MAIN); intentFilter.addCategory(Intent.CATEGORY_HOME); intentFilter.addCategory(Intent.CATEGORY_DEFAULT);
if (active) {
// set Cosu activity as home TrackerIntent receiver so that it is started // on reboot deviceManger.addPersistentPreferredActivity(compName, intentFilter, new ComponentName(getPackageName(), DeviceHandlerActivity.class.getName())); } else {
deviceManger.clearPackagePersistentPreferredActivities(compName, getPackageName()); }
}private void setUserRestriction(String restriction, boolean disallow){
if (disallow) {
deviceManger.addUserRestriction(compName,restriction); } else {
deviceManger.clearUserRestriction(compName,restriction); }
}
Whitelist the application
Now its time to whitelist the android application through ADB.
ADB stands for Android Debug Bridge and it is the client-server program used in Android application development.
Its mandatory to whitelist the application. otherwise, this application is not capable to run the Device admin features.
Turn on USB Debugging mode in your android device .
use the below command to set the application as a device owner application.
adb shell dpm set-device-owner <Component Name>
Sometimes you get the following error while executing the above command.
java.lang.IllegalStateException: Not allowed to set the device owner because there are already some accounts on the device
at that time no need to reset the device just go to
Settings → Accounts
and delete all the accounts
once you successfully execute the above command you will get a message like below
Success: Device owner set to package Component Info {Component Name}
other than that you can remove the device admin capabilities by executing below command
adb shell dpm remove-active-admin <Component Name>
other than that the Device Administration API lets you do the following:
- Prompt user to set a new password.
- Lock device immediately.
- Wipe the device’s data (that is, restore the device to its factory defaults).
And now your application is ready.
If you have any doubt please comment below.
Thank you.
Post By
Isuru Kariyawasam
Founder Enif Labs, SE, Team Lead at xiges.io
