Android Enterprise Application Development
Device Administration API
Regards,Paramvir Singh
Enterprises and Mobiles
• Every employee use mobile, most of them migrating to smart-phones.
• Big enterprises’ IT departments buy mobiles in bulk and issue them to employees.
• Smartphone as business phone : Workplace acceptance?
Workplace Acceptance of a mobile phone
• Personal needs?• Social needs?• Productivity needs?
Workplace Acceptance of a mobile phone
• Personal needs?• Social needs?• Productivity needs?• IT department
requirements?
What they demand from your phone?
• Data security • Device management• Applications
Data Security
Loss and theft
Interception
Employees
Device Management
• Registering different devices in company’s network
• Specific security policies for organization• User support• Keeping an eye
Deploying Applications
Deploying ApplicationsTo Enhance productivity
Deploying Applications
Identify
apps
Buy or
build
Distribution to employees
Updates
Usage
policies
To Enhance productivity
So how Android fits here?
So how Android fits here?
• VPN Support and secure Wi-Fi• Exchange email• Password / PIN Lock• Device Policies• Remote Lock / remote wipe API• Exchange calendar
• Exchange Active Sync• NFC Platform support for read, write, P2P
&• Improving continuously…
So how Android fits here?
What is there for developers?
What is there for developers?
Device Administration API
Device Administration API
• From 2.2• For “security aware ” apps• For almost all type of enterprise mobile
solutions
Application + Device administration API =
IT people are watching you!
Application + Device administration API =
You get the (sensitive) data!
Device Administration API
• Password policy• Remote wipe• Disable Camera • Enforced data encryption• Remote lock
Show me the API’s
• DeviceAdminReceiver • DevicePolicyManager• DeviceAdminInfo
DeviceAdminReceiver
• Broadcast Receiver to receive the raw system events
• Must include a subclass of this receiver• Action : DEVICE_ADMIN_ENABLED• Permission : BIND_DEVICE_ADMIN• Handles the event when user “enables” the
admin application
AdminReceiver in Manifest<receiver android:name=“.app.SampleAdmin”
android:label=“@string/admin_string” android:description="@string/sample_description” android:permission="android.permission.BIND_DEVICE_ADMIN">
<meta-data android:name="android.app.device_admin"android:resource="@xml/admin_sample_meta" />
<intent-filter><action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
</intent-filter></receiver>
To Enable the device admin app
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, adminReceiverObject);intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION, “Some explanation.");startActivityForResult(intent, RESULT_ENABLE);
DeviceAdminInfo : Meta data : usage policies
<limit-password /><reset-password /><force-lock /><wipe-data /><expire-password /><encrypted-storage />
public class SampleAdmin extends DeviceAdminReceiver {
@Override
public void onEnabled(Context context, Intent intent) {
}
@Override
public CharSequence onDisableRequested(Context context, Intent intent) {
return “Custom message ";
}
@Override
public void onDisabled(Context context, Intent intent) {
}
@Override
public void onPasswordChanged(Context context, Intent intent) {
}
}
DevicePolicyManager
• To manage policies• Can be related to one or more admin receivers
DevicePolicyManager objDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
objDevicePolicyManager. isAdminActive(objDeviceAdminSample)
DevicePolicyManager
• To set all password policies• To perform device lock• To perform data wipeIntent intent = new
Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD);startActivity(intent);
objDPM.setPasswordQuality(objDeviceAdminReceiver, DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC);
long timeMs =1000 *5 *60;// 5 minutesobjDPM.setMaximumTimeToLock(objDeviceAdminReceiver, timeMs);
• Lock now : objDevicePolicyManager.lockNow();
• Data wipe : objDevicePolicyManager.wipeData(0); //argument currently must be zero
Q?
Paramvir SinghConsultant, Xebia
@param_vir88+919779623863