Search code examples
androidkioskdevice-admin

Device Administration not working

I have created a kiosk app, and I am trying to set my device as administrator. Whenever I check if I am active admin it return back false

private void provisionOwner() {
    DevicePolicyManager manager =
            (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
    ComponentName componentName = BasicDeviceAdminReceiver.getComponentName(this);

    if(!manager.isAdminActive(componentName)) {
        Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
        intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, componentName);
        startActivityForResult(intent, 0);
        return;
    }

    if (manager.isDeviceOwnerApp(getPackageName()))
        manager.setLockTaskPackages(componentName, new String [] {getPackageName()});
}

I followed the instructions of doing command line script before checking if device is admin and I am receiving an error.

adb shell dpm set-device-owner com.testapp/.DeviceAdminReceiver

The error I get back is

enter image description here

For AndroidManifest.xml I add permission for Bluetooth

<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />

For AndroidManifest.xml I register DeviceAdminReceiver

    <receiver
        android:name="<my package>.DeviceAdminReceiver"
        android:label="@string/app_name"
        android:permission="android.permission.BIND_DEVICE_ADMIN">
        <meta-data
            android:name="android.app.device_admin"
            android:resource="@xml/device_admin" />

        <intent-filter>
            <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
        </intent-filter>
    </receiver>

My device_admin.xml is the following:

<?xml version="1.0" encoding="utf-8"?>
<device-admin>
    <uses-policies>
        <wipe-data/>
        <force-lock/>
        <disable-camera/>
        <disable-keyguard-features/>
    </uses-policies>
</device-admin>

Is it necessary, for setting up Kiosk mode that I make my device admin? And if so, why am I receiving this error?

Solution

  • There is a difference between being a device owner and a device administrator. You are setting one (device admin) and checking for another (device owner).

    A device owner is typically set during device provisioning at the beginning of the Google Wizard. But it may also be set after going through the Google Wizard using the dpm command you mentioned. The dpm command can only set a device owner if there are no accounts on the device. The device owner is restricted when it can be set because of the control it has. A corporate owned device will typically be provisioned with an MDM/EMM as the device owner.

    A device administrator is much much more limited in the control it has of a device. But it can be added at any point. Each Android release restricts more and more what a device admin can do ever since Android Enterprise (android for work [AfW]) was released in Lollipop.

    The most complete kiosk solution will set a device up with an app as the device owner. Other solutions I've seen are using a custom launcher to lock down the device by whitelisting apps, but there are a lot of security holes with this implementation.

    Look into the TestDPC app. Google provides source code to it and it will have most, if not everything of what you need. Play around with the control it gives you as a device owner.

    https://developers.google.com/android/work/build-dpc

    https://github.com/googlesamples/android-testdpc

    My guess is that your app is not set up correctly as a device owner nor device admin. Specifically look to see that you have a DeviceAdminReceiver declared with the android:permission="android.permission.BIND_DEVICE_ADMIN" in the manifest along with an xml resource file containing the policies it may use. More of your source code would help debug the issues you see.