Search code examples
androidandroid-broadcastreceiverdevice-admin

DeviceAdminReceiver: onChoosePrivateKeyAlias not called

In my Android app (in Kotlin) I want to use onChoosePrivateKeyAlias (documentation) in my implementation of DeviceAdminReceiver to silently select the alias for a private key and certificate pair for authentication for a VPN.

I have successfully implemented onEnabled and onDisabled, however onChoosePrivateKeyAlias never seems to be called: Neither is the popup created by calling KeyChain.choosePrivateKeyAlias suppressed nor can I find an entry in Logcat.

I was not able to find much about onChoosePrivateKeyAlias on stackoverflow or in general. Can anybody here help me? Is there another intent filter I have to set I don't know about?

MyDeviceAdminReceiver:

import android.app.admin.DeviceAdminReceiver
import android.content.ComponentName
import android.content.Context
import android.content.Intent
import android.net.Uri
import android.util.Log

class MyDeviceAdminReceiver: DeviceAdminReceiver() {

    private var TAG = "MyDeviceAdmin"

    companion object {
        fun getComponentName(context: Context): ComponentName{
            return ComponentName(context.applicationContext, MyDeviceAdminReceiver::class.java)
        }
    }

    override fun onEnabled(context: Context?, intent: Intent?) {
        Log.d(TAG, "Device admin enabled")
     }

    override fun onChoosePrivateKeyAlias(context: Context?, intent: Intent?, uid: Int, uri: Uri?, alias: String?): String {
        super.onChoosePrivateKeyAlias(context, intent, uid, uri, alias)
        Log.d(TAG, "onChosePrivateKeyAlias called")
        return "Test User"
    }
}

Manifest (Snippet): 

<receiver
    android:name=".security.MyDeviceAdminReceiver"
    android:description="@string/app_name"
    android:label="@string/app_name"
    android:permission="android.permission.BIND_DEVICE_ADMIN">
    <meta-data
        android:name="android.app.device_admin"
        android:resource="@xml/my_device_admin_receiver" />
    <intent-filter>
        <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
    </intent-filter>
</receiver>

my_device_admin_receiver: 

<?xml version="1.0" encoding="utf-8"?>
<device-admin>
<uses-policies>
    <reset-password/>
    <force-lock/>
    <encrypted-storage/>
</uses-policies>
</device-admin>
Solution

  • Your DeviceAdminReceiver needs to be a device policy controller (as a device or profile owner) to intercept requests with onChoosePrivateKeyAlias, as per the documentation.