Search code examples
androidprovisioningandroid-device-manager

Is it possible to write an unremovable device policy manager for Android?


My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".

The following criteria have to be met:

  • Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
  • The user should not be able to remove or disable the app
  • Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
  • Has to work with stock androids on regular consumer devices

In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.

Is such a project even possible with the current situation of Android?


Solution

  • No.

    Has to work with stock androids on regular consumer devices

    Mostly, this is your biggest hurdle to overcome.

    What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".

    If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:

    Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/

    Here is Samsungs effort at device control: https://www.samsungknox.com/en

    Here is Googles device management: https://developers.google.com/android/management

    You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.

    The user should not be able to remove or disable the app

    This is only possible if you have a system app.

    Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).