How to add extra protection in my device owner application so that if someone tries bypassing the FRP they can't use the phone.
I have seen this in some devices. they show a notification 'Device managed by admin automatically resetting soon' like this:
screenshot1
screenshot2
The app that showed this was using 'Android Management API'. I read about this but what I understood is that I think they install their own app as device owner in the device to add the FRP policy. In that case I think I will not be able to install my device owner app (or is it possible?).
I am using this code and it adds FRP (asks for the required gMail address during device setup) but it can be easily bypassed by following some YouTube videos and after that device does not show above notification.
try {
Bundle bundle = new Bundle();
bundle.putString("factoryResetProtectionAdmin", 432112340987654321234);//google Id
devicePolicyManager.setApplicationRestrictions(adminComponentName, "com.google.android.gms", bundle);
// send broadcast
Intent broadcastIntent = new Intent("com.google.android.gms.auth.FRP_CONFIG_CHANGED");
broadcastIntent.setPackage("com.google.android.gms");
broadcastIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
getApplicationContext().sendBroadcast(broadcastIntent);
} catch (Exception e) {
Log.d("FRP", e.getLocalizedMessage());
e.printStackTrace();
}
Related
Can Always-on VPN switch be on programmatically?
I have added the device admin permission. After that i have set always on in with device admin
mDPM = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
mDeviceAdminSample = new ComponentName(this, DeviceAdminReceiver.class);
isAdminApp = mDPM.isAdminActive(mDeviceAdminSample);
if (isAdminApp) {
try {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
mDPM.setAlwaysOnVpnPackage(mDeviceAdminSample,"", true);
}
} catch (PackageManager.NameNotFoundException namenotfoundexception) {
namenotfoundexception.printStackTrace();
} catch (Exception ex) {
}
}
but it's not enabling the always on.
i have added package name insted of
mDPM.setAlwaysOnVpnPackage(mDeviceAdminSample,"my.app.package.name", true);
but still not enabling the switch.
Then what this code is doing?
How can i enable it programatically?
I want this to be like below image
According to docs, setAlwaysOnVpnPackage can only be used by the profile owner (usually the MDM client on work profile) or device owner (for fully managed devices):
Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user. This connection is automatically granted and persisted after a reboot.
As a personal profile user - I don't want my VPN to decide for itself when to connect (set always on programmatically will immediately connect the VPN, if implemented correctly).
As a work profile user (wearing the hat of an employee), it's not my decision, but my organization's (via the profile owner app).
So, all in all, this behavior makes sense.
Update:
Instead implementing MDM, which could take a lot of work, you can clone, build and debug Google's Test DPC app, which have everything you need to test toggling always-on VPN programmatically.
It also have million other things, which you don't need so be sure to ignore the rest :)
I haven't looked at their code, but I suggest searching for usages of setAlwaysOnVpnPackage function.
Google's Test DPC app:
Link to Play Store
Link to GitHub repo (to build & debug it yourself)
I am working on android project, where NFC is used as a communication. I am facing a weird problem, when mobile device has a NFC, it is enabled, but it is not working on some devices (adapter is not enabled when debugging). I am writing logs and it prints, NFC on, adapter disabled.
For example: HTC One m9(os 7.0). Also happens with OnePlus One(os 9)! But again, it works on other devices.
Did you experience the same issue?
Here is some code:
object NfcUtil {
fun getNfcAdapter(c: Context): NfcAdapter? {
val manager = c.getSystemService(Context.NFC_SERVICE) as NfcManager
return manager.defaultAdapter
}
fun doesSupportHce(c: Context): Boolean {
return c.packageManager.hasSystemFeature(PackageManager.FEATURE_NFC_HOST_CARD_EMULATION)
}
}
val adapter = NfcUtil.getNfcAdapter(this)
if (adapter != null && NfcUtil.doesSupportHce(this)) {
if (adapter.isEnabled) {
tvNfcOff.extHide()
} else {
tvNfcOff.extShow()
}
}
I think that if NFC is supported and enabled but the adapter is disabled (https://developer.android.com/reference/android/nfc/NfcAdapter#isEnabled()) I'll follow the guidelines and redirects the user to the settings screen with the intent mentioned in the documentation.
If the user come back few times you could monitor it and show a different message instead of redirecting to settings, something like: NFC is not working properly on your device. I'd check if you have lots of users using those devices, if yes, I will try to research more on the Operating System and Device having this issue.
And later on I will just try to debug it with that Device and that specific Operating System that is having this kind of issue. I'll try to see if other apps using NFC has same issues or they work fine, and by work fine I mean that the communication happens not that other apps dont show any warning/error popup message.
And if I found out its an issue in a specific OS Version, also with other apps, I'll just try to inform the users and get an update on which version the issue have been fixed. Otherwise if other apps can make a successful NFC communication in that device/OS that is not working for me, I'll just dig deeper.
For now I can say there is nothing wrong in your implementation and looks good.
It might be an issue with the current OS or if you have any Custom ROM that might not fully support or have a functional NFC driver.
Two additional bits of info that might be useful
1) Use a Broadcaster receiver to get notified when the NFC state changes, because using the quick settings pull down does not pause your app, therefore retesting nfc status in onResume does not work (a user changing via the full settings app will pause you App, though)
Example of how to do it in Java
#Override
protected void onCreate(Bundle savedInstanceState) {
// All normal onCreate Stuff
// Listen to NFC setting changes
this.registerReceiver(mReceiver, filter);
}
// Listen for NFC being turned on while in the App
private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
#Override
public void onReceive(Context context, Intent intent) {
final String action = intent.getAction();
if (action.equals(NfcAdapter.ACTION_ADAPTER_STATE_CHANGED)) {
final int state = intent.getIntExtra(NfcAdapter.EXTRA_ADAPTER_STATE,
NfcAdapter.STATE_OFF);
switch (state) {
case NfcAdapter.STATE_OFF:
// Tell the user to turn NFC on if App requires it
break;
case NfcAdapter.STATE_TURNING_OFF:
break;
case NfcAdapter.STATE_ON:
// Do something with this to enable NFC listening
break;
case NfcAdapter.STATE_TURNING_ON:
break;
}
}
}
};
2) Don't assume that the device has a NFC settings page, if your app works with and without NFC, if the adapter is null don't assume you can start an Intent to the NFC settings page as suggested by #denis_lor as this will cause a crash if the OS does not have a NFC adapter to turn on.
I am trying to clear a data from within the app and my app is device owner, hence I am getting and error
java.lang.SecurityExeception :Clearing DeviceOwner data is forbidden.
Code I am using is
public void onClearData(View view) {
try {
boolean isCleared = ((ActivityManager) getSystemService(ACTIVITY_SERVICE)).clearApplicationUserData();
if (!isCleared) {
Toast.makeText(this, "Not able to clear the data", Toast.LENGTH_SHORT).show();
}
} catch (Exception e) {
e.printStackTrace();
}
}
Now, my question is that how it will be possible to clear a data of device owner app from within the app? Would appreciate a help.
The way you're doing it is how it's done, according to the docs.
But since you're getting that security exception, your app is probably set as a device owner app, and you're not allowed to deactivate it, remove its data nor uninstall it while it is on this state.
If that's really the case I'd suggest you to unset it as a Device Owner App. Try to use dpm remove-active-admin for that.
Take a look at those questions for more info:
How to make my app a device owner?
How to remove set-device-owner in Android DPM?
Disable a device owner app from android terminal
I'm trying to develop an app that can get the Network stats from specific packages, but I'm getting these problems:
When I try to use the NetworkStats Library of Android 6.0(Marshmallow), I get this Exception:
NetworkStats: Neither user 10412 nor current process has
android.permission.READ_NETWORK_USAGE_HISTORY.
Here is the code:
try {
TelephonyManager tm;String subscriberID;
NetworkStatsManager networkStatsManager;
NetworkStats networkStats;NetworkStats.Bucket bucket;
tm = (TelephonyManager) mContext.getSystemService(mContext.TELEPHONY_SERVICE);
subscriberID = tm.getSubscriberId();
networkStatsManager = mContext.getSystemService(NetworkStatsManager.class);
networkStats = networkStatsManager.queryDetailsForUid
(typeMobile, subscriberID, dtBegin, dtEnd, uidPackage);
if(networkStats !=null){
while (networkStats.hasNextBucket()) {
bucket = new NetworkStats.Bucket();
networkStats.getNextBucket(bucket);
Log.d("Bucket RX:",bucket.getUid()+" -" +String.valueOf(bucket.getRxBytes()));
Log.d("Bucket TX:",bucket.getUid()+" -" +String.valueOf(bucket.getTxBytes()));
}
}
}
catch (Exception ex){
Logger.e(ex.getMessage());
}
How can I get the functionality of NetworkStats in previous versions of Android (5.0 & 4.0)? Is there any library?
READ_NETWORK_USAGE_HISTORY permission is only granted for system applications. So, unless you are using a rooted phone, you won't be able to use it. The only way out is to use TrafficStats which is available since API level 8.
Mmm ... After a little bit research over internet I give up on using this Android Native Library. I have managed to make it work, but its necessary that the user enables it through "User Data Access" option (Located under Settings App). Then I try to launch this app to the user so the user can enable by himself, but this doesnt not work on many devices. See this link:
Devices without "Apps using Usage Data" or android.settings.USAGE_ACCESS_SETTINGS intent
enter image description here
How to set GPS status on when the app is set as Device administrator by user.
I'm using this method :
private void turnGPSOn() {
Intent intent = new Intent("android.location.GPS_ENABLED_CHANGE");
intent.putExtra("enabled", true);
getApplicationContext().sendBroadcast(intent);
String provider = Settings.Secure.getString(getApplicationContext()
.getContentResolver(),
Settings.Secure.LOCATION_PROVIDERS_ALLOWED);
if (!provider.contains("gps")) { // if gps is disabled
final Intent poke = new Intent();
poke.setClassName("com.android.settings",
"com.android.settings.widget.SettingsAppWidgetProvider");
poke.addCategory(Intent.CATEGORY_ALTERNATIVE);
poke.setData(Uri.parse("3"));
this.getApplicationContext().sendBroadcast(poke);
}
}
and getting this error at least on API-21:
java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.location.GPS_ENABLED_CHANGE from pid=27737, uid=10464
please please please care about Device administrator permission that is enabled and don't tag the question as duplicated!
android.location.GPS_ENABLED_CHANGE intent can only be broadcasted by system apps as it is a protected broadcast(means your app should be either signed with systemsignature or it should be a system app). Even if your app is selected as Device Admin app by user, it does not mean it is eligible to use system features. Device Admin app will get access to features that are exposed by DevicePolicyManager class. Some of the global settings and secure settings can be controlled using DevicePolicyManger class on Lollipop and above.
Control Secure Settings
Control Global Settings