Geek Answers Handbook

Is it possible to have a Profile Owner app in Android Lollipop that is not simultaneously present

The Lollipop API provides two new features: Profile Owner and Device Owner ( http://developer.android.com/about/versions/android-5.0.html#Enterprise ). Between them, they offer only those functions that I need for an application that parents can use to control the activity of their child devices. Stream settings for each of them:

Device owner

When setting up your device using NFC, you can tell Android that you want your application to be the owner of the device. Android then downloads the application from the URL, and the device is encrypted and supplied with the application as the owner of the device. Therefore, in order for someone to install my application from Google Play, I needed an application to invite them to factory reset their device, and then install another application on another device, and then NFC to combine them. As the tuning flows go, this is far from ideal. But once configured, Device Owner's APIs provide a very rich set of features for this use case.

Profile Owner

The setting for this is a little more straightforward: the user installs the application from Google Play and may be offered to provide privileges to the owner of the profile. If the user agrees, the device is encrypted with Android, and after rebooting the device has 2 β€œco-presence” profiles that use the same launcher (home screen). The setup may be more direct, but the end result is not quite what I need, since the application has control over applications under a managed profile.

Question

So, I actually have 2 questions: is it possible to create a Profile Owner application that controls the entire user profile, i.e. unmanaged shared profile profile? Or can you make the Device Owner application a simpler setup stream that does not require factory reset and NFC bump (rooting is not an option)? Some kind of intermediate point between the two approaches would be ideal.

+7
android android-5.0-lollipop device-policy-manager nfc device-owner
source share
3 answers

Answer (1): The managed profile works as a separate person, all applications under the profile are different (they are a separate independent instance of the application), it looks like a new user. The owner of the profile is the owner of the managed profile application, therefore, it does not have much power and functionality comparable to the owner of the device, so it cannot control the entire user profile.

Answer (2): to create a device owner, you need to go using the NFC method, since after setting up your device it will be prepared, after which you will not be able to make your application the device owner (if you do not go with the rooting method), you can follow the data links to create a device owner.

1) Create device owner using NFC

2) With rooting

+3
source share

As rightly said, there can only be one owner of a device on a device, but there can be several profile owners on a device. Each profile owner will be active for 1 user.

This can be achieved by calling createAndInitializeUser api in DevicePolicyManager.

http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#createAndInitializeUser%28android.content.ComponentName,%20java.lang.String,%20java.lang.String,%20android.content.ComponentName ,% 20android.os.Bundle% 29

I managed to create several profile owners, but I'm still trying to figure out if there is a way to get the device owner to talk to the profile owner.

0
source share

Is it possible to create a Profile Owner application that manages the entire user profile, that is, it will not be a jointly managed profile?

ACTION_PROVISION_MANAGED_PROFILE

The profile owner application creates a managed profile by submitting the intent using the DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE action. (A source.)

Let DevicePolicyManager.java open.

The Javadoc comment for ACTION_PROVISION_MANAGED_PROFILE says:

/** * ... Starts the provisioning flow which sets up a managed profile. * ... * ... The user which provisioning is started from and * the managed profile share a launcher. ... */

So ACTION_PROVISION_MANAGED_PROFILE probably won't help you do what you want.

Hmmm.

ACTION_PROVISION_MANAGED_USER

The only other action in this file that looks like this can help: ACTION_PROVISION_MANAGED_USER.

Take a look at the Javadoc comment. It says:

 /** * ... Starts the provisioning flow which sets up a managed user. * ... * This intent will typically be sent by a mobile device management application (MDM). * Provisioning configures the user as managed user and sets the MDM as the profile * owner who has full control over the user.

Fine! What is the catch?

  * ... Provisioning can only happen before user setup has * been completed. ... */

O. :( So, if your device is not deployed, I think you need to somehow install the application for your profile owner right after the factory reset and before the installation wizard is completed.

Side note

I looked at a specific technical document. It states: "During a managed initialization process, an intent known as ACTION_PROVISION_MANAGED_PROFILE is invoked. If the user has a pre-existing personal account, the managed profile is separate, but is shared." It seems to me that if you call ACTION_PROVISION_MANAGED_PROFILE on a device without user accounts, your application can control the entire user profile. But, again, I think you need to somehow install your application for the profile owner right after the factory reset and before the installation wizard is completed.

Doing what you want

I think that what you want is unfortunately impossible. If you want, you can request an Android feature and ask them to make it possible. If you do, leave a comment below with the function url. If you do not have enough reputation points for comments, write me at tealhill at gmail.com and ask me to leave a comment on your behalf.

Workaround

I assume that for your application there may be a problem downloading and launching a third-party application that has the roots of the phone. Most phones are root. Once the phone is rooted, your application can become the owner of the device. Subsequently, maybe your application can turn off the phone and still remain the owner of the device. Or maybe not. I dont know.

If your application fails to disconnect the phone, or if it does not try, the phone will remain forever. This may pose a security risk. You should probably warn the user.

0
source share

More articles:


All Articles