[Android] Make your application a device administrator

Since Android 2.2,  new device policy management APIs allow developers to write “device administrator” applications that can control security features of the device, such as the minimum password strength, data wipe, and so on. Users can select the administrators that are enabled on their devices. For more information, see the android.app.admin classes or the example application code in DeviceAdminSample.java.

Below is the steps to make an application to be a device administrator:

1: Import android.app.admin.DeviceAdminReceiver and android.app.admin.DevicePolicyManager packages.

2: Add an inner class, which extends DeviceAdminReceiver,  to your application.

public static class MyAdmin extends DeviceAdminReceiver {
// implement onEnabled(), onDisabled(), …
}

3: Add below two fields to your application.

DevicePolicyManager mDPM;
ComponentName mAdminName;

4: Initalize above two field variables in the OnCreate() method.

mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
mAdminName = new ComponentName(this, MyAdmin.class);

5: Enable the administration somewhere:

if (!mDPM.isAdminActive(mAdminName)) {
// try to become active – must happen here in this activity, to get result
Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
mAdminName);
intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION,
“Additional text explaining why this needs to be added.”);
startActivityForResult(intent, REQUEST_ENABLE);
} else {
// Already is a device administrator, can do security operations now.
mDPM.lockNow();
}

Note: The application should check  the result of the ACTION_ADD_DEVICE_ADMIN. Add below code lines in the onActivityResult() method:

if (REQUEST_ENABLE == requestCode)
{
if (resultCode == Activity.RESULT_OK) {
// Has become the device administrator.

} else {
//Canceled or failed.

}
}

6. Add a receiver into the AndoidManifest.xml of your application.

<receiver
android:name=”app_class_name$MyAdmin”
android:label=”@string/xxx”
android:description=”@string/xxx”
android:permission=”android.permission.BIND_DEVICE_ADMIN” >
<meta-data
android:name=”android.app.device_admin”
android:resource=”@xml/my_admin” />
<intent-filter>
<action android:name=”android.app.action.DEVICE_ADMIN_ENABLED” />
</intent-filter>
</receiver>

Note: The label and description strings should be added in the res/values/strings.xml. The meta-data file should be added to the res/xml/. The my_admin.xml in our example are as follows:

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
    <uses-policies>
        <limit-password />
        <watch-login />
        <reset-password />
        <force-lock />
        <wipe-data />
    </uses-policies>
</device-admin>

9 Responses to “[Android] Make your application a device administrator”

  1. airdamien Says:

    Still can’t get this to work.. getting frustrated.. seems like a permissions issue but I’ve checked and doublechecked.. can you share a running example? airdamien@gmail.com

    05-24 19:06:05.285: WARN/DeviceAdminAdd(11506): Unable to retrieve device policy ComponentInfo{com.blue.bigadmin2/com.blue.bigadmin2.deviceadminreceiver}

  2. adrain Says:

    hii guys i have been working on this and i have doubt is there any way or hack by which i can get my app is “active admin” without expliclty getting permission via the activity with “ACTION_ADD_DEVICE_ADMIN ” intent.

    Is there any other way to get the permission other than thru activity??

  3. G Says:

    Thank you for this post!

    I tried implementing this using the notes at: http://developer.android.com/guide/topics/admin/device-admin.html#top

    But it was your post that helped me implement this!

  4. dacky Says:

    Why is it that when you disable the device administrator and restart your phone, the device administrator is enabled again inside select device administrators? Thanks.

  5. brandon Says:

    still can’t get this to work, can someone PLEASE add an example

  6. firehouse Says:

    05-24 19:06:05.285: WARN/DeviceAdminAdd(11506): Unable to retrieve device policy ComponentInfo{com.blue.bigadmin2/com.blue.bigadmin2.deviceadminreceiver}

    Got this error, too. Don’t have a clue how to get this to work. Can you please help? Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: