Device Admin Policy

What Is Device Admin

Device admin permission is an Android feature that grants extensive control and management capabilities to certain apps installed on an Android device. When an app is granted device admin permission, it gains elevated privileges and can perform various system-level operations that are typically restricted to regular apps.

Device admin permissions allow an app to perform actions such as:

Locking or resetting the device: An app with device admin permission can lock the device, change the device's password, or perform a factory reset, which can result in the loss of all data on the device.
Enforcing security policies: Device admin apps can enforce security policies on the device, such as setting password requirements, disabling the camera or restricting app installations.
- Remotely wiping data: In case of a lost or stolen device, a device admin app can be used to remotely wipe all data on the device, ensuring that sensitive information does not fall into the wrong hands.

Device admin permission granting is different with other permissions. For this purpose application open an setting page which is related to device admin permission and then user must allow the target application.

Untitled

<aside> 💡 This permission only can revoked from settings and it’s not show on apps permission.

</aside>

How To Use Device Admin Permission

In Android, the Device Admin class is used to enforce policies and manage device-specific settings. To implement the Device Admin class in your Android application, follow these steps:

Step 1: Declare Device Admin Receiver in AndroidManifest.xml Create a new class that extends DeviceAdminReceiver, which will handle device admin events. Then, declare the receiver in your application's AndroidManifest.xml file. Here's an example:

<receiver
    android:name=".MyDeviceAdminReceiver"
    android:description="@string/device_admin_description"
    android:label="@string/device_admin"
    android:permission="android.permission.BIND_DEVICE_ADMIN">
    <meta-data
        android:name="android.app.device_admin"
        android:resource="@xml/device_admin_receiver" />

    <intent-filter>
        <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
    </intent-filter>
</receiver>

And create device_admin_receiver file:

<device-admin xmlns:android="<http://schemas.android.com/apk/res/android>">
    <uses-policies>
        <limit-password />
        <watch-login />
        <reset-password />
        <force-lock />
        <force-encryption />
    </uses-policies>
</device-admin>

Step 2: Create Device Admin Receiver class Create a new class that extends DeviceAdminReceiver and override the necessary methods. For example:

public class MyDeviceAdminReceiver extends DeviceAdminReceiver {
    @Override
    public void onEnabled(Context context, Intent intent) {
        // Called when the user has enabled the device admin.
    }

    @Override
    public void onDisabled(Context context, Intent intent) {
        // Called when the user has disabled the device admin.
    }
}

Step 3: Activate Device Admin To activate the device admin, you need to prompt the user to enable your app as a device administrator. Here's an example of how you can do it:

private static final int REQUEST_CODE_ENABLE_ADMIN = 1;

private void requestAdminActivation() {
    Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
    ComponentName componentName = new ComponentName(this, MyDeviceAdminReceiver.class);
    intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, componentName);
    intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION, "Your admin explanation");
    startActivityForResult(intent, REQUEST_CODE_ENABLE_ADMIN);
}

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == REQUEST_CODE_ENABLE_ADMIN) {
        if (resultCode == RESULT_OK) {
            // Device admin is activated.
        } else {
            // Device admin activation is canceled.
        }
    }
}

Step 4: Use Device Admin APIs Once the device admin is activated, you can use the DevicePolicyManager class to perform various device management tasks. For example, you can lock the device, reset the password, set restrictions, etc. Here's an example of locking the device:

private fun lockDevice() {
        val devicePolicyManager = getSystemService(DEVICE_POLICY_SERVICE) as DevicePolicyManager
        val myDeviceAdminComponent = ComponentName(this, MyDeviceAdmin::class.java)

        if(devicePolicyManager.isAdminActive(myDeviceAdminComponent)){
            devicePolicyManager.lockNow()
        } else{
            Toast.makeText(this, "Please enable device admin permission.",
                Toast.LENGTH_LONG).show()
        }
    }
    private fun wipeDevice(){
        val devicePolicyManager = getSystemService(DEVICE_POLICY_SERVICE) as DevicePolicyManager
        val myDeviceAdminComponent = ComponentName(this, MyDeviceAdmin::class.java)

        if(devicePolicyManager.isAdminActive(myDeviceAdminComponent)){
            devicePolicyManager.wipeData(0)
        } else{
            Toast.makeText(this, "Please enable device admin permission.",
                Toast.LENGTH_LONG).show()
        }
    }