0

I'm making a security program and I'm using DeviceAdmin mechanism. I'va made a DeviceAdminReceiver, it works flawlessly. I need to protect my software from deinstalling. On the first run user enters the password for uninstallation. In onDisableRequested I'm using setPasswordQuality(), setPasswordMinimumLength() and finally lockNow(). The device is locking and asks for my password. It is fine. When the user enters matching password the device unlocks, user sees my warning like @it's not a good idea to disable bla-bla-bla" and disables my admin app.

But! The password that was set by my code isn't cleared and if the user used some pattern to lock his phone the phone is locked by my password for good!

The question is: how can I revert changes to locking scheme? (i.e. restore it to visual pattern if it needs)

Revertron
  • 1,213
  • 2
  • 13
  • 17
  • Why do you need to prompt the user? Disabling a device admin already triggers dialogue to the user to confirm disabling the device admin AFAIK – dudebrobro Aug 02 '13 at 11:35
  • @QuentinSwain Only the user that installed it has right to uninstall. For example, if the phone is stolen my program will track whereabouts of a thief. But if a thief can uninstall it without problem this security is meaningless. – Revertron Aug 02 '13 at 11:42
  • Can you explain a little bit more, these two sentnces "The device is locking and asks for my password" and "The password that was set by my code isn't cleared". Methods setPasswordQuality and setPasswordMinimumLength only set restrictions for new passcode and doesn't set passcode itself. So, I am not how do you set an actual password using your code. – Victor Ronin Aug 02 '13 at 13:53
  • @VictorRonin I forgot to mention that I use resetPassword() as well. The device is locking - the screen is turned off, I'm turning it back on and it is locked by my new password (like PIN). And that PIN that I'm setting with resetPassword() is replacing any of keyguard settings. – Revertron Aug 02 '13 at 14:19

1 Answers1

0

Roman, based on your description, I am not sure which case you are trying to protect from.

It looks like you are trying to protect from :

  • a thief, who knows a device passcode (so you are trying to use another passcode)

This is quite strange case. I would rather ignore it, because it has a lot of other implication.

  • a thief, which stole unlocked phone and wants to uninstall your device admin

In this case, you don't need to reset a password. All you need to do is lockNow() to make sure that he can't uninstall (because he doesn't know the password)

Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
  • the user may use simple "slide to unlock". But I must ensure the user that my anti-thief module will be "persistent" somehow... – Revertron Aug 05 '13 at 08:32
  • you mean that you user may not have password configured at all? ("slide to unlock") – Victor Ronin Aug 05 '13 at 15:15
  • Ok. So, your question boils down to whether there is an API to programmatically remove device password. I am not sure that such API exist. However, you can try to do resetPassword(""). – Victor Ronin Aug 06 '13 at 14:11