3

I am trying to achieve a use case where on installing an app, all print services barring one would get disabled on the Android device.

To achieve this, I looked into Android's Device Administration API capabilities but that doesn't fulfill the use case. I also looked into Google's Android for Work framework and arrived at the following observations / possible solutions -

  1. By setting up managed profiles (work profile): This was introduced from Android 5.0 but can only manage the listed/enterprise controlled and has no control over other apps as mentioned in the below links -
  2. By writing a Device Policy Controller (DPC) app: To achieve the specific use-case the DPC would have to run as the device owner in which case the provisioning needs to be done via NFC and is not straightforward. Also, this scenario is generally meant for corporate owned, single use (COSU) devices.

So my questions/doubts here are -

  1. Is there any straightforward way in which this use case can be achieved?
  2. Is this even achievable as it violates the Android Security model?
Shikhar
  • 1,411
  • 1
  • 11
  • 17
  • "Is there any straightforward way in which this use case can be achieved?" -- I doubt it. "Is this even achievable as it violates the Android Security model?" -- build your own custom ROM and deploy it on the hardware. – CommonsWare Aug 10 '16 at 21:32
  • @CommonsWare building my own custom ROM is not possible / out of scope as eventually (if achievable) this app will be deployed for several enterprise users. – Shikhar Aug 10 '16 at 21:38

1 Answers1

0

  1. You should write your custom DPC. Right now you can do provisioning using several methods. If you have devices which use Android 7 and above you can use QR code provisioning which is quite convenient. For this purpose you can upload your dpc apk to a remote server and write information about the server, application DeviceAdminReceiver and apk checksum to QR code (you can take this QR code as example).

    You can check to google awesome project TestDPC which will give your deep understanding of what is DPC and how can you use it.

    You can read more about provisioning methods in android documentation. Also if you can contact the manufacturer of devices you can ask him to preinstall your custom dpc.

  2. It is achievable and doesn't violate Android Security model because during provisioning your dpc app it get Device Owner (root). So you can do anything without any restrictions. Here you can check device owner API and possibilities. Also take a look at TestDPC source code and you will understand that nothing is impossible with Device owner mode :)

Alex Misiulia
  • 1,542
  • 17
  • 16