Show Device Administration Dialog in Android

Description:

You use the Device Administration API to write device admin apps that users install on their devices. The device admin app enforces the desired policies. Here’s how it works:

  • A system administrator writes a device admin app that enforces remote/local device security policies. These policies could be hard-coded into the app, or the app could dynamically fetch policies from a third-party server.
  • The app is installed on users’ devices. Android does not currently have an automated provisioning solution. Some of the ways a sysadmin might distribute the app to users are as follows:
  • Google Play.
  • Enabling installation from another store.
  • Distributing the app through other means, such as email or websites.
  • The system prompts the user to enable the device admin app. How and when this happens depends on how the app is implemented.
  • Once users enable the device admin app, they are subject to its policies. Complying with those policies typically confers benefits, such as access to sensitive systems and data.

If users do not enable the device admin app, it remains on the device, but in an inactive state. Users will not be subject to its policies, and they will conversely not get any of the app’s benefits — for example, they may not be able to sync data.

If a user fails to comply with the policies (for example, if a user sets a password that violates the guidelines), it is up to the app to decide how to handle this. However, typically this will result in the user not being able to sync data.

If a device attempts to connect to a server that requires policies not supported in the Device Administration API, the connection will not be allowed. The Device Administration API does not currently allow partial provisioning. In other words, if a device (for example, a legacy device) does not support all of the stated policies, there is no way to allow the device to connect.

If a device contains multiple enabled admin apps, the strictest policy is enforced. There is no way to target a particular admin app.

To uninstall an existing device admin app, users need to first unregister the app as an administrator.

Step 1:
you need to create a DeviceAdminReceiver in your code :

public class MyAdmin extends DeviceAdminReceiver {


static SharedPreferences getSamplePreferences(Context context) {
return context.getSharedPreferences(
DeviceAdminReceiver.class.getName(), 0);
}

static String PREF_PASSWORD_QUALITY = "password_quality";
static String PREF_PASSWORD_LENGTH = "password_length";
static String PREF_MAX_FAILED_PW = "max_failed_pw";

void showToast(Context context, CharSequence msg) {
Toast.makeText(context, msg, Toast.LENGTH_SHORT).show();
}

@Override
public void onEnabled(Context context, Intent intent) {
showToast(context, "Sample Device Admin: enabled");
}

@Override
public CharSequence onDisableRequested(Context context, Intent intent) {
return "This is an optional message to warn the user about disabling.";
}

@Override
public void onDisabled(Context context, Intent intent) {
showToast(context, "Sample Device Admin: disabled");
}

@Override
public void onPasswordChanged(Context context, Intent intent) {
showToast(context, "Sample Device Admin: pw changed");
}

@Override
public void onPasswordFailed(Context context, Intent intent) {
showToast(context, "Sample Device Admin: pw failed");
}

@Override
public void onPasswordSucceeded(Context context, Intent intent) {
showToast(context, "Sample Device Admin: pw succeeded");
}
}

Step 2:

you need to add an XML file to show why you need this permission. go to the res folder and create a folder named xml, then create a file with name policies.xml in it.

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
<uses-policies>
<force-lock></force-lock>
</uses-policies>
</device-admin>

you can also add these features too, in this case, I need just to force-lock:

<limit-password />
<watch-login />
<reset-password />
<force-lock />
<wipe-data />
<expire-password />
<encrypted-storage />
<disable-camera />

step 3: After that, you should go to the android manifest and add a receiver:

<receiver
android:name=".services.MyAdmin"
android:description="@string/txt_device_admin_description"
android:label="@string/title_device_admin"
android:permission="android.permission.BIND_DEVICE_ADMIN">
<meta-data
android:name="android.app.device_admin"
android:resource="@xml/policies" />

<intent-filter>
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
</intent-filter>
</receiver>

step 4: In the last step, you can call the request permission:

DevicePolicyManager deviceManger;
ActivityManager activityManager;
ComponentName compName;
compName = new ComponentName(this, MyAdmin.class);
deviceManger = (DevicePolicyManager)getSystemService(
Context.DEVICE_POLICY_SERVICE);
activityManager = (ActivityManager)getSystemService(
Context.ACTIVITY_SERVICE);
boolean active = deviceManger.isAdminActive(compName);
if(active){
// do something because code devicemanager is active
}else{
// call deviceadminsetting
startActivityForResult(new Intent().setComponent(new ComponentName("com.android.settings", "com.android.settings.DeviceAdminSettings")),RESULT_ENABLE);
}

you can view the source code of this article on my Github:

https://github.com/alirezat66/openadministratordialog