Device Administration Overview
The Android Device Administration API, introduced in Android 2.2, allows you to create security-aware applications that are useful in enterprise settings, such as:
- Email clients
- Security applications that do remote wipe
- Device management services and applications
You use the Device Administration API to write device admin applications that users install on their devices. The device admin application enforces desired security policies. Here’s how it works:
- A system administrator writes a device admin application that enforces remote/local device security policies.
- The application is installed on a user’s device.
- The system prompts the user to enable the device admin application.
- Once the users enable the device admin application, they are subject to its policies.
The Device Administration Classes
The Device Administration API includes the following classes:
Base class for implementing a device administration component. This class provides a convenience for interpreting the raw intent actions that are sent by the system. Your Device Administration application must include a DeviceAdminReceiver subclass.
A class for managing policies enforced on a device. Most clients of this class must have published a DeviceAdminReceiver that the user has currently enabled. The DevicePolicyManager manages policies for one or more DeviceAdminReceiver instances.
This class is used to specify metadata for a device administrator component.
Creating the Manifest
The manifest of your admin application must register your DeviceAdminReceiver as a <receiver>.
The <receiver> should set android:permission="android.permission.BIND_DEVICE_ADMIN" to ensure that only the system is allowed to interact with the broadcast receiver.
The <receiver> must have an <intent-filter> child element including one or more of the following <action>s, as defined in the DeviceAdminReceiver class:
(Required) This is the primary action that a device administrator must implement to be allowed to manage a device. This is sent to a device administrator when the user enables it for administration.
Action sent to a device administrator when the user has requested to disable it, but before this has actually been done.
Read more: Marakana