Back to top

Android’s Device Administration API provides system-level device administration capabilities that enable the creation of security-aware apps. Android’s Device Administrationprovides an in-depth explanation on how to use the Device Administration API to create device admin apps.

Register the Device Admin Receiver

First, register the device admin receiver in your app’s manifest. Your receiver must be a subclass of DeviceAdminReceiver that has both the BIND_DEVICE_ADMIN permission and the ability to respond to the ACTION_DEVICE_ADMIN_ENABLED intent.

In AndroidManifest.xml, insert the following XML anywhere inside the <application> tag.

<receiver
    android:name=".SampleAdminReceiver"
    android:description="@string/enterprise_device_admin_description"
    android:label="@string/enterprise_device_admin"
    android:permission="android.permission.BIND_DEVICE_ADMIN" >
    <meta-data
        android:name="android.app.device_admin"
        android:resource="@xml/device_admin_receiver" />
    <intent-filter>
        <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
    </intent-filter>
</receiver>

The Android Device Manager also states that you must identify the security policies in use by the app in a <meta-data> entry. Since the app will use a Samsung Knox policy to toggle TIMA Keystore, you don’t need to specify any native Android (DevicePolicyManager) policy. However, Android still requires you to create an empty device_admin_receiver file.

In your project, navigate to app > src > res. Create a directory named xml. Inside this directory, create an XML resource file named device_admin_receiver.xml, and replace the auto-generated code with the following:.

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
    <uses-policies>
    </uses-policies>
</device-admin>

Paste the following code in MainActivity() to update the state ofToggleAdminbtn.

public void refreshButtons() {
    boolean adminState = mDPM.isAdminActive(mDeviceAdmin);
    boolean kioskState = EnterpriseDeviceManager.getInstance(this).getKioskMode().isKioskModeEnabled();

    if (!adminState) {
        mToggleAdminBtn.setText(getString(R.string.activate_admin));
    } else {
        mToggleAdminBtn.setText(getString(R.string.deactivate_admin));
    }
}

You must also declare this method in the onResume() method in MainActivity()

@Override
protected void onResume() {
    super.onResume();
    refreshButtons();
}

Paste the following code in MainActivity() to handle the result of the device administrator activation request.

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    if (requestCode == DEVICE_ADMIN_ADD_RESULT_ENABLE) {
        switch (resultCode) {
            // End user cancels the request
            case Activity.RESULT_CANCELED:
            mUtils.log(getResources().getString(R.string.admin_cancelled));
            break;
            // End user accepts the request
            case Activity.RESULT_OK:
            mUtils.log(getResources().getString(R.string.admin_activated));
            refreshButtons();
            break;
        }
    }
}

Create the Device Admin Receiver class

Create a device admin receiver Java class named SampleAdminReceiver.java. The device admin receiver should be located in: app > src > main > java > [your package name].

import android.app.admin.DeviceAdminReceiver;
import android.content.Context;
import android.content.Intent;
import android.widget.Toast;
public class SampleAdminReceiver extends DeviceAdminReceiver {
    void showToast(Context context, CharSequence msg) { 
        Toast.makeText(context, msg, Toast.LENGTH_SHORT).show();
    }
    @Override
    public void onEnabled(Context context, Intent intent) {
        showToast(context, "Device admin enabled");
    }
    @Override
    public void onDisabled(Context context, Intent intent) {
        showToast(context, "Device admin disabled");
    }
}

Create the Device Admin methods

Now, let’s create the toggleAdmin() method. This method is invoked when the user taps ACTIVATE ADMIN, and checks whether the Admin state is active or not. The DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN intent is started to add the app as a device administrator. Upon activation, it then deactivates the Admin by calling the removeActiveAdmin() of the DevicePolicyManager object.

Paste the following methods into MainActivity():

private void toggleAdmin() {
    DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(DEVICE_POLICY_SERVICE);
    boolean adminActive = dpm.isAdminActive(mDeviceAdmin);
    if (adminActive) { // If Admin is activated
        mUtils.log(getResources().getString(R.string.deactivating_admin));
        // Deactivate this application as device administrator
        dpm.removeActiveAdmin(new ComponentName(this, SampleAdminReceiver.class));
        finish();
    } else { // If Admin is deactivated
        mUtils.log(getResources().getString(R.string.activating_admin));
        // Ask the user to add a new device administrator to the system
        Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
        intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdmin);
        // Start the add device admin activity
        startActivityForResult(intent, DEVICE_ADMIN_ADD_RESULT_ENABLE);
    }
}

Tutorial progress

You’ve completed 3/7 steps!

Next

Is this page helpful?