1

My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".

The following criteria have to be met:

  • Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
  • The user should not be able to remove or disable the app
  • Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
  • Has to work with stock androids on regular consumer devices

In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.

Is such a project even possible with the current situation of Android?

awrush
  • 25
  • 2

1 Answers1

1

No.

Has to work with stock androids on regular consumer devices

Mostly, this is your biggest hurdle to overcome.

What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".

If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:

Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/

Here is Samsungs effort at device control: https://www.samsungknox.com/en

Here is Googles device management: https://developers.google.com/android/management

You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.

The user should not be able to remove or disable the app

This is only possible if you have a system app.

Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).

Blundell
  • 75,855
  • 30
  • 208
  • 233
  • Thank you for the detailed answer. I was aware of the malware-nature of my question, then again: it's exactly what Google's Android Device Policy app is, isnt' it? My actual use case is a phone for my kid which I'd like to administrate fully the way I want to, without depending on any other company or proprietary software for the management. – awrush Feb 02 '20 at 13:09
  • You also mentioned other EMM solutions. I'm trying to understand why those are able to install their proprietary apps which I guess are not removable either. Am I correct in assuming that any registered EMM solution has an official ID in Google's stock Android infrastructure so that, during the provisioning phase right after factory reset, the device contacts Google's APIs and installs the appropriate closed-source application for the respective provider? Is that how it basically works? – awrush Feb 02 '20 at 13:10
  • Because they have built the ROM (Samsung for example) then they can add non-removeable apps, and have a lot more control. Hmm I couldn't know exactly how Google's EMM work, what you say sounds like a sensible approach. You could write a Google EMM app for your kid's phone. It would not use any cloud API's as you asked, just local on device Google API: https://developer.android.com/work/dpc/build-dpc (i.e. make a DPC app but don't make or use an EMM console) – Blundell Feb 02 '20 at 17:32
  • Sorry for the very late reply, I lost track of this specific issue. Thanks again for all the details! :-) – awrush Aug 16 '20 at 11:20