Hello,
Our school district is looking into getting some Android Powered Tablets for us, the techs to use. We need to be able to lock them down (school policy and if the teachers eventually get them), from app installs to wifi usage. We have iPads restricted using the iPhone configuration tool.
anyways, I found online the Device_Admin code/api but I have no idea how to implement it or get it to work. In Android 2.2 there's the option under Settings/Location and Security to set the Admin but nothing is in there.
I have no idea how to code and neither does the other guy I'm working with on this. Is there an easy way to get this setup and configured so we can manage Android Devices on our Network?
Any help would be appreciated. Thanks.
Do you mean this API: http://developer.android.com/guide/topics/admin/device-admin.html ?
As far as I understand it allows to manage password strength, lock timeout, immediate lock and device wipe only. So no restrictions for "app installs, wifi usage" etc. Maybe I'm wrong.
IF that's all it does then maybe that's not what we want.
Is there software/API..etc... that we can use to "lock" the devices down?
Interesting question, could you specify exactly all features you need?
We're thinking to develop some kind of parent control app for Android, so your request for app is looking very similar.
Correct me if i'm wrong, but isn't locking down an android device pretty much impossible?
You can lock down the ROM (probably) but that wont stop someone flashing a custom recovery image, backing up the data, then flashing a new ROM (provided the tablet can be rooted).
To fully lock it down wouldn't you have to lock the bootloader and recovery image so that they need a password to be used? I'm not sure that's possible.
We're not so much looking to completely lock down the device. Honestly if the Teachers get these I doubt they'll try and mod the Bootloader or load ROM's. But we are looking to, if the teachers get them and even other techs get them to use we want to lock them down in a way that prevents them from install unapproved apps, restrict purchasing apps and accessing Wifi/Marker.
We have 10 or so iPads in our district, they are locked down by a policy we push to the pad when WE set them up. It restricts the App Store, removes Safari Browser and doesn't allow app install. It also uses our LightSpeed browser settings so that they can't get to "naughty" or other such sites.
After quick research it seems that you need custom ROM or at least rooted phone where standard browser, market etc are removed and some configuration parameters are hard coded. Also keep in mind that there's no lightspeed guide browser app for android, only for ipad, iphone. I would say there's a lot of work.
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
No one?
Beefheart said:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
Click to expand...
Click to collapse
i have the exact same setup on all my devices, including shield tv, although ive only had to allow the openvpn app, wifi/data/vpn access for things to work, ive never had to allow androids vpn ........is their a specific reason you grant android vpn access?does it not work otherwise?
I use the other openvpn app, by the way
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Beefheart said:
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Click to expand...
Click to collapse
I just checked for you, and yes, its there, mind you, im using zulu's full rom, not sure about stock rom but as with all my devices, i havent needed to allow this for vpn to work.
Unless theres a specific reason to do so, try without on your current devices, i suspect, vpn networking may only apply if you use androids inbuilt vpn found in settings
Edit
By the way, i dont know how far you wanna take it, but afwall has tasker plugin support, which i use to apply an afwall profile, i named "secure", that denies everything when screen turns off......aswell as other things in the same vain
Edit
I do it a little differently then what youre link suggests, i only allow the bare minimum of apps, those that i actually need internet for.......if an app has internet capability, but i have no need for that side of it, its denied, i dont whitelist ALL apps for vpn as your link suggests
I also suspect that guide was written for privateinternets method of using vpn on android, so maybe vpn networking applies if using private internet, but as for my openvpn app, its not needed.......neither is "GPS"
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Beefheart said:
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Click to expand...
Click to collapse
Yep, ive said it before and ill say it again, the shields an impressive piece of kit for sure
Xprivacy.........snap
We seem to have a very similar setup........believe me, if you wanna take it further at some point in the future.......tasker.........although, fair warning, theres a learning curve
Just some of the more basic things i automate with tasker with plugins like afwalls
When screen goes off, tasker......
Turns off wifi/3g
Turns of bluetooth
Afwall secure profile
Greenify all preselected apps
turn off "unknown sources" for extra measure, as tasker turns this off after it detects an apk install anyway
Turn of "debugging", incase i turn it on one day out of need and forget to turn off
Media volume set to 4 edit:this ones a bit out of place
Aplly afwall profiles depending on what app you happen to be using
Many possibilities with tasker, VERY usefull for many things
Non security related....kinda......... could potentially be used for such if modified
I have a small bluetooth media remote which has the numbers 1 to ten, with tasker and xposed additions module, i fooled around with it, pressing 1 connects the shields bluetooth to the bedroom speakers, long pressing 1 connects to the living room speakers..........i can imagine my self doing some neat stuff with these combination of apps and future accesories
Also, i use it to turn the shields light led to dim to let me now at a glance if the shields on or asleep, without having to change the channel
food for thought for those with similar setups
Edit
By the way, you mention dns leak, i assume you used a test site to check for the leak, any chance of a link? Incase its something very new
This ones the one i use,
https://ipleak.net/
Detects webrtc leaks on the specific browser you happen to be using at the time
Edit
For those interested
More on webrtc here
https://www.privateinternetaccess.c...ome-and-mozilla-firefox-while-using-private-i
If you use firefox or chrome, you can disable manually following this guide
https://www.purevpn.com/blog/disable-webrtc-in-chrome-and-firefox-to-protect-anonymity/
I think there are addons aswell
Edit
"and not as restricted as I was lead to believe"
Yep, i had the same thoughts, just my own assumption really, that android tv was completely different, internally, to "standard" android , pleasantly surprised, no incompatibilities so far............................good to know that stock is like that too :good:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Beefheart said:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Click to expand...
Click to collapse
Im not sure i understand fully, afwall is not enabled? Or, afwall IS enabled, but your prefered profile is not "applied"?
On full android at least, afwall is enabled upon reboot i havent had any issues in that regard, (saw your other post) i dont need init.d script (usefull to have though, if/when possible)
Have you tried reverting all afwalls settings to default, to rule out that likely suspect
Another likely suspect, xprivacy, but that depends if you restrict everything like i do, including system apps , if so, have you checked xprivacies usage data for afwall and global apps?
Another suspect, could be stock firmware, but i have my doubts about that one
Assuming im understanding the issue correctly
Edit
I dont have "fix startup data leak" checked(as we dont have init.d), nor ipv6 support checked as your link described
I just purchased the Amazon Moto G4 edition for my son who is 8yrs old, and I understand he's a little young for a phone. However, a few of his buddies have phones and I thought it was a great way to help him read and type better through texting. I'm also not planning on paying for Cell service but rather use Wifi for SMS and Calls through hangout. And maybe get him freedom pop for in an emergency.
Now, with that said I created a gmail account that I control (my password, my recovery email/phone #, etc.) and then used this to setup the Play store. I set up all the restrictions in the play store to what I believe is appropriate and of course I locked it by setting up my own PIN code so he couldn't change them.
I also setup his own google voice number and tied it to google hangouts/dialer but I can also monitor what he is doing on my phone periodically if I wanted. I'm not interested in him using Snapchat, WhatsApp, or any other kind of social network.
I've also setup OpenDNS on the wifi account he uses at home. So I think I have things pretty much locked down with the exception of installing from Unknown sources. And although he probably isn't computer savvy enough yet, at some point he will be.
So, with that said is there anyway I can build a rom that disables installing from Unknown Sources? Also, any other recommendations and tips from others are welcome.
Thanks.
He can get rid of everything you did if he could factory reset
seth.dean02 said:
He can get rid of everything you did if he could factory reset
Click to expand...
Click to collapse
Of course he could, but he's 8! He's probably not savvy enough to circumvent my efforts yet and when he is I'll change my approach.
pabdaddy1995 said:
Of course he could, but he's 8! He's probably not savvy enough to circumvent my efforts yet and when he is I'll change my approach.
Click to expand...
Click to collapse
Try one of the apps that allows you to lock apps. One is Applock and you may be able to lock down settings. That would prevent him from changing anything. You've probably thought of it already but some type of tracking app is a necessary safety measure for a child's phone. LOL, when he becomes a teenager you'll need the tracking for many more reasons.
Hi all,
I just ordered a Joying 5.1 HU. I've read there is no stock lockscreen option. I was wondering if anyone had a solution for password locking this HU or similar devices through a lockscreen/after reboot. I'd like to use my main google play account with it, but don't want to expose it to a potential thief who steals the unit. Is there any third party app that enables this? Do people usually use a secondary account instead, or is this just not a huge concern? Thanks!
Hello,
please excuse me if some of the following statements seem a bit strange or even offensive. But be assured: there's no offense meant! I've been using the P4 for some days now and I there are just a few things I really don't understand and I'd be thankful if someone could explain them to me. Some questions might sound silly, but please forgive me, I am not an expert, neither on Android, nor on the hardware!
1.
To be able to install LOS at all, the bootloader had to be unlocked. What about afterwards: could the BL be closed again, to get rid of that nasty message at startup, warning about data integrity?
2.
I really miss the notification LED from previous phones I used to own. The elders of the universe might know why Google decided not to include a simple and cheap LED in their latest models, but it is beyond me. I know that there's this feature called "always on display", showing the clock, the battery status and notifications about messages and stuff. But that feature surely uses more power than a simple LED. And the information on the screen doesn't seem to move, so I fear that this will damage the screen on the long run. So, my questions about this feature are:
a) Shouldn't the information on this screen at least be moved from time to time to prevent screen damage?
b) Shouldn't there be an option to show this information only when the device is not inside a pocket? Showing these notifications inside a pocket or a bag doesn't make much sense, does it?
3.
There's an option "tap to activate". That is a nice feature, but I'd very much prefer this to be "double tap to activate" (optional), because a double tap is much more unlikely to happen than a simple touch. It is nearly impossible to get the phone out of a car mount or a pocket without accidentally touching the screen, thus activating the phone. One might say that this is not a big deal, but I would say that this unnecessary activation will waste unnecessary battery power.
4.
Google play store forces me to install a lot of apps that are said to be of great importance and that I can neither deselect nor remove from my P4, and that I have never seen on my previous phones running LOS:
- carrier service
- device personalization service
- exchange service
- pixel ambient services
- accessibility tools
- (the app) google
Why am I told I need these apps on my LOS driven phone? Why can't I deselect them?
When I choose LOS to be the operating system on my phone for the first time, I did this because I wanted to avoid Google as much as possible. Most of all, I don't want Google to collect all my data, I don't want them to be able to autofill any credentials or other information, I don't want them to have access to my bank account via Google Pay. Frankly, those ideas scare me! The Play Store is the only GAPP I would like to have on my phone, in order to be able to buy other apps. But, for example: what is "carrier service" needed for? Of course I do have a vage idea about what it is needed for, but why wasn't I forced to install it on my previous phones? Why is it coming as a separate app now? Are the developers not allowed to include it in LOS any longer? Did Google change the rules (again)?
What about the other apps?
I simply don't understand the need for these apps to be forced onto phone that I would like to have de-googled. Is it some dependencies of the MindTheGapps package, that OpenGapps, which I used to install on previous phones, did not have?
If so, would the need for these apps vanish if I reinstalled LOS and use OpenGapps instead of MTG?
Thanks in advance for any hints, help and explaining!