As some of you may know, Google FamilyLink (Android parental controls) is a bit of a pain when it comes to multiple users. The child account has to be the device's primary/owner account (so hand-me-downs can require factory resets) and you can only have one child account per device.
I was wondering if it's possible to multiboot (using TWRP or something else) and have 3+ OS copies:
A: Adult accounts
B: Child 1
C: Child 2
D: ...
etc.
Is this even doable, and if so, how would one go about doing it? How much extra space would it take partition-wise?
Alternatively, is there a better way to accomplish a functionally equivalent result? E.g. would rooting expose some functions that could allow multiple adult and child accounts in the same booted OS?
(I'm currently running LineageOS 16 [unrooted] on the Wifi-only model, if that matters.)
Thanks a lot for your help!
Edit:
Another possibility: is there some way to do this with "Enterprise Management" but with non-child accounts?
Related
Hello,
Our school district is looking into getting some Android Powered Tablets for us, the techs to use. We need to be able to lock them down (school policy and if the teachers eventually get them), from app installs to wifi usage. We have iPads restricted using the iPhone configuration tool.
anyways, I found online the Device_Admin code/api but I have no idea how to implement it or get it to work. In Android 2.2 there's the option under Settings/Location and Security to set the Admin but nothing is in there.
I have no idea how to code and neither does the other guy I'm working with on this. Is there an easy way to get this setup and configured so we can manage Android Devices on our Network?
Any help would be appreciated. Thanks.
Do you mean this API: http://developer.android.com/guide/topics/admin/device-admin.html ?
As far as I understand it allows to manage password strength, lock timeout, immediate lock and device wipe only. So no restrictions for "app installs, wifi usage" etc. Maybe I'm wrong.
IF that's all it does then maybe that's not what we want.
Is there software/API..etc... that we can use to "lock" the devices down?
Interesting question, could you specify exactly all features you need?
We're thinking to develop some kind of parent control app for Android, so your request for app is looking very similar.
Correct me if i'm wrong, but isn't locking down an android device pretty much impossible?
You can lock down the ROM (probably) but that wont stop someone flashing a custom recovery image, backing up the data, then flashing a new ROM (provided the tablet can be rooted).
To fully lock it down wouldn't you have to lock the bootloader and recovery image so that they need a password to be used? I'm not sure that's possible.
We're not so much looking to completely lock down the device. Honestly if the Teachers get these I doubt they'll try and mod the Bootloader or load ROM's. But we are looking to, if the teachers get them and even other techs get them to use we want to lock them down in a way that prevents them from install unapproved apps, restrict purchasing apps and accessing Wifi/Marker.
We have 10 or so iPads in our district, they are locked down by a policy we push to the pad when WE set them up. It restricts the App Store, removes Safari Browser and doesn't allow app install. It also uses our LightSpeed browser settings so that they can't get to "naughty" or other such sites.
After quick research it seems that you need custom ROM or at least rooted phone where standard browser, market etc are removed and some configuration parameters are hard coded. Also keep in mind that there's no lightspeed guide browser app for android, only for ipad, iphone. I would say there's a lot of work.
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
AccEss-dEniEd said:
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Click to expand...
Click to collapse
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Assuming you have Exchange, does this not provide the management part?
AccEss-dEniEd said:
Hello Guys,
before I start: My apologies for this, I am not quite sure if I am even in the right Topic.
I think of myself as pretty new to Android, but got some experiences in Rooting, Custom Roms and such. But that is already as far as it gets.
Now my Problem: We lost our BES and now my Company decided to go with Android (SG4 I9505) and I have to make it happen :angel:.
1. I Need some Kind of Freeware tool to administer Android Devices (Basic: find device, delete data, restrict Apps)
2. If something like this dont exist (which I dont think-I just havent found it)), I would Need to know if I can use CM 10.2 as our Standard Rom and before you start rolling your eyes with experimental and such....
I have to restrict the phone solely to Telefone, Exchange and some preselected (mostly travel)Tools. NO GAPPS!!! and I think that nightly CM provides this with no problems
To realize this I downloaded the nightly from 18th, I think. I then added some APK´s into \System\app Folder and installed the ROM. This actually worked fine until I updated to phone afterwards via build in updating tool - all Tools were gone.(what did I miss?)
Now, our Standard is SG4 I-9505.
Any ideas on how I could do this? (I couldnt find what I was looking for)
1. Adminster a fleet of androids (free)
2. Customize a Custom ROM for corporate Identity (How to pre-setup Exchange Boot Logo, Lockscreen, etc.)
3. or customize a ROM to the Point it cannot do much except what is in the \System\app Folder and turn off updates
Any link is much appreciated. Sadly there is sooooo much andoid articles out there that I seem to get lost while searching for the right one. Thanks in advance!!!!
Click to expand...
Click to collapse
I currently work in the infrastructure of a good sized corporation. We're using IOS with a mixture of android hardware and there's some good news and bad news for what you want to do.
Good news is, like Jpcurrie said, exchange will handle remote wiping and locking the phone down. you can require the phone to use a PIN, remote wipe and and a bit more. As for locating the phone, Google actually has finally built in remote locating of your device and remote wipe as well. There's a couple good apps out there (lookout) will turn on your GPS and allow you to locate the phone and they're free. If you happen to have a virtualized environment with VMware, you could also use VMware View Horizons which builds in a secure sector on the phone and you can remotely manage which apps and files the user can use. the best part of View is you can use a BYOD model and keep corporate data secure. The biggest issue is if you don't happen to already use a VMware architecture it gets pricey quickly.
Here's the rub now. you want to install your own logos on the bootup which you could do by installing a custom ROM. This will void your warranty on the hardware and as it isn't 100% stable you'll be spending a LOT of time trying to keep a consistent environment.
Like netsyd said, talk to management about an MDM, and the branding of the devices, maybe even talk to them about using a BYOD to reduce costs of hardware and administration of that hardware.
Isn´t Knox supposed to allow administrators to only delete the data that belongs to the Corporate account (emails, calendars, tasks, etc.), or an administrator can still force a full device wipe? Sorry if the questions is too basic, I've tried searching around for info on Knox but couldn't find anything besides press releases.
I'm not a network administrator, I'm just a user and my school secure wifi installs a device administrator.
I'm sorry to deviate the topic a little bit from the original.
At Delta we use Air Watch but it's far from free. You can however manage devices and remote wipe. You can also view installed apps and remove what should not be there. Options for device profiles also. I help maintain these devices everyday. Not Free but an MDM is your best bet.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
long time - no see
Hiya,
sorry I didn t answer - kinda was overwhelmed with this Task.
Wanted still to thank you: I did what you suggestet and wanted to let you know where I am now.
1. Meraki = implemented - now runnning 160+ devices. (at no costs)
2. CM12.1 implemented (without GAPPS/no SU)
3. Standard Image/w Apps defined. (Mostly Offline capable Tools like "here" etc.(which actually reduced costs))
4. Since Android has limited capability to be administered in a "real" professional Fashion we mitigated this issue by creating a policy to forbid the user to temper with the device (e.g. Installation of Software/SU etc) yet to allow the Installation of Software manually by us via creating a ticket. We check the Software mainly for "sanity" and malware and install it if ok.
This has been working so far like a charm for us. None of the user were happy to loose the Gapps obviously - but once they had their Software and settled in, all was ok. For the Administering part: Meraki can tell me if Software is beeing installed without our Knowledge, also we see if SM doesnt speak with us anymore. So, for now, we got the most out of the System and I am happy to say: I got minimal Control in a Quality sense. No no more "KO Critera" - and we have implemented Android. Tracking etc. is forbidden in Germany anyway - so we use Meraki mainly to wipe if lost and to check if someone goes against policy.
What is still open:
- I am still working on a way to have the user enter his credentials and automatically enter These in all respective config files. (haven't had much luck - with the absense of SU obviously.
- a Little cosmetics still open (I am still trying to figure out how the theming really works ... I usually f**k up the Pictures and sounds.... but so far making Progress
- with less and less good Android devices coming out (now, I am probably beeing flamed now ) that suits our needs (open bootloader, known/supported CPUs, removable battery, SD Card Slot) - I think we might Switch by Q4/2016.
netsyd said:
My guess is I'll get flamed for saying this - but here goes.
Android corporate (MDM) leaves a lot to be desired next to iOS, at least as far as I've been able to find. We manage a lot of iPads and obviously minus the custom ROM we've been able to do it all for little to no cost. We've shied away from Android a lot because of the limited MDM control.
But, since you asked:
1. Meraki Systems Manager (and the accompanying app from Google Play)
2. Good luck with that
3. See number 2
I think the reality is you're going to need to do something to the effect of either cook your own ROM and deploy it or use a tool like CWM to create an "image" that you would then restore to the devices. I did that with a batch of 60+ Nexus 7s and it worked out pretty well.
Edit:
With all that said - I would urge your management to reconsider their approach as the world has changed since Blackberry was the only game in town. Yes, still stick with MDM, device location, remote wipe etc. But unless you're dealing with highly sensitive information (exp banking), let people actually USE the device you're giving them. Don't lock it down to where its basically a first generation iPhone. I'm a big fan of giving someone a good tool and letting them use it the way that works best for them, while still keeping the device and more importantly the data under corporate control.
Click to expand...
Click to collapse
Hello,
I currently work for a market research company using Nexus 7 tablets to conduct surveys and questionnaires. We have a DP team which develop the apps for surveys which we put out on Google Play or can add manually. We currently have over 60 Nexus 7 tablets (2012 model) running Android 4.4.2. The current workaround securing the tablet is using Go Launcher, App Lock and WiFi Manager using a restricted account with Encryption on each device. This set up fine... however the two accounts setup is a hassle for the end users who are not technically proficient or use tablets or smartphones on a daily basis, so we need to down it one account. Also secondly, when we have new surveys and push them out, it does download to the main admin account of the tablet, but the hassle of, making it active for the restricted account is what the issue is because giving the end user access the main account defeats the whole purpose of what we are trying to do.
So I have managed to get hold of 2 tablets for testing, unlocked and rooted them both using the handy Nexus Root Toolkit. On one device, I created a main account, with Nova Launcher (instead of go launcher), App Lock and WiFi Manager. I have not put any encryption yet that will come after. I then created a nandroid backup of the tablet in which I restored it to the other device. The restore was perfect and at this point I thought that it's managed what we needed to do. However, on the two devices, we have two separate Google accounts, we have done this to spread out the devices across different accounts due to the amount of tablets we have. Upon pushing out an app to one device from Google Play, it would for some strange reason try to download on the other device and throw up an error message saying "could not download", even though the tablets have two separate google play accounts.
I made another nandroid back up, but this time without any google play/account information stored on the tablet but this to no avail did help. I even tried changing the device ID from Titanium Backup on both devices and still did not work and Google Play seems to think both devices are the same.
So my question is, what do I need to do in order to remove any Google Play info from the devices so google play doesn't recognize them both as the same device.
Everything else works perfectly fine so far and still are testing this out.
Thank you in advance
Irfan
Any one got a solution for this?
At my job, I have been tasked with finding a cheap way to replace some paper forms with a digital equivalent. I have a Fire HD 10 7th gen, and since they inexpensive, they seemed like a good fit to accomplish this. I'm in the final stages of this prototype - if all goes well we would order a bunch to distribute to employees.
Using tutorials and guides from this forum (thanks!), I have rooted the tablet and stripped out the amazon bloatware, replaced the launcher, and now have a fairly bare bones tablet. Basically we only need email, calendar and something to open spreadsheets.
I am now trying to figure out a way to set up multiple users on each tablet. Amazon replaced the native user accounts with their own version for 'households'. You can have two 'adult' profiles and 4 'child' profiles and must be linked to an amazon account. The adult accounts function exactly like regular android user profiles, so the underlying features are there, I just need to remove the two adult limit, and be able to add them without having to set up an amazon account.
What I have tried:
1. Adding profiles while offline, still get prompted to log into amazon.
2. Tried to edit the build.prop file and included these lines
fw.max_users=3
fw.show_multiuserui=1
This did not seem to have an effect
3. Via an adb shell, I tried
adb shell pm create-user TEST
This produces the error:
Error: Unable to perform this action on production builds
4. I thought this might be a root issue, so I installed adb insecure. The command above still failed.
Is there anything else I should try? Is it possible to restore the original user manager from stock android? Is there a 3rd party user manager that I could use? More drastically, can change the build from production to something else, so that the create-user instruction is available? Obviously, the amazon user manager is able to trigger the creation of a new profile, so it must be using some other mechanism to accomplish the same thing.
Any help would be greatly appreciated!
You must be modify the framwork-res.apk
E.g., I want them to be able to use Disney+, and I want to be able to install new apps from Google Play, but I don't want THEM to install new apps or use a web browser.
All my kids are under 10 years old. They can figure out basic settings, usually. I can just hide certain apps but they tend to find them while messing around.
Google allows you to create child accounts, which can be controlled by parent accounts. However, it doesn't seem possible to sign into a child account on a Fire (I seem to recall that this has always been a limitation).
Amazon provides some sort of kid account mode but it doesn't work with Google stuff.
I can just not give them the Wi-Fi password, but that's the nuclear option.
I might be able to install LineageOS and do something with that, but I'd prefer not to go to so much trouble. Using the Fire Toolbox is much less time-consuming.
My best bet at the moment seems to be NetGuard, which can disallow certain apps from accessing the internet. It seems to work pretty well, but there's no way to password guard it, so they'd probably eventually disable it by accident or while trying things out.
Any methods I haven't thought of?
Sadly the only way you could do this is install lineage os
MiskerHotck said:
E.g., I want them to be able to use Disney+, and I want to be able to install new apps from Google Play, but I don't want THEM to install new apps or use a web browser.
All my kids are under 10 years old. They can figure out basic settings, usually. I can just hide certain apps but they tend to find them while messing around.
Google allows you to create child accounts, which can be controlled by parent accounts. However, it doesn't seem possible to sign into a child account on a Fire (I seem to recall that this has always been a limitation).
Amazon provides some sort of kid account mode but it doesn't work with Google stuff.
I can just not give them the Wi-Fi password, but that's the nuclear option.
I might be able to install LineageOS and do something with that, but I'd prefer not to go to so much trouble. Using the Fire Toolbox is much less time-consuming.
My best bet at the moment seems to be NetGuard, which can disallow certain apps from accessing the internet. It seems to work pretty well, but there's no way to password guard it, so they'd probably eventually disable it by accident or while trying things out.
Any methods I haven't thought of?
Click to expand...
Click to collapse
What fire os version are you on? If you're below 6.3.x.x you don't have to open the device up