Android Device Management
Android2.2 provides support for enterprise-class applications through the Android Device Management API. The Device Management API provides device management features at the system level. These APIs can be used in an enterprise environment that requires control of employee devices. For example, the built-in Android Mail app has new APIs to support Exchange. With mail apps, Exchange Administrators can implement a password policy that overrides different devices-including alphanumeric passwords or PIN codes. Administrators can also remotely erase lost or stolen phone data (Restore factory default settings). Exchange users can synchronize their mail and calendar data.
This document is provided to developers who want to develop enterprise-class solutions for Android devices. The documentation discusses the different features provided by the Device Management API to provide greater security for employees ' Android devices.
Device Management API Overview:
The following are examples of applications that might use the Device Management API:
1 mail client.
2 Perform a remote wipe of the security app.
3 Device Management Services and applications.
How does it work?
When you use these APIs to create a Device management app, users install it on their device. The device management application implements a required policy. Here's how it works:
1 The system administrator writes a device management application to implement a remote or local device security policy. These policies can be hard-coded into the app or taken remotely from a third-party server by an app.
2 Install the app on the user device. Currently Android does not have a way to automatically deliver apps that you can distribute to users via Google Play, other apps, or mail.
3 Once users have enabled device management applications, they must obey their policies. Compliance with these policies gives some typical benefits, such as access to sensitive systems and data.
If the user does not enable the device to manage the app, it remains on the device but is inactive. Users will not obey their policies, and they may not be able to gain any benefit from the app-for example, they might not be able to synchronize data.
If the user does not comply with this policy (for example, if the user sets a password that violates the criteria), the application decides what to do, and the typical behavior is to make the user unable to synchronize the data.
If the device tries to connect to a server, but the required policy is not supported, the connection will be disabled. The Device Management API currently does not support partial delivery. In other words, if a device policy is not fully supported, there is no way to allow the device to connect.
If a device contains multiple enabled device management applications, the most stringent policies will be enforced. There is no way to specify a specific management application.
Strategy:
In an enterprise environment, there are often employee devices that need to support a rigorous set of policies to control the use of devices. All policies supported by the Device Management API are listed in the following table. Note The Device Management API currently only supports the setting of the lock screen password:
Password Enable: Specifies that the device requires a PIN code or password.
Minimum Password Length: Sets the minimum character length required for the password. For example, you can require a PIN code or a password with a minimum of six characters.
alphanumeric Password: A combination of alphanumeric characters when a password is required. can protect symbols.
requires a complex password: the password must contain a minimum of one letter, one number and one special character.
minimum number of letters: the minimum amount of letters required in the password.
Minimum Password lowercase letters: The minimum number of lowercase letters required in the password.
Minimum non-alphabetic number of passwords: the minimum number of non-alphabetic characters required in the password.
Password Minimum number: The minimum number of digits in the password.
Password Minimum symbol number: The minimum number of symbols in the password.
Password Minimum Uppercase: The minimum number of uppercase letters in the password.
Password expiry time: When the password expires. is a millisecond-level variable that starts when the device sets the expiration time.
Password history restriction: The organization user uses a specific password for the first n times, often with the password expiration time.
Maximum password failures: Specifies that after several times the user enters the wrong password, the device clears its own data. The change API also allows the administrator to remotely reset the device to factory settings. This protects the data in case of loss or theft of the terminal.
Maximum inactivity lockout time: Set a time from the last time the user striking the screen or click on the button, if more than this, the user needs to re-enter the PIN or password before using the device or accessing the data. The value can be set to 1-60 minutes.
requires encrypted storage: if the device supports it, the specified storage area needs to be encrypted.
Disable Camera: Specifies that the camera should be banned. Note that this does not have to be permanent, the camera can be dynamically enabled and forbidden depending on context, time, etc.
Other Features:
In addition to the policies supported in the list above, the Device Management API has the following features:
1 prompts the user to set a new password.
2 Lock the device immediately.
3 Clear User data (Restore device to factory default state).
Android Training: Device Management