I'm trying to know how Device Administrator and Profile Owner works. I followed some examples from google website, but I still do not quite know how profile owner works.
To test this, I've built a sample app which will ask the user to accept the Profile Owner and then will install a certificate without user interaction.
For the request of the profile owner I did this on my activity:
Intent intent = new Intent(ACTION_PROVISION_MANAGED_PROFILE);
intent.putExtra(EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, getApplicationContext().getPackageName());
startActivityForResult(intent, REQUEST_PROVISION_MANAGED_PROFILE);
On my receiver I have something like this:
@Override
public void onProfileProvisioningComplete(Context context, Intent intent) {
// Enable the profile
DevicePolicyManager manager =
(DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName componentName = getComponentName(context);
manager.setProfileName(componentName, context.getString(R.string.profile_name));
// If I do not do this, the application will not enter in profile mode, and I don't know why
Intent launch = new Intent(context, MainActivity.class);
launch.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
context.startActivity(launch);
}
In here I don't know why I need to restart application so I can enter in profile owner mode. Although, when I get the profile owner working and I close the app and start it again I will not resume the profile owner mode.
I'm checking if the profile owner mode is active by doing something like this on application OnCreate() method:
if (!mDeviceController.isProfileActive()) {
Log.i("DeviceAdminSample", "Profile is disabled!!!!!");
}
Why is profile owner disabled when I restart the application? Is there any way to avoid a user enabling the profile owner mode every single time he opens the application?
Additionally, If I install a certificate with this mechanism, other apps can still use this certificate, or the certificate will only work for the created profile?
It looks like you are missing:
manager.setProfileEnabled(componentName);
I recommend looking a little closer at some of the examples below. I'm not sure what isProfileActive() does. I would use:
manager.isProfileOwnerApp(getApplicationContext().getPackage())
When you create a managed profile, the managed profile's apps and data are separate from the user's apps/data that created the managed profile (in most cases, personal versus work). If you open your app from the original user's context, it will try to set up a work profile again. To see your app as the profile owner, you need to open it in your managed profile's context (your app will be "badge", have a little briefcase on it). Additionally, data like your certificates will be restricted to your managed profile.
A good initial example to follow: https://github.com/googlesamples/android-BasicManagedProfile
A much more complex, but more complete example. It can be configured as a device owner or profile owner: https://github.com/googlesamples/android-testdpc