Device Administration

With the increased proliferation of mobile devices in the workplace, Android 2.2 introduced the Device Administration API that lets users and IT professionals manage devices that access enterprise data. Using this API, IT professionals can impose system level security policies on devices such as remote wipe, password enablement, and password specifics. Android 3.0 and Android 4.0 further enhanced this API with polices for password expiration, password restrictions, device encryption requirement, and to disable the camera. If you have an email client and you use it to access company email on your Android phone, you are most probably using the Device Administration API.

The Device Administration API works by enforcing security policies. The DevicePolicyManager lists out all the policies that a Device Administrator can enforce on the device.

A Device Administrator writes an application that users install on their device. Once installed, users need to activate the policy in order to enforce the security policy on the device. If the user does not install the app, the security policy does not apply but the user cannot access any of the features provided by the app. If there are multiple Device Administration applications on the device, the strictest policy prevails. If the user uninstalls the app, the policy is deactivated. The application may decide to reset the phone to factory settings or delete data based on the permissions it has as it uninstalls.

We will discuss Device Administration in greater detail in Chapter 8, Android in the Enterprise.