Android APIs
public class

DeviceAdminReceiver

extends BroadcastReceiver
java.lang.Object
   ↳ android.content.BroadcastReceiver
     ↳ android.app.admin.DeviceAdminReceiver

Class Overview

Base class for implementing a device administration component. This class provides a convenience for interpreting the raw intent actions that are sent by the system.

The callback methods, like the base BroadcastReceiver.onReceive() method, happen on the main thread of the process. Thus long running operations must be done on another thread. Note that because a receiver is done once returning from its receive function, such long-running operations should probably be done in a Service.

When publishing your DeviceAdmin subclass as a receiver, it must handle ACTION_DEVICE_ADMIN_ENABLED and require the BIND_DEVICE_ADMIN permission. A typical manifest entry would look like:

<receiver android:name=".app.DeviceAdminSample$DeviceAdminSampleReceiver"
        android:label="@string/sample_device_admin"
        android:description="@string/sample_device_admin_description"
        android:permission="android.permission.BIND_DEVICE_ADMIN">
    <meta-data android:name="android.app.device_admin"
               android:resource="@xml/device_admin_sample" />
    <intent-filter>
        <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
    </intent-filter>
</receiver>

The meta-data referenced here provides addition information specific to the device administrator, as parsed by the DeviceAdminInfo class. A typical file would be:

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
    <uses-policies>
        <limit-password />
        <watch-login />
        <reset-password />
        <force-lock />
        <wipe-data />
        <expire-password />
        <encrypted-storage />
        <disable-camera />
        <disable-keyguard-features />
    </uses-policies>
</device-admin>

Developer Guides

For more information about device administration, read the Device Administration developer guide.

Summary

Constants
String ACTION_DEVICE_ADMIN_DISABLED Action sent to a device administrator when the user has disabled it.
String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED Action sent to a device administrator when the user has requested to disable it, but before this has actually been done.
String ACTION_DEVICE_ADMIN_ENABLED This is the primary action that a device administrator must implement to be allowed to manage a device.
String ACTION_PASSWORD_CHANGED Action sent to a device administrator when the user has changed the password of their device.
String ACTION_PASSWORD_EXPIRING Action periodically sent to a device administrator when the device password is expiring.
String ACTION_PASSWORD_FAILED Action sent to a device administrator when the user has failed at attempted to enter the password.
String ACTION_PASSWORD_SUCCEEDED Action sent to a device administrator when the user has successfully entered their password, after failing one or more times.
String ACTION_PROFILE_PROVISIONING_COMPLETE Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully.
String DEVICE_ADMIN_META_DATA Name under which a DevicePolicy component publishes information about itself.
String EXTRA_DISABLE_WARNING A CharSequence that can be shown to the user informing them of the impact of disabling your admin.
Public Constructors
DeviceAdminReceiver()
Public Methods
DevicePolicyManager getManager(Context context)
Retrieve the DevicePolicyManager interface for this administrator to work with the system.
ComponentName getWho(Context context)
Retrieve the ComponentName describing who this device administrator is, for use in DevicePolicyManager APIs that require the administrator to identify itself.
CharSequence onDisableRequested(Context context, Intent intent)
Called when the user has asked to disable the administrator, as a result of receiving ACTION_DEVICE_ADMIN_DISABLE_REQUESTED, giving you a chance to present a warning message to them.
void onDisabled(Context context, Intent intent)
Called prior to the administrator being disabled, as a result of receiving ACTION_DEVICE_ADMIN_DISABLED.
void onEnabled(Context context, Intent intent)
Called after the administrator is first enabled, as a result of receiving ACTION_DEVICE_ADMIN_ENABLED.
void onPasswordChanged(Context context, Intent intent)
Called after the user has changed their password, as a result of receiving ACTION_PASSWORD_CHANGED.
void onPasswordExpiring(Context context, Intent intent)
Called periodically when the password is about to expire or has expired.
void onPasswordFailed(Context context, Intent intent)
Called after the user has failed at entering their current password, as a result of receiving ACTION_PASSWORD_FAILED.
void onPasswordSucceeded(Context context, Intent intent)
Called after the user has succeeded at entering their current password, as a result of receiving ACTION_PASSWORD_SUCCEEDED.
void onProfileProvisioningComplete(Context context, Intent intent)
Called when provisioning of a managed profile or managed device has completed successfully.
void onReceive(Context context, Intent intent)
Intercept standard device administrator broadcasts.
[Expand]
Inherited Methods
From class android.content.BroadcastReceiver
From class java.lang.Object

Constants

public static final String ACTION_DEVICE_ADMIN_DISABLED

Added in API level 8

Action sent to a device administrator when the user has disabled it. Upon return, the application no longer has access to the protected device policy manager APIs. You will generally handle this in onDisabled(Context, Intent). Note that this action will be sent the receiver regardless of whether it is explicitly listed in its intent filter.

Constant Value: "android.app.action.DEVICE_ADMIN_DISABLED"

public static final String ACTION_DEVICE_ADMIN_DISABLE_REQUESTED

Added in API level 8

Action sent to a device administrator when the user has requested to disable it, but before this has actually been done. This gives you a chance to supply a message to the user about the impact of disabling your admin, by setting the extra field EXTRA_DISABLE_WARNING in the result Intent. If not set, no warning will be displayed. If set, the given text will be shown to the user before they disable your admin.

Constant Value: "android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"

public static final String ACTION_DEVICE_ADMIN_ENABLED

Added in API level 8

This is the primary action that a device administrator must implement to be allowed to manage a device. This will be set to the receiver when the user enables it for administration. You will generally handle this in onEnabled(Context, Intent). To be supported, the receiver must also require the BIND_DEVICE_ADMIN permission so that other applications can not abuse it.

Constant Value: "android.app.action.DEVICE_ADMIN_ENABLED"

public static final String ACTION_PASSWORD_CHANGED

Added in API level 8

Action sent to a device administrator when the user has changed the password of their device. You can at this point check the characteristics of the new password with DevicePolicyManager.isActivePasswordSufficient(). You will generally handle this in onPasswordChanged(Context, Intent).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to receive this broadcast.

Constant Value: "android.app.action.ACTION_PASSWORD_CHANGED"

public static final String ACTION_PASSWORD_EXPIRING

Added in API level 11

Action periodically sent to a device administrator when the device password is expiring.

The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD to receive this broadcast.

Constant Value: "android.app.action.ACTION_PASSWORD_EXPIRING"

public static final String ACTION_PASSWORD_FAILED

Added in API level 8

Action sent to a device administrator when the user has failed at attempted to enter the password. You can at this point check the number of failed password attempts there have been with DevicePolicyManager.getCurrentFailedPasswordAttempts(). You will generally handle this in onPasswordFailed(Context, Intent).

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to receive this broadcast.

Constant Value: "android.app.action.ACTION_PASSWORD_FAILED"

public static final String ACTION_PASSWORD_SUCCEEDED

Added in API level 8

Action sent to a device administrator when the user has successfully entered their password, after failing one or more times.

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to receive this broadcast.

Constant Value: "android.app.action.ACTION_PASSWORD_SUCCEEDED"

public static final String ACTION_PROFILE_PROVISIONING_COMPLETE

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile or managed device has completed successfully.

The broadcast is limited to the profile that will be managed by the application that requested provisioning. In the device owner case the profile is the primary user. The broadcast will also be limited to the DeviceAdminReceiver component specified in the original intent or NFC bump that started the provisioning process (@see DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE).

Input: Nothing.

Output: Nothing

Constant Value: "android.app.action.ACTION_PROFILE_PROVISIONING_COMPLETE"

public static final String DEVICE_ADMIN_META_DATA

Added in API level 8

Name under which a DevicePolicy component publishes information about itself. This meta-data must reference an XML resource containing a device-admin tag. XXX TO DO: describe syntax.

Constant Value: "android.app.device_admin"

public static final String EXTRA_DISABLE_WARNING

Added in API level 8

A CharSequence that can be shown to the user informing them of the impact of disabling your admin.

See Also
Constant Value: "android.app.extra.DISABLE_WARNING"

Public Constructors

public DeviceAdminReceiver ()

Added in API level 8

Public Methods

public DevicePolicyManager getManager (Context context)

Added in API level 8

Retrieve the DevicePolicyManager interface for this administrator to work with the system.

public ComponentName getWho (Context context)

Added in API level 8

Retrieve the ComponentName describing who this device administrator is, for use in DevicePolicyManager APIs that require the administrator to identify itself.

public CharSequence onDisableRequested (Context context, Intent intent)

Added in API level 8

Called when the user has asked to disable the administrator, as a result of receiving ACTION_DEVICE_ADMIN_DISABLE_REQUESTED, giving you a chance to present a warning message to them. The message is returned as the result; if null is returned (the default implementation), no message will be displayed.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).
Returns
  • Return the warning message to display to the user before being disabled; if null is returned, no message is displayed.

public void onDisabled (Context context, Intent intent)

Added in API level 8

Called prior to the administrator being disabled, as a result of receiving ACTION_DEVICE_ADMIN_DISABLED. Upon return, you can no longer use the protected parts of the DevicePolicyManager API.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onEnabled (Context context, Intent intent)

Added in API level 8

Called after the administrator is first enabled, as a result of receiving ACTION_DEVICE_ADMIN_ENABLED. At this point you can use DevicePolicyManager to set your desired policies.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onPasswordChanged (Context context, Intent intent)

Added in API level 8

Called after the user has changed their password, as a result of receiving ACTION_PASSWORD_CHANGED. At this point you can use DevicePolicyManager.getCurrentFailedPasswordAttempts() to retrieve the active password characteristics.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onPasswordExpiring (Context context, Intent intent)

Added in API level 11

Called periodically when the password is about to expire or has expired. It will typically be called at these times: on device boot, once per day before the password expires, and at the time when the password expires.

If the password is not updated by the user, this method will continue to be called once per day until the password is changed or the device admin disables password expiration.

The admin will typically post a notification requesting the user to change their password in response to this call. The actual password expiration time can be obtained by calling getPasswordExpiration(ComponentName)

The admin should be sure to take down any notifications it posted in response to this call when it receives onPasswordChanged(Context, Intent).

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onPasswordFailed (Context context, Intent intent)

Added in API level 8

Called after the user has failed at entering their current password, as a result of receiving ACTION_PASSWORD_FAILED. At this point you can use DevicePolicyManager to retrieve the number of failed password attempts.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onPasswordSucceeded (Context context, Intent intent)

Added in API level 8

Called after the user has succeeded at entering their current password, as a result of receiving ACTION_PASSWORD_SUCCEEDED. This will only be received the first time they succeed after having previously failed.

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onProfileProvisioningComplete (Context context, Intent intent)

Called when provisioning of a managed profile or managed device has completed successfully.

As a prerequisit for the execution of this callback the (@link DeviceAdminReceiver} has to declare an intent filter for ACTION_PROFILE_PROVISIONING_COMPLETE. Its component must also be specified in the EXTRA_DEVICE_ADMIN of the ACTION_PROVISION_MANAGED_PROFILE intent that started the managed provisioning.

When provisioning is complete, the managed profile is hidden until the profile owner calls {DevicePolicyManager#setProfileEnabled(ComponentName admin)}. Typically a profile owner will enable the profile when it has finished any additional setup such as adding an account by using the AccountManager and calling apis to bring the profile into the desired state.

Note that provisioning completes without waiting for any server interactions, so the profile owner needs to wait for data to be available if required (e.g android device ids or other data that is set as a result of server interactions).

Parameters
context The running context as per onReceive(Context, Intent).
intent The received intent as per onReceive(Context, Intent).

public void onReceive (Context context, Intent intent)

Added in API level 8

Intercept standard device administrator broadcasts. Implementations should not override this method; it is better to implement the convenience callbacks for each action.

Parameters
context The Context in which the receiver is running.
intent The Intent being received.