Skip to content

Most visited

Recently visited

navigation

DevicePolicyManager

public class DevicePolicyManager
extends Object

java.lang.Object
   ↳ android.app.admin.DevicePolicyManager


Public interface for managing policies enforced on a device. Most clients of this class must be registered with the system as a device administrator. Additionally, a device administrator may be registered as either a profile or device owner. A given method is accessible to all device administrators unless the documentation for that method specifies that it is restricted to either device or profile owners. Any application calling an api may only pass as an argument a device administrator component it owns. Otherwise, a SecurityException will be thrown.

Developer Guides

For more information about managing policies for device administration, read the Device Administration developer guide.

Summary

Constants

String ACTION_ADD_DEVICE_ADMIN

Activity action: ask the user to add a new device administrator to the system.

String ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

Broadcast Action: Sent after application delegation scopes are changed.

String ACTION_DEVICE_ADMIN_SERVICE

Service action: Action for a service that device owner and profile owner can optionally own.

String ACTION_DEVICE_OWNER_CHANGED

Broadcast action: sent when the device owner is set, changed or cleared.

String ACTION_MANAGED_PROFILE_PROVISIONED

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

String ACTION_PROVISIONING_SUCCESSFUL

Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully.

String ACTION_PROVISION_MANAGED_DEVICE

Activity action: Starts the provisioning flow which sets up a managed device.

String ACTION_PROVISION_MANAGED_PROFILE

Activity action: Starts the provisioning flow which sets up a managed profile.

String ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

Activity action: have the user enter a new password for the parent profile.

String ACTION_SET_NEW_PASSWORD

Activity action: have the user enter a new password.

String ACTION_START_ENCRYPTION

Activity action: begin the process of encrypting data on the device.

String ACTION_SYSTEM_UPDATE_POLICY_CHANGED

Broadcast action: notify that a new local system update policy has been set by the device owner.

String DELEGATION_APP_RESTRICTIONS

Delegation of application restrictions management.

String DELEGATION_BLOCK_UNINSTALL

Delegation of application uninstall block.

String DELEGATION_CERT_INSTALL

Delegation of certificate installation and management.

String DELEGATION_ENABLE_SYSTEM_APP

Delegation for enabling system apps.

String DELEGATION_PACKAGE_ACCESS

Delegation of package access state.

String DELEGATION_PERMISSION_GRANT

Delegation of permission policy and permission grant state.

int ENCRYPTION_STATUS_ACTIVATING

Result code for getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated.

int ENCRYPTION_STATUS_ACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.

int ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

Result code for getStorageEncryptionStatus(): indicating that encryption is active, but an encryption key has not been set by the user.

int ENCRYPTION_STATUS_ACTIVE_PER_USER

Result code for getStorageEncryptionStatus(): indicating that encryption is active and the encryption key is tied to the user or profile.

int ENCRYPTION_STATUS_INACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.

int ENCRYPTION_STATUS_UNSUPPORTED

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.

String EXTRA_ADD_EXPLANATION

An optional CharSequence providing additional explanation for why the admin is being added.

String EXTRA_DELEGATION_SCOPES

An ArrayList<String> corresponding to the delegation scopes given to an app in the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED broadcast.

String EXTRA_DEVICE_ADMIN

The ComponentName of the administrator component.

String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

An Account extra holding the account to migrate during managed profile provisioning.

String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

A Parcelable extra of type PersistableBundle that allows a mobile device management application or NFC programmer application which starts managed provisioning to pass data to the management application instance after provisioning.

String EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

A ComponentName extra indicating the device admin receiver of the mobile device management application that will be set as the profile owner or device owner and active admin.

String EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

An int extra holding a minimum required version code for the device admin package.

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 or SHA-1 hash (see notes below) of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

A String extra holding a url that specifies the download location of the device admin package.

String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

This constant was deprecated in API level 23. Use EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME. This extra is still supported, but only if there is only one device admin receiver in the package that requires the permission BIND_DEVICE_ADMIN.

String EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

String EXTRA_PROVISIONING_DISCLAIMERS

A Bundle[] extra consisting of list of disclaimer headers and disclaimer contents.

String EXTRA_PROVISIONING_DISCLAIMER_CONTENT

A Uri extra pointing to disclaimer content.

String EXTRA_PROVISIONING_DISCLAIMER_HEADER

A String extra of localized disclaimer header.

String EXTRA_PROVISIONING_EMAIL_ADDRESS

This constant was deprecated in API level O. From O, never used while provisioning the device.

String EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

Boolean extra to indicate that the migrated account should be kept.

String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

String EXTRA_PROVISIONING_LOCALE

A String extra holding the Locale that the device will be set to.

String EXTRA_PROVISIONING_LOCAL_TIME

A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.

String EXTRA_PROVISIONING_LOGO_URI

A Uri extra pointing to a logo image.

String EXTRA_PROVISIONING_MAIN_COLOR

A integer extra indicating the predominant color to show during the provisioning.

String EXTRA_PROVISIONING_SKIP_ENCRYPTION

A boolean extra indicating whether device encryption can be skipped as part of device owner or managed profile provisioning.

String EXTRA_PROVISIONING_SKIP_USER_CONSENT

A boolean extra indicating if the user consent steps from the provisioning flow should be skipped.

String EXTRA_PROVISIONING_TIME_ZONE

A String extra holding the time zone AlarmManager that the device will be set to.

String EXTRA_PROVISIONING_WIFI_HIDDEN

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

String EXTRA_PROVISIONING_WIFI_PAC_URL

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

String EXTRA_PROVISIONING_WIFI_PASSWORD

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

String EXTRA_PROVISIONING_WIFI_PROXY_HOST

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

String EXTRA_PROVISIONING_WIFI_PROXY_PORT

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA or WEP.

String EXTRA_PROVISIONING_WIFI_SSID

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

int FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

Flag for lockNow(int): also evict the user's credential encryption key from the keyring.

int FLAG_MANAGED_CAN_ACCESS_PARENT

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile.

int FLAG_PARENT_CAN_ACCESS_MANAGED

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile.

int KEYGUARD_DISABLE_FEATURES_ALL

Disable all current and future keyguard customizations.

int KEYGUARD_DISABLE_FEATURES_NONE

Widgets are enabled in keyguard

int KEYGUARD_DISABLE_FINGERPRINT

Disable fingerprint sensor on keyguard secure screens (e.g.

int KEYGUARD_DISABLE_REMOTE_INPUT

Disable text entry into notifications on secure keyguard screens (e.g.

int KEYGUARD_DISABLE_SECURE_CAMERA

Disable the camera on secure keyguard screens (e.g.

int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

Disable showing all notifications on secure keyguard screens (e.g.

int KEYGUARD_DISABLE_TRUST_AGENTS

Ignore trust agent state on secure keyguard screens (e.g.

int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

Only allow redacted notifications on secure keyguard screens (e.g.

int KEYGUARD_DISABLE_WIDGETS_ALL

Disable all keyguard widgets.

String MIME_TYPE_PROVISIONING_NFC

This MIME type is used for starting the device owner provisioning.

int PASSWORD_QUALITY_ALPHABETIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters.

int PASSWORD_QUALITY_ALPHANUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters.

int PASSWORD_QUALITY_BIOMETRIC_WEAK

Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology.

int PASSWORD_QUALITY_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default.

int PASSWORD_QUALITY_NUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters.

int PASSWORD_QUALITY_NUMERIC_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences.

int PASSWORD_QUALITY_SOMETHING

Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password or pattern, but doesn't care what it is.

int PASSWORD_QUALITY_UNSPECIFIED

Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password.

int PERMISSION_GRANT_STATE_DEFAULT

Runtime permission state: The user can manage the permission through the UI.

int PERMISSION_GRANT_STATE_DENIED

Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

int PERMISSION_GRANT_STATE_GRANTED

Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

int PERMISSION_POLICY_AUTO_DENY

Permission policy to always deny new permission requests for runtime permissions.

int PERMISSION_POLICY_AUTO_GRANT

Permission policy to always grant new permission requests for runtime permissions.

int PERMISSION_POLICY_PROMPT

Permission policy to prompt user for new permission requests for runtime permissions.

String POLICY_DISABLE_CAMERA

Constant to indicate the feature of disabling the camera.

String POLICY_DISABLE_SCREEN_CAPTURE

Constant to indicate the feature of disabling screen captures.

int RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

Flag for resetPassword(String, int): don't ask for user credentials on device boot.

int RESET_PASSWORD_REQUIRE_ENTRY

Flag for resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.

int SKIP_SETUP_WIZARD

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to skip setup wizard after creating a new user.

int WIPE_EXTERNAL_STORAGE

Flag for wipeData(int): also erase the device's external storage (such as SD cards).

int WIPE_RESET_PROTECTION_DATA

Flag for wipeData(int): also erase the factory reset protection data.

Public methods

void addCrossProfileIntentFilter(ComponentName admin, IntentFilter filter, int flags)

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa.

boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName)

Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile.

void addPersistentPreferredActivity(ComponentName admin, IntentFilter filter, ComponentName activity)

Called by a profile owner or device owner to add a default intent handler activity for intents that match a certain intent filter.

void addUserRestriction(ComponentName admin, String key)

Called by a profile or device owner to set a user restriction specified by the key.

boolean bindDeviceAdminServiceAsUser(ComponentName admin, Intent serviceIntent, ServiceConnection conn, int flags, UserHandle targetUser)

Called by a device owner to bind to a service from a profile owner or vice versa.

void clearCrossProfileIntentFilters(ComponentName admin)

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile.

void clearDeviceOwnerApp(String packageName)

This method was deprecated in API level O. This method is expected to be used for testing purposes only. The device owner will lose control of the device and its data after calling it. In order to protect any sensitive data that remains on the device, it is advised that the device owner factory resets the device instead of calling this method. See wipeData(int).

void clearPackagePersistentPreferredActivities(ComponentName admin, String packageName)

Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).

void clearProfileOwner(ComponentName admin)

This method was deprecated in API level O. This method is expected to be used for testing purposes only. The profile owner will lose control of the user and its data after calling it. In order to protect any sensitive data that remains on this user, it is advised that the profile owner deletes it instead of calling this method. See wipeData(int).

boolean clearResetPasswordToken(ComponentName admin)

Called by a profile or device owner to revoke the current password reset token.

void clearUserRestriction(ComponentName admin, String key)

Called by a profile or device owner to clear a user restriction specified by the key.

Intent createAdminSupportIntent(String restriction)

Called by any app to display a support dialog when a feature was disabled by an admin.

UserHandle createAndManageUser(ComponentName admin, String name, ComponentName profileOwner, PersistableBundle adminExtras, int flags)

Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner.

int enableSystemApp(ComponentName admin, Intent intent)

Re-enable system apps by intent that were disabled by default when the user was initialized.

void enableSystemApp(ComponentName admin, String packageName)

Re-enable a system app that was disabled by default when the user was initialized.

String[] getAccountTypesWithManagementDisabled()

Gets the array of accounts for which account management is disabled by the profile owner.

List<ComponentName> getActiveAdmins()

Return a list of all currently active device administrators' component names.

Set<String> getAffiliationIds(ComponentName admin)

Returns the set of affiliation ids previously set via setAffiliationIds(ComponentName, Set), or an empty set if none have been set.

String getAlwaysOnVpnPackage(ComponentName admin)

Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user.

Bundle getApplicationRestrictions(ComponentName admin, String packageName)

Retrieves the application restrictions for a given target application running in the calling user.

String getApplicationRestrictionsManagingPackage(ComponentName admin)

This method was deprecated in API level O. From O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_APP_RESTRICTIONS scope instead.

boolean getAutoTimeRequired()
List<UserHandle> getBindDeviceAdminTargetUsers(ComponentName admin)

Returns the list of target users that the calling device or profile owner can use when calling bindDeviceAdminServiceAsUser(ComponentName, Intent, ServiceConnection, int, UserHandle).

boolean getBluetoothContactSharingDisabled(ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

boolean getCameraDisabled(ComponentName admin)

Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

String getCertInstallerPackage(ComponentName admin)

This method was deprecated in API level O. From O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_CERT_INSTALL scope instead.

boolean getCrossProfileCallerIdDisabled(ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

boolean getCrossProfileContactsSearchDisabled(ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

List<String> getCrossProfileWidgetProviders(ComponentName admin)

Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.

int getCurrentFailedPasswordAttempts()

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

List<String> getDelegatePackages(ComponentName admin, String delegationScope)

Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope.

List<String> getDelegatedScopes(ComponentName admin, String delegatedPackage)

Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package.

CharSequence getDeviceOwnerLockScreenInfo()
List<byte[]> getInstalledCaCerts(ComponentName admin)

Returns all CA certificates that are currently trusted, excluding system CA certificates.

int getKeyguardDisabledFeatures(ComponentName admin)

Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles.

String[] getLockTaskPackages(ComponentName admin)

Returns the list of packages allowed to start the lock task mode.

CharSequence getLongSupportMessage(ComponentName admin)

Called by a device admin to get the long support message.

int getMaximumFailedPasswordsForWipe(ComponentName admin)

Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles.

long getMaximumTimeToLock(ComponentName admin)

Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getOrganizationColor(ComponentName admin)

Called by a profile owner of a managed profile to retrieve the color used for customization.

CharSequence getOrganizationName(ComponentName admin)

Called by a profile owner of a managed profile to retrieve the name of the organization under management.

DevicePolicyManager getParentProfileInstance(ComponentName admin)

Called by the profile owner of a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

long getPasswordExpiration(ComponentName admin)

Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles.

long getPasswordExpirationTimeout(ComponentName admin)

Get the password expiration timeout for the given admin.

int getPasswordHistoryLength(ComponentName admin)

Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMaximumLength(int quality)

Return the maximum password length that the device supports for a particular password quality.

int getPasswordMinimumLength(ComponentName admin)

Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumLetters(ComponentName admin)

Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumLowerCase(ComponentName admin)

Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumNonLetter(ComponentName admin)

Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumNumeric(ComponentName admin)

Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumSymbols(ComponentName admin)

Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordMinimumUpperCase(ComponentName admin)

Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles.

int getPasswordQuality(ComponentName admin)

Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles.

SystemUpdateInfo getPendingSystemUpdate(ComponentName admin)

Called by device or profile owners to get information about a pending system update.

int getPermissionGrantState(ComponentName admin, String packageName, String permission)

Returns the current grant state of a runtime permission for a specific application.

int getPermissionPolicy(ComponentName admin)

Returns the current runtime permission policy set by the device or profile owner.

List<String> getPermittedAccessibilityServices(ComponentName admin)

Returns the list of permitted accessibility services set by this device or profile owner.

List<String> getPermittedCrossProfileNotificationListeners(ComponentName admin)

Returns the list of packages installed on the primary user that allowed to use a NotificationListenerService to receive notifications from this managed profile, as set by the profile owner.

List<String> getPermittedInputMethods(ComponentName admin)

Returns the list of permitted input methods set by this device or profile owner.

long getRequiredStrongAuthTimeout(ComponentName admin)

Determine for how long the user will be able to use secondary, non strong auth for authentication, since last strong method authentication (password, pin or pattern) was used.

boolean getScreenCaptureDisabled(ComponentName admin)

Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins.

CharSequence getShortSupportMessage(ComponentName admin)

Called by a device admin to get the short support message.

boolean getStorageEncryption(ComponentName admin)

Called by an application that is administering the device to determine the requested setting for secure storage.

int getStorageEncryptionStatus()

Called by an application that is administering the device to determine the current encryption status of the device.

SystemUpdatePolicy getSystemUpdatePolicy()

Retrieve a local system update policy set previously by setSystemUpdatePolicy(ComponentName, SystemUpdatePolicy).

List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, ComponentName agent)

Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.

Bundle getUserRestrictions(ComponentName admin)

Called by a profile or device owner to get user restrictions set with addUserRestriction(ComponentName, String).

String getWifiMacAddress(ComponentName admin)

Called by device owner to get the MAC address of the Wi-Fi device.

boolean hasCaCertInstalled(ComponentName admin, byte[] certBuffer)

Returns whether this certificate is installed as a trusted CA.

boolean hasGrantedPolicy(ComponentName admin, int usesPolicy)

Returns true if an administrator has been granted a particular device policy.

boolean installCaCert(ComponentName admin, byte[] certBuffer)

Installs the given certificate as a user CA.

boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate[] certs, String alias, boolean requestAccess)

Called by a device or profile owner, or delegated certificate installer, to install a certificate chain and corresponding private key for the leaf certificate.

boolean installKeyPair(ComponentName admin, PrivateKey privKey, Certificate cert, String alias)

Called by a device or profile owner, or delegated certificate installer, to install a certificate and corresponding private key.

boolean isActivePasswordSufficient()

Determine whether the current password the user has set is sufficient to meet the policy requirements (e.g.

boolean isAdminActive(ComponentName admin)

Return true if the given administrator component is currently active (enabled) in the system.

boolean isApplicationHidden(ComponentName admin, String packageName)

Determine if a package is hidden.

boolean isBackupServiceEnabled(ComponentName admin)

Return whether the backup service is enabled by the device owner.

boolean isCallerApplicationRestrictionsManagingPackage()

This method was deprecated in API level O. From O. Use getDelegatedScopes(ComponentName, String) instead.

boolean isDeviceOwnerApp(String packageName)

Used to determine if a particular package has been registered as a Device Owner app.

boolean isLockTaskPermitted(String pkg)

This function lets the caller know whether the given component is allowed to start the lock task mode.

boolean isManagedProfile(ComponentName admin)

Return if this user is a managed profile of another user.

boolean isMasterVolumeMuted(ComponentName admin)

Called by profile or device owners to check whether the master volume mute is on or off.

boolean isNetworkLoggingEnabled(ComponentName admin)

Return whether network logging is enabled by a device owner.

boolean isPackageSuspended(ComponentName admin, String packageName)

Determine if a package is suspended.

boolean isProfileOwnerApp(String packageName)

Used to determine if a particular package is registered as the profile owner for the user.

boolean isProvisioningAllowed(String action)

Returns whether it is possible for the caller to initiate provisioning of a managed profile or device, setting itself as the device or profile owner.

boolean isResetPasswordTokenActive(ComponentName admin)

Called by a profile or device owner to check if the current reset password token is active.

boolean isSecurityLoggingEnabled(ComponentName admin)

Return whether security logging is enabled or not by the device owner.

boolean isUninstallBlocked(ComponentName admin, String packageName)

Check whether the user has been blocked by device policy from uninstalling a package.

void lockNow()

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

void lockNow(int flags)

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

void reboot(ComponentName admin)

Called by device owner to reboot the device.

void removeActiveAdmin(ComponentName admin)

Remove a current administration component.

boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName)

Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile.

boolean removeKeyPair(ComponentName admin, String alias)

Called by a device or profile owner, or delegated certificate installer, to remove a certificate and private key pair installed under a given alias.

boolean removeUser(ComponentName admin, UserHandle userHandle)

Called by a device owner to remove a user and all associated data.

boolean requestBugreport(ComponentName admin)

Called by a device owner to request a bugreport.

boolean resetPassword(String password, int flags)

Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user.

boolean resetPasswordWithToken(ComponentName admin, String password, byte[] token, int flags)

Called by device or profile owner to force set a new device unlock password or a managed profile challenge on current user.

List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken)

Called by device owner to retrieve the most recent batch of network logging events.

List<SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin)

Called by device owners to retrieve device logs from before the device's last reboot.

List<SecurityLog.SecurityEvent> retrieveSecurityLogs(ComponentName admin)

Called by device owner to retrieve all new security logging entries since the last call to this API after device boots.

void setAccountManagementDisabled(ComponentName admin, String accountType, boolean disabled)

Called by a device owner or profile owner to disable account management for a specific type of account.

void setAffiliationIds(ComponentName admin, Set<String> ids)

Indicates the entity that controls the device or profile owner.

void setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdownEnabled)

Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user.

boolean setApplicationHidden(ComponentName admin, String packageName, boolean hidden)

Hide or unhide packages.

void setApplicationRestrictions(ComponentName admin, String packageName, Bundle settings)

Sets the application restrictions for a given target application running in the calling user.

void setApplicationRestrictionsManagingPackage(ComponentName admin, String packageName)

This method was deprecated in API level O. From O. Use setDelegatedScopes(ComponentName, String, List) with the DELEGATION_APP_RESTRICTIONS scope instead.

void setAutoTimeRequired(ComponentName admin, boolean required)

Called by a device or profile owner to set whether auto time is required.

void setBackupServiceEnabled(ComponentName admin, boolean enabled)

Allows the device owner to enable or disable the backup service.

void setBluetoothContactSharingDisabled(ComponentName admin, boolean disabled)

Called by a profile owner of a managed profile to set whether bluetooth devices can access enterprise contacts.

void setCameraDisabled(ComponentName admin, boolean disabled)

Called by an application that is administering the device to disable all cameras on the device, for this user.

void setCertInstallerPackage(ComponentName admin, String installerPackage)

This method was deprecated in API level O. From O. Use setDelegatedScopes(ComponentName, String, List) with the DELEGATION_CERT_INSTALL scope instead.

void setCrossProfileCallerIdDisabled(ComponentName admin, boolean disabled)

Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.

void setCrossProfileContactsSearchDisabled(ComponentName admin, boolean disabled)

Called by a profile owner of a managed profile to set whether contacts search from the managed profile will be shown in the parent profile, for incoming calls.

void setDelegatedScopes(ComponentName admin, String delegatePackage, List<String> scopes)

Called by a profile owner or device owner to grant access to privileged APIs to another app.

void setDeviceOwnerLockScreenInfo(ComponentName admin, CharSequence info)

Sets the device owner information to be shown on the lock screen.

void setGlobalSetting(ComponentName admin, String setting, String value)

Called by device owners to update Settings.Global settings.

boolean setKeyguardDisabled(ComponentName admin, boolean disabled)

Called by a device owner to disable the keyguard altogether.

void setKeyguardDisabledFeatures(ComponentName admin, int which)

Called by an application that is administering the device to disable keyguard customizations, such as widgets.

void setLockTaskPackages(ComponentName admin, String[] packages)

Sets which packages may enter lock task mode.

void setLongSupportMessage(ComponentName admin, CharSequence message)

Called by a device admin to set the long support message.

void setMasterVolumeMuted(ComponentName admin, boolean on)

Called by profile or device owners to set the master volume mute on or off.

void setMaximumFailedPasswordsForWipe(ComponentName admin, int num)

Setting this to a value greater than zero enables a built-in policy that will perform a device or profile wipe after too many incorrect device-unlock passwords have been entered.

void setMaximumTimeToLock(ComponentName admin, long timeMs)

Called by an application that is administering the device to set the maximum time for user activity until the device will lock.

void setNetworkLoggingEnabled(ComponentName admin, boolean enabled)

Called by a device owner to control the network logging feature.

void setOrganizationColor(ComponentName admin, int color)

Called by a profile owner of a managed profile to set the color used for customization.

void setOrganizationName(ComponentName admin, CharSequence title)

Called by the device owner or profile owner to set the name of the organization under management.

String[] setPackagesSuspended(ComponentName admin, String[] packageNames, boolean suspended)

Called by device or profile owners to suspend packages for this user.

void setPasswordExpirationTimeout(ComponentName admin, long timeout)

Called by a device admin to set the password expiration timeout.

void setPasswordHistoryLength(ComponentName admin, int length)

Called by an application that is administering the device to set the length of the password history.

void setPasswordMinimumLength(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum allowed password length.

void setPasswordMinimumLetters(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of letters required in the password.

void setPasswordMinimumLowerCase(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of lower case letters required in the password.

void setPasswordMinimumNonLetter(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password.

void setPasswordMinimumNumeric(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of numerical digits required in the password.

void setPasswordMinimumSymbols(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of symbols required in the password.

void setPasswordMinimumUpperCase(ComponentName admin, int length)

Called by an application that is administering the device to set the minimum number of upper case letters required in the password.

void setPasswordQuality(ComponentName admin, int quality)

Called by an application that is administering the device to set the password restrictions it is imposing.

boolean setPermissionGrantState(ComponentName admin, String packageName, String permission, int grantState)

Sets the grant state of a runtime permission for a specific application.

void setPermissionPolicy(ComponentName admin, int policy)

Set the default response for future runtime permission requests by applications.

boolean setPermittedAccessibilityServices(ComponentName admin, List<String> packageNames)

Called by a profile or device owner to set the permitted accessibility services.

boolean setPermittedCrossProfileNotificationListeners(ComponentName admin, List<String> packageList)

Called by a profile owner of a managed profile to set the packages that are allowed to use a NotificationListenerService in the primary user to see notifications from the managed profile.

boolean setPermittedInputMethods(ComponentName admin, List<String> packageNames)

Called by a profile or device owner to set the permitted input methods services.

void setProfileEnabled(ComponentName admin)

Sets the enabled state of the profile.

void setProfileName(ComponentName admin, String profileName)

Sets the name of the profile.

void setRecommendedGlobalProxy(ComponentName admin, ProxyInfo proxyInfo)

Set a network-independent global HTTP proxy.

void setRequiredStrongAuthTimeout(ComponentName admin, long timeoutMs)

Called by a device/profile owner to set the timeout after which unlocking with secondary, non strong auth (e.g.

boolean setResetPasswordToken(ComponentName admin, byte[] token)

Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via resetPasswordWithToken(ComponentName, String, byte[], int).

void setRestrictionsProvider(ComponentName admin, ComponentName provider)

Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user.

void setScreenCaptureDisabled(ComponentName admin, boolean disabled)

Called by a device/profile owner to set whether the screen capture is disabled.

void setSecureSetting(ComponentName admin, String setting, String value)

Called by profile or device owners to update Settings.Secure settings.

void setSecurityLoggingEnabled(ComponentName admin, boolean enabled)

Called by device owner to control the security logging feature.

void setShortSupportMessage(ComponentName admin, CharSequence message)

Called by a device admin to set the short support message.

boolean setStatusBarDisabled(ComponentName admin, boolean disabled)

Called by device owner to disable the status bar.

int setStorageEncryption(ComponentName admin, boolean encrypt)

Called by an application that is administering the device to request that the storage system be encrypted.

void setSystemUpdatePolicy(ComponentName admin, SystemUpdatePolicy policy)

Called by device owners to set a local system update policy.

void setTrustAgentConfiguration(ComponentName admin, ComponentName target, PersistableBundle configuration)

Sets a list of configuration features to enable for a TrustAgent component.

void setUninstallBlocked(ComponentName admin, String packageName, boolean uninstallBlocked)

Change whether a user can uninstall a package.

void setUserIcon(ComponentName admin, Bitmap icon)

Called by profile or device owners to set the user's photo.

boolean switchUser(ComponentName admin, UserHandle userHandle)

Called by a device owner to switch the specified user to the foreground.

void uninstallAllUserCaCerts(ComponentName admin)

Uninstalls all custom trusted CA certificates from the profile.

void uninstallCaCert(ComponentName admin, byte[] certBuffer)

Uninstalls the given certificate from trusted user CAs, if present.

void wipeData(int flags)

Ask that all user data be wiped.

Inherited methods

From class java.lang.Object

Constants

ACTION_ADD_DEVICE_ADMIN

added in API level 8
String ACTION_ADD_DEVICE_ADMIN

Activity action: ask the user to add a new device administrator to the system. The desired policy is the ComponentName of the policy in the EXTRA_DEVICE_ADMIN extra field. This will invoke a UI to bring the user through adding the device administrator to the system (or allowing them to reject it).

You can optionally include the EXTRA_ADD_EXPLANATION field to provide the user with additional explanation (in addition to your component's description) about what is being added.

If your administrator is already active, this will ordinarily return immediately (without user intervention). However, if your administrator has been updated and is requesting additional uses-policy flags, the user will be presented with the new list. New policies will not be available to the updated administrator until the user has accepted the new list.

Constant Value: "android.app.action.ADD_DEVICE_ADMIN"

ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

String ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED

Broadcast Action: Sent after application delegation scopes are changed. The new delegation scopes will be sent in an ArrayList<String> extra identified by the EXTRA_DELEGATION_SCOPES key.

Note: This is a protected intent that can only be sent by the system.

Constant Value: "android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED"

ACTION_DEVICE_ADMIN_SERVICE

String ACTION_DEVICE_ADMIN_SERVICE

Service action: Action for a service that device owner and profile owner can optionally own. If a device owner or a profile owner has such a service, the system tries to keep a bound connection to it, in order to keep their process always running. The service must be protected with the BIND_DEVICE_ADMIN permission.

Constant Value: "android.app.action.DEVICE_ADMIN_SERVICE"

ACTION_DEVICE_OWNER_CHANGED

added in API level 23
String ACTION_DEVICE_OWNER_CHANGED

Broadcast action: sent when the device owner is set, changed or cleared. This broadcast is sent only to the primary user.

See also:

Constant Value: "android.app.action.DEVICE_OWNER_CHANGED"

ACTION_MANAGED_PROFILE_PROVISIONED

added in API level 23
String ACTION_MANAGED_PROFILE_PROVISIONED

Broadcast Action: This broadcast is sent to indicate that provisioning of a managed profile has completed successfully.

The broadcast is limited to the primary profile, to the app specified in the provisioning intent with action ACTION_PROVISION_MANAGED_PROFILE.

This intent will contain the following extras

Constant Value: "android.app.action.MANAGED_PROFILE_PROVISIONED"

ACTION_PROVISIONING_SUCCESSFUL

String ACTION_PROVISIONING_SUCCESSFUL

Activity action: This activity action is sent to indicate that provisioning of a managed profile or managed device has completed successfully. It'll be sent at the same time as ACTION_PROFILE_PROVISIONING_COMPLETE broadcast but this will be delivered faster as it's an activity intent.

The intent is only sent to the application on the profile that requested provisioning. In the device owner case the profile is the primary user.

See also:

Constant Value: "android.app.action.PROVISIONING_SUCCESSFUL"

ACTION_PROVISION_MANAGED_DEVICE

added in API level 23
String ACTION_PROVISION_MANAGED_DEVICE

Activity action: Starts the provisioning flow which sets up a managed device. Must be started with startActivityForResult(Intent, int).

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

An intent with this action can be sent only on an unprovisioned device. It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

The intent contains the following extras:

When device owner provisioning has completed, an intent of the type ACTION_PROFILE_PROVISIONING_COMPLETE is broadcast to the device owner.

From version O, when device owner provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the device owner.

If provisioning fails, the device is factory reset.

A result code of RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_DEVICE"

ACTION_PROVISION_MANAGED_PROFILE

added in API level 21
String ACTION_PROVISION_MANAGED_PROFILE

Activity action: Starts the provisioning flow which sets up a managed profile.

A managed profile allows data separation for example for the usage of a device as a personal and corporate device. The user which provisioning is started from and the managed profile share a launcher.

This intent will typically be sent by a mobile device management application (MDM). Provisioning adds a managed profile and sets the MDM as the profile owner who has full control over the profile.

It is possible to check if provisioning is allowed or not by querying the method isProvisioningAllowed(String).

In version LOLLIPOP, this intent must contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME. As of M, it should contain the extra EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead, although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported.

The intent may also contain the following extras:

When managed provisioning has completed, broadcasts are sent to the application specified in the provisioning intent. The ACTION_PROFILE_PROVISIONING_COMPLETE broadcast is sent in the managed profile and the ACTION_MANAGED_PROFILE_PROVISIONED broadcast is sent in the primary profile.

From version O, when managed provisioning has completed, along with the above broadcast, activity intent ACTION_PROVISIONING_SUCCESSFUL will also be sent to the application specified in the provisioning intent.

If provisioning fails, the managedProfile is removed so the device returns to its previous state.

If launched with startActivityForResult(Intent, int) a result code of RESULT_OK implies that the synchronous part of the provisioning flow was successful, although this doesn't guarantee the full flow will succeed. Conversely a result code of RESULT_CANCELED implies that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

Constant Value: "android.app.action.PROVISION_MANAGED_PROFILE"

ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

added in API level 24
String ACTION_SET_NEW_PARENT_PROFILE_PASSWORD

Activity action: have the user enter a new password for the parent profile. If the intent is launched from within a managed profile, this will trigger entering a new password for the parent of the profile. In all other cases the behaviour is identical to ACTION_SET_NEW_PASSWORD.

Constant Value: "android.app.action.SET_NEW_PARENT_PROFILE_PASSWORD"

ACTION_SET_NEW_PASSWORD

added in API level 8
String ACTION_SET_NEW_PASSWORD

Activity action: have the user enter a new password. This activity should be launched after using setPasswordQuality(ComponentName, int), or setPasswordMinimumLength(ComponentName, int) to have the user enter a new password that meets the current requirements. You can use isActivePasswordSufficient() to determine whether you need to have the user select a new password in order to meet the current constraints. Upon being resumed from this activity, you can check the new password characteristics to see if they are sufficient. If the intent is launched from within a managed profile with a profile owner built against M or before, this will trigger entering a new password for the parent of the profile. For all other cases it will trigger entering a new password for the user or profile it is launched from.

See also:

Constant Value: "android.app.action.SET_NEW_PASSWORD"

ACTION_START_ENCRYPTION

added in API level 11
String ACTION_START_ENCRYPTION

Activity action: begin the process of encrypting data on the device. This activity should be launched after using setStorageEncryption(ComponentName, boolean) to request encryption be activated. After resuming from this activity, use getStorageEncryption(ComponentName) to check encryption status. However, on some devices this activity may never return, as it may trigger a reboot and in some cases a complete data wipe of the device.

Constant Value: "android.app.action.START_ENCRYPTION"

ACTION_SYSTEM_UPDATE_POLICY_CHANGED

added in API level 23
String ACTION_SYSTEM_UPDATE_POLICY_CHANGED

Broadcast action: notify that a new local system update policy has been set by the device owner. The new policy can be retrieved by getSystemUpdatePolicy().

Constant Value: "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED"

DELEGATION_APP_RESTRICTIONS

String DELEGATION_APP_RESTRICTIONS

Delegation of application restrictions management. This scope grants access to the setApplicationRestrictions(ComponentName, String, Bundle) and getApplicationRestrictions(ComponentName, String) APIs.

Constant Value: "delegation-app-restrictions"

DELEGATION_BLOCK_UNINSTALL

String DELEGATION_BLOCK_UNINSTALL

Delegation of application uninstall block. This scope grants access to the setUninstallBlocked(ComponentName, String, boolean) API.

Constant Value: "delegation-block-uninstall"

DELEGATION_CERT_INSTALL

String DELEGATION_CERT_INSTALL

Delegation of certificate installation and management. This scope grants access to the getInstalledCaCerts(ComponentName), hasCaCertInstalled(ComponentName, byte[]), installCaCert(ComponentName, byte[]), uninstallCaCert(ComponentName, byte[]), uninstallAllUserCaCerts(ComponentName) and installKeyPair(ComponentName, PrivateKey, Certificate, String) APIs.

Constant Value: "delegation-cert-install"

DELEGATION_ENABLE_SYSTEM_APP

String DELEGATION_ENABLE_SYSTEM_APP

Delegation for enabling system apps. This scope grants access to the enableSystemApp(ComponentName, Intent) API.

Constant Value: "delegation-enable-system-app"

DELEGATION_PACKAGE_ACCESS

String DELEGATION_PACKAGE_ACCESS

Delegation of package access state. This scope grants access to the isApplicationHidden(ComponentName, String), setApplicationHidden(ComponentName, String, boolean), isPackageSuspended(ComponentName, String), and setPackagesSuspended(ComponentName, String[], boolean) APIs.

Constant Value: "delegation-package-access"

DELEGATION_PERMISSION_GRANT

String DELEGATION_PERMISSION_GRANT

Delegation of permission policy and permission grant state. This scope grants access to the setPermissionPolicy(ComponentName, int), getPermissionGrantState(ComponentName, String, String), and setPermissionGrantState(ComponentName, String, String, int) APIs.

Constant Value: "delegation-permission-grant"

ENCRYPTION_STATUS_ACTIVATING

added in API level 11
int ENCRYPTION_STATUS_ACTIVATING

Result code for getStorageEncryptionStatus(): indicating that encryption is not currently active, but is currently being activated. This is only reported by devices that support encryption of data and only when the storage is currently undergoing a process of becoming encrypted. A device that must reboot and/or wipe data to become encrypted will never return this value.

Constant Value: 2 (0x00000002)

ENCRYPTION_STATUS_ACTIVE

added in API level 11
int ENCRYPTION_STATUS_ACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is active.

Also see ENCRYPTION_STATUS_ACTIVE_PER_USER.

Constant Value: 3 (0x00000003)

ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

added in API level 23
int ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY

Result code for getStorageEncryptionStatus(): indicating that encryption is active, but an encryption key has not been set by the user.

Constant Value: 4 (0x00000004)

ENCRYPTION_STATUS_ACTIVE_PER_USER

added in API level 24
int ENCRYPTION_STATUS_ACTIVE_PER_USER

Result code for getStorageEncryptionStatus(): indicating that encryption is active and the encryption key is tied to the user or profile.

This value is only returned to apps targeting API level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE is returned, even if the encryption key is specific to the user or profile.

Constant Value: 5 (0x00000005)

ENCRYPTION_STATUS_INACTIVE

added in API level 11
int ENCRYPTION_STATUS_INACTIVE

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is supported, but is not currently active.

Constant Value: 1 (0x00000001)

ENCRYPTION_STATUS_UNSUPPORTED

added in API level 11
int ENCRYPTION_STATUS_UNSUPPORTED

Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus(): indicating that encryption is not supported.

Constant Value: 0 (0x00000000)

EXTRA_ADD_EXPLANATION

added in API level 8
String EXTRA_ADD_EXPLANATION

An optional CharSequence providing additional explanation for why the admin is being added.

See also:

Constant Value: "android.app.extra.ADD_EXPLANATION"

EXTRA_DELEGATION_SCOPES

String EXTRA_DELEGATION_SCOPES

An ArrayList<String> corresponding to the delegation scopes given to an app in the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED broadcast.

Constant Value: "android.app.extra.DELEGATION_SCOPES"

EXTRA_DEVICE_ADMIN

added in API level 8
String EXTRA_DEVICE_ADMIN

The ComponentName of the administrator component.

See also:

Constant Value: "android.app.extra.DEVICE_ADMIN"

EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

added in API level 22
String EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

An Account extra holding the account to migrate during managed profile provisioning. If the account supplied is present in the primary user, it will be copied, along with its credentials to the managed profile and removed from the primary user. Use with ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_ACCOUNT_TO_MIGRATE"

EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

added in API level 21
String EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE

A Parcelable extra of type PersistableBundle that allows a mobile device management application or NFC programmer application which starts managed provisioning to pass data to the management application instance after provisioning.

If used with ACTION_PROVISION_MANAGED_PROFILE it can be used by the application that sends the intent to pass data to itself on the newly created profile. If used with ACTION_PROVISION_MANAGED_DEVICE it allows passing data to the same instance of the app on the primary user. Starting from M, if used with MIME_TYPE_PROVISIONING_NFC as part of NFC managed device provisioning, the NFC message should contain a stringified Properties instance, whose string properties will be converted into a PersistableBundle and passed to the management application after provisioning.

In both cases the application receives the data in onProfileProvisioningComplete(Context, Intent) via an intent with the action ACTION_PROFILE_PROVISIONING_COMPLETE. The bundle is not changed during the managed provisioning.

Constant Value: "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE"

EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

added in API level 23
String EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME

A ComponentName extra indicating the device admin receiver of the mobile device management application that will be set as the profile owner or device owner and active admin.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE the package name of this component has to match the package name of the application that started provisioning.

This component is set as device owner and active admin when device owner provisioning is started by an intent with action ACTION_PROVISION_MANAGED_DEVICE or by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC. For the NFC record, the component name must be flattened to a string, via flattenToShortString().

See also:

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

added in API level 23
String EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE

An int extra holding a minimum required version code for the device admin package. If the device admin is already installed on the device, it will only be re-downloaded from EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION if the version of the installed package is less than this version code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

added in API level 21
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 or SHA-1 hash (see notes below) of the file at download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM must be present. The provided checksum must match the checksum of the file at the download location. If the checksum doesn't match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Note: for devices running LOLLIPOP and LOLLIPOP_MR1 only SHA-1 hash is supported. Starting from M, this parameter accepts SHA-256 in addition to SHA-1. Support for SHA-1 is likely to be removed in future OS releases.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

added in API level 21
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER

A String extra holding a http cookie header which should be used in the http request to the url specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

added in API level 21
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION

A String extra holding a url that specifies the download location of the device admin package. When not provided it is assumed that the device admin package is already installed.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION"

EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

added in API level 21
String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME

This constant was deprecated in API level 23.
Use EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME. This extra is still supported, but only if there is only one device admin receiver in the package that requires the permission BIND_DEVICE_ADMIN.

A String extra holding the package name of the mobile device management application that will be set as the profile owner or device owner.

If an application starts provisioning directly via an intent with action ACTION_PROVISION_MANAGED_PROFILE this package has to match the package name of the application that started provisioning. The package will be set as profile owner in that case.

This package is set as device owner when device owner provisioning is started by an NFC message containing an NFC record with MIME type MIME_TYPE_PROVISIONING_NFC.

When this extra is set, the application must have exactly one device admin receiver. This receiver will be set as the profile or device owner and active admin.

See also:

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME"

EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

added in API level 23
String EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM

A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the android package archive at the download location specified in EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION.

The signatures of an android package archive can be obtained using getPackageArchiveInfo(String, int) with flag GET_SIGNATURES.

Either this extra or EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM must be present. The provided checksum must match the checksum of any signature of the file at the download location. If the checksum does not match an error will be shown to the user and the user will be asked to factory reset the device.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM"

EXTRA_PROVISIONING_DISCLAIMERS

String EXTRA_PROVISIONING_DISCLAIMERS

A Bundle[] extra consisting of list of disclaimer headers and disclaimer contents. Each Bundle must have both EXTRA_PROVISIONING_DISCLAIMER_HEADER as disclaimer header, and EXTRA_PROVISIONING_DISCLAIMER_CONTENT as disclaimer content.

The extra typically contains one disclaimer from the company of mobile device management application (MDM), and one disclaimer from the organization.

Call putParcelableArray(String, Parcelable[]) to put the Bundle[]

Maximum 3 key-value pairs can be specified. The rest will be ignored.

Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMERS"

EXTRA_PROVISIONING_DISCLAIMER_CONTENT

String EXTRA_PROVISIONING_DISCLAIMER_CONTENT

A Uri extra pointing to disclaimer content.

The following URI schemes are accepted:

Styled text is supported in the disclaimer content. The content is parsed by fromHtml(String) and displayed in a TextView.

If a content: URI is passed, URI is passed, the intent should have the flag FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the ClipData of the intent too.

Use in Bundle EXTRA_PROVISIONING_DISCLAIMERS

System app, i.e. application with FLAG_SYSTEM, can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml. Must use it with EXTRA_PROVISIONING_DISCLAIMER_HEADER. Here is the example:

  <meta-data
      android:name="android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"
      android:resource="@string/disclaimer_content"
 />

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMER_CONTENT"

EXTRA_PROVISIONING_DISCLAIMER_HEADER

String EXTRA_PROVISIONING_DISCLAIMER_HEADER

A String extra of localized disclaimer header.

The extra is typically the company name of mobile device management application (MDM) or the organization name.

Use in Bundle EXTRA_PROVISIONING_DISCLAIMERS

System app, i.e. application with FLAG_SYSTEM, can also insert a disclaimer by declaring an application-level meta-data in AndroidManifest.xml. Must use it with EXTRA_PROVISIONING_DISCLAIMER_CONTENT. Here is the example:

  <meta-data
      android:name="android.app.extra.PROVISIONING_DISCLAIMER_HEADER"
      android:resource="@string/disclaimer_header"
 />

Constant Value: "android.app.extra.PROVISIONING_DISCLAIMER_HEADER"

EXTRA_PROVISIONING_EMAIL_ADDRESS

added in API level 21
String EXTRA_PROVISIONING_EMAIL_ADDRESS

This constant was deprecated in API level O.
From O, never used while provisioning the device.

Constant Value: "android.app.extra.PROVISIONING_EMAIL_ADDRESS"

EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

String EXTRA_PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION

Boolean extra to indicate that the migrated account should be kept. This is used in conjunction with EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE. If it's set to true, the account will not be removed from the primary user after it is migrated to the newly created user or profile.

Defaults to false

Use with ACTION_PROVISION_MANAGED_PROFILE and EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE

Constant Value: "android.app.extra.PROVISIONING_KEEP_ACCOUNT_ON_MIGRATION"

EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

added in API level 22
String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED

A Boolean extra that can be used by the mobile device management application to skip the disabling of system apps during provisioning when set to true.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

Constant Value: "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED"

EXTRA_PROVISIONING_LOCALE

added in API level 21
String EXTRA_PROVISIONING_LOCALE

A String extra holding the Locale that the device will be set to. Format: xx_yy, where xx is the language code, and yy the country code.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCALE"

EXTRA_PROVISIONING_LOCAL_TIME

added in API level 21
String EXTRA_PROVISIONING_LOCAL_TIME

A Long extra holding the wall clock time (in milliseconds) to be set on the device's AlarmManager.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_LOCAL_TIME"

EXTRA_PROVISIONING_LOGO_URI

added in API level 24
String EXTRA_PROVISIONING_LOGO_URI

A Uri extra pointing to a logo image. This image will be shown during the provisioning. If this extra is not passed, a default image will be shown.

The following URI schemes are accepted:

It is the responsibility of the caller to provide an image with a reasonable pixel density for the device.

If a content: URI is passed, the intent should have the flag FLAG_GRANT_READ_URI_PERMISSION and the uri should be added to the ClipData of the intent too.

Use in an intent with action ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE

Constant Value: "android.app.extra.PROVISIONING_LOGO_URI"

EXTRA_PROVISIONING_MAIN_COLOR

added in API level 24
String EXTRA_PROVISIONING_MAIN_COLOR

A integer extra indicating the predominant color to show during the provisioning. Refer to Color for how the color is represented.

Use with ACTION_PROVISION_MANAGED_PROFILE or ACTION_PROVISION_MANAGED_DEVICE.

Constant Value: "android.app.extra.PROVISIONING_MAIN_COLOR"

EXTRA_PROVISIONING_SKIP_ENCRYPTION

added in API level 23
String EXTRA_PROVISIONING_SKIP_ENCRYPTION

A boolean extra indicating whether device encryption can be skipped as part of device owner or managed profile provisioning.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC or an intent with action ACTION_PROVISION_MANAGED_DEVICE that starts device owner provisioning.

From N onwards, this is also supported for an intent with action ACTION_PROVISION_MANAGED_PROFILE.

Constant Value: "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"

EXTRA_PROVISIONING_SKIP_USER_CONSENT

String EXTRA_PROVISIONING_SKIP_USER_CONSENT

A boolean extra indicating if the user consent steps from the provisioning flow should be skipped. If unspecified, defaults to false. It can only be used by an existing device owner trying to create a managed profile via ACTION_PROVISION_MANAGED_PROFILE. Otherwise it is ignored.

Constant Value: "android.app.extra.PROVISIONING_SKIP_USER_CONSENT"

EXTRA_PROVISIONING_TIME_ZONE

added in API level 21
String EXTRA_PROVISIONING_TIME_ZONE

A String extra holding the time zone AlarmManager that the device will be set to.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_TIME_ZONE"

EXTRA_PROVISIONING_WIFI_HIDDEN

added in API level 21
String EXTRA_PROVISIONING_WIFI_HIDDEN

A boolean extra indicating whether the wifi network in EXTRA_PROVISIONING_WIFI_SSID is hidden or not.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_HIDDEN"

EXTRA_PROVISIONING_WIFI_PAC_URL

added in API level 21
String EXTRA_PROVISIONING_WIFI_PAC_URL

A String extra holding the proxy auto-config (PAC) URL for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PAC_URL"

EXTRA_PROVISIONING_WIFI_PASSWORD

added in API level 21
String EXTRA_PROVISIONING_WIFI_PASSWORD

A String extra holding the password of the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PASSWORD"

EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

added in API level 21
String EXTRA_PROVISIONING_WIFI_PROXY_BYPASS

A String extra holding the proxy bypass for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_BYPASS"

EXTRA_PROVISIONING_WIFI_PROXY_HOST

added in API level 21
String EXTRA_PROVISIONING_WIFI_PROXY_HOST

A String extra holding the proxy host for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_HOST"

EXTRA_PROVISIONING_WIFI_PROXY_PORT

added in API level 21
String EXTRA_PROVISIONING_WIFI_PROXY_PORT

An int extra holding the proxy port for the wifi network in EXTRA_PROVISIONING_WIFI_SSID.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_PROXY_PORT"

EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

added in API level 21
String EXTRA_PROVISIONING_WIFI_SECURITY_TYPE

A String extra indicating the security type of the wifi network in EXTRA_PROVISIONING_WIFI_SSID and could be one of NONE, WPA or WEP.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE"

EXTRA_PROVISIONING_WIFI_SSID

added in API level 21
String EXTRA_PROVISIONING_WIFI_SSID

A String extra holding the ssid of the wifi network that should be used during nfc device owner provisioning for downloading the mobile device management application.

Use in an NFC record with MIME_TYPE_PROVISIONING_NFC that starts device owner provisioning via an NFC bump.

Constant Value: "android.app.extra.PROVISIONING_WIFI_SSID"

FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

int FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY

Flag for lockNow(int): also evict the user's credential encryption key from the keyring. The user's credential will need to be entered again in order to derive the credential encryption key that will be stored back in the keyring for future use.

This flag can only be used by a profile owner when locking a managed profile when getStorageEncryptionStatus() returns ENCRYPTION_STATUS_ACTIVE_PER_USER.

In order to secure user data, the user will be stopped and restarted so apps should wait until they are next run to perform further actions.

Constant Value: 1 (0x00000001)

FLAG_MANAGED_CAN_ACCESS_PARENT

added in API level 21
int FLAG_MANAGED_CAN_ACCESS_PARENT

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the managed profile to access intents sent from the parent profile. That is, when an app in the parent profile calls startActivity(Intent), the intent can be resolved by a matching activity in the managed profile.

Constant Value: 2 (0x00000002)

FLAG_PARENT_CAN_ACCESS_MANAGED

added in API level 21
int FLAG_PARENT_CAN_ACCESS_MANAGED

Flag used by addCrossProfileIntentFilter(ComponentName, IntentFilter, int) to allow activities in the parent profile to access intents sent from the managed profile. That is, when an app in the managed profile calls startActivity(Intent), the intent can be resolved by a matching activity in the parent profile.

Constant Value: 1 (0x00000001)

KEYGUARD_DISABLE_FEATURES_ALL

added in API level 17
int KEYGUARD_DISABLE_FEATURES_ALL

Disable all current and future keyguard customizations.

Constant Value: 2147483647 (0x7fffffff)

KEYGUARD_DISABLE_FEATURES_NONE

added in API level 17
int KEYGUARD_DISABLE_FEATURES_NONE

Widgets are enabled in keyguard

Constant Value: 0 (0x00000000)

KEYGUARD_DISABLE_FINGERPRINT

added in API level 21
int KEYGUARD_DISABLE_FINGERPRINT

Disable fingerprint sensor on keyguard secure screens (e.g. PIN/Pattern/Password).

Constant Value: 32 (0x00000020)

KEYGUARD_DISABLE_REMOTE_INPUT

added in API level 24
int KEYGUARD_DISABLE_REMOTE_INPUT

Disable text entry into notifications on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 64 (0x00000040)

KEYGUARD_DISABLE_SECURE_CAMERA

added in API level 17
int KEYGUARD_DISABLE_SECURE_CAMERA

Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 2 (0x00000002)

KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

added in API level 21
int KEYGUARD_DISABLE_SECURE_NOTIFICATIONS

Disable showing all notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 4 (0x00000004)

KEYGUARD_DISABLE_TRUST_AGENTS

added in API level 21
int KEYGUARD_DISABLE_TRUST_AGENTS

Ignore trust agent state on secure keyguard screens (e.g. PIN/Pattern/Password).

Constant Value: 16 (0x00000010)

KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

added in API level 21
int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS

Only allow redacted notifications on secure keyguard screens (e.g. PIN/Pattern/Password)

Constant Value: 8 (0x00000008)

KEYGUARD_DISABLE_WIDGETS_ALL

added in API level 17
int KEYGUARD_DISABLE_WIDGETS_ALL

Disable all keyguard widgets. Has no effect.

Constant Value: 1 (0x00000001)

MIME_TYPE_PROVISIONING_NFC

added in API level 21
String MIME_TYPE_PROVISIONING_NFC

This MIME type is used for starting the device owner provisioning.

During device owner provisioning a device admin app is set as the owner of the device. A device owner has full control over the device. The device owner can not be modified by the user and the only way of resetting the device is if the device owner app calls a factory reset.

A typical use case would be a device that is owned by a company, but used by either an employee or client.

The NFC message must be sent to an unprovisioned device.

The NFC record must contain a serialized Properties object which contains the following properties:

As of M, the properties should contain EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME instead of EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, (although specifying only EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME is still supported).

Constant Value: "application/com.android.managedprovisioning"

PASSWORD_QUALITY_ALPHABETIC

added in API level 8
int PASSWORD_QUALITY_ALPHABETIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 262144 (0x00040000)

PASSWORD_QUALITY_ALPHANUMERIC

added in API level 8
int PASSWORD_QUALITY_ALPHANUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 327680 (0x00050000)

PASSWORD_QUALITY_BIOMETRIC_WEAK

added in API level 14
int PASSWORD_QUALITY_BIOMETRIC_WEAK

Constant for setPasswordQuality(ComponentName, int): the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 32768 (0x00008000)

PASSWORD_QUALITY_COMPLEX

added in API level 11
int PASSWORD_QUALITY_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like setPasswordMinimumLowerCase(ComponentName, int). Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 393216 (0x00060000)

PASSWORD_QUALITY_NUMERIC

added in API level 8
int PASSWORD_QUALITY_NUMERIC

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 131072 (0x00020000)

PASSWORD_QUALITY_NUMERIC_COMPLEX

added in API level 21
int PASSWORD_QUALITY_NUMERIC_COMPLEX

Constant for setPasswordQuality(ComponentName, int): the user must have entered a password containing at least numeric characters with no repeating (4444) or ordered (1234, 4321, 2468) sequences. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 196608 (0x00030000)

PASSWORD_QUALITY_SOMETHING

added in API level 8
int PASSWORD_QUALITY_SOMETHING

Constant for setPasswordQuality(ComponentName, int): the policy requires some kind of password or pattern, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 65536 (0x00010000)

PASSWORD_QUALITY_UNSPECIFIED

added in API level 8
int PASSWORD_QUALITY_UNSPECIFIED

Constant for setPasswordQuality(ComponentName, int): the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DEFAULT

added in API level 23
int PERMISSION_GRANT_STATE_DEFAULT

Runtime permission state: The user can manage the permission through the UI.

Constant Value: 0 (0x00000000)

PERMISSION_GRANT_STATE_DENIED

added in API level 23
int PERMISSION_GRANT_STATE_DENIED

Runtime permission state: The permission is denied to the app and the user cannot manage the permission through the UI.

Constant Value: 2 (0x00000002)

PERMISSION_GRANT_STATE_GRANTED

added in API level 23
int PERMISSION_GRANT_STATE_GRANTED

Runtime permission state: The permission is granted to the app and the user cannot manage the permission through the UI.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_AUTO_DENY

added in API level 23
int PERMISSION_POLICY_AUTO_DENY

Permission policy to always deny new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 2 (0x00000002)

PERMISSION_POLICY_AUTO_GRANT

added in API level 23
int PERMISSION_POLICY_AUTO_GRANT

Permission policy to always grant new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 1 (0x00000001)

PERMISSION_POLICY_PROMPT

added in API level 23
int PERMISSION_POLICY_PROMPT

Permission policy to prompt user for new permission requests for runtime permissions. Already granted or denied permissions are not affected by this.

Constant Value: 0 (0x00000000)

POLICY_DISABLE_CAMERA

String POLICY_DISABLE_CAMERA

Constant to indicate the feature of disabling the camera. Used as argument to createAdminSupportIntent(String).

See also:

Constant Value: "policy_disable_camera"

POLICY_DISABLE_SCREEN_CAPTURE

String POLICY_DISABLE_SCREEN_CAPTURE

Constant to indicate the feature of disabling screen captures. Used as argument to createAdminSupportIntent(String).

See also:

Constant Value: "policy_disable_screen_capture"

RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

added in API level 23
int RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

Flag for resetPassword(String, int): don't ask for user credentials on device boot. If the flag is set, the device can be booted without asking for user password. The absence of this flag does not change the current boot requirements. This flag can be set by the device owner only. If the app is not the device owner, the flag is ignored. Once the flag is set, it cannot be reverted back without resetting the device to factory defaults.

Constant Value: 2 (0x00000002)

RESET_PASSWORD_REQUIRE_ENTRY

added in API level 8
int RESET_PASSWORD_REQUIRE_ENTRY

Flag for resetPassword(String, int): don't allow other admins to change the password again until the user has entered it.

Constant Value: 1 (0x00000001)

SKIP_SETUP_WIZARD

added in API level 24
int SKIP_SETUP_WIZARD

Flag used by createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int) to skip setup wizard after creating a new user.

Constant Value: 1 (0x00000001)

WIPE_EXTERNAL_STORAGE

added in API level 9
int WIPE_EXTERNAL_STORAGE

Flag for wipeData(int): also erase the device's external storage (such as SD cards).

Constant Value: 1 (0x00000001)

WIPE_RESET_PROTECTION_DATA

added in API level 22
int WIPE_RESET_PROTECTION_DATA

Flag for wipeData(int): also erase the factory reset protection data.

This flag may only be set by device owner admins; if it is set by other admins a SecurityException will be thrown.

Constant Value: 2 (0x00000002)

Public methods

addCrossProfileIntentFilter

added in API level 21
void addCrossProfileIntentFilter (ComponentName admin, 
                IntentFilter filter, 
                int flags)

Called by the profile owner of a managed profile so that some intents sent in the managed profile can also be resolved in the parent, or vice versa. Only activity intents are supported.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

filter IntentFilter: The IntentFilter the intent has to match to be also resolved in the other profile

flags int: FLAG_MANAGED_CAN_ACCESS_PARENT and FLAG_PARENT_CAN_ACCESS_MANAGED are supported.

Throws
SecurityException if admin is not a device or profile owner.

addCrossProfileWidgetProvider

added in API level 21
boolean addCrossProfileWidgetProvider (ComponentName admin, 
                String packageName)

Called by the profile owner of a managed profile to enable widget providers from a given package to be available in the parent profile. As a result the user will be able to add widgets from the white-listed package running under the profile to a widget host which runs under the parent profile, for example the home screen. Note that a package may have zero or more provider components, where each component provides a different widget type.

Note: By default no widget provider package is white-listed.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageName String: The package from which widget providers are white-listed.

Returns
boolean Whether the package was added.

Throws
SecurityException if admin is not a profile owner.

See also:

addPersistentPreferredActivity

added in API level 21
void addPersistentPreferredActivity (ComponentName admin, 
                IntentFilter filter, 
                ComponentName activity)

Called by a profile owner or device owner to add a default intent handler activity for intents that match a certain intent filter. This activity will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset.

The default disambiguation mechanism takes over if the activity is not installed (anymore). When the activity is (re)installed, it is automatically reset as default intent handler for the filter.

The calling device admin must be a profile owner or device owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

filter IntentFilter: The IntentFilter for which a default handler is added.

activity ComponentName: The Activity that is added as default intent handler.

This value must never be null.

Throws
SecurityException if admin is not a device or profile owner.

addUserRestriction

added in API level 21
void addUserRestriction (ComponentName admin, 
                String key)

Called by a profile or device owner to set a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

key String: The key of the restriction. See the constants in UserManager for the list of keys.

Throws
SecurityException if admin is not a device or profile owner.

bindDeviceAdminServiceAsUser

boolean bindDeviceAdminServiceAsUser (ComponentName admin, 
                Intent serviceIntent, 
                ServiceConnection conn, 
                int flags, 
                UserHandle targetUser)

Called by a device owner to bind to a service from a profile owner or vice versa. See getBindDeviceAdminTargetUsers(ComponentName) for a definition of which device/profile owners are allowed to bind to services of another profile/device owner.

The service must be protected by BIND_DEVICE_ADMIN. Note that the Context used to obtain this DevicePolicyManager instance via getSystemService(Class) will be used to bind to the Service.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

serviceIntent Intent: Identifies the service to connect to. The Intent must specify either an explicit component name or a package name to match an IntentFilter published by a service.

conn ServiceConnection: Receives information as the service is started and stopped in main thread. This must be a valid ServiceConnection object; it must not be null.

This value must never be null.

flags int: Operation options for the binding operation. See bindService(Intent, ServiceConnection, int).

targetUser UserHandle: Which user to bind to. Must be one of the users returned by getBindDeviceAdminTargetUsers(ComponentName), otherwise a SecurityException will be thrown.

This value must never be null.

Returns
boolean If you have successfully bound to the service, true is returned; false is returned if the connection is not made and you will not receive the service object.

See also:

clearCrossProfileIntentFilters

added in API level 21
void clearCrossProfileIntentFilters (ComponentName admin)

Called by a profile owner of a managed profile to remove the cross-profile intent filters that go from the managed profile to the parent, or from the parent to the managed profile. Only removes those that have been set by the profile owner.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Throws
SecurityException if admin is not a device or profile owner.

clearDeviceOwnerApp

added in API level 21
void clearDeviceOwnerApp (String packageName)

This method was deprecated in API level O.
This method is expected to be used for testing purposes only. The device owner will lose control of the device and its data after calling it. In order to protect any sensitive data that remains on the device, it is advised that the device owner factory resets the device instead of calling this method. See wipeData(int).

Clears the current device owner. The caller must be the device owner. This function should be used cautiously as once it is called it cannot be undone. The device owner can only be set as a part of device setup, before it completes.

While some policies previously set by the device owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the device owner is cleared.

Parameters
packageName String: The package name of the device owner.

Throws
SecurityException if the caller is not in packageName or packageName does not own the current device owner component.

clearPackagePersistentPreferredActivities

added in API level 21
void clearPackagePersistentPreferredActivities (ComponentName admin, 
                String packageName)

Called by a profile owner or device owner to remove all persistent intent handler preferences associated with the given package that were set by addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName).

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageName String: The name of the package for which preferences are removed.

Throws
SecurityException if admin is not a device or profile owner.

clearProfileOwner

added in API level 24
void clearProfileOwner (ComponentName admin)

This method was deprecated in API level O.
This method is expected to be used for testing purposes only. The profile owner will lose control of the user and its data after calling it. In order to protect any sensitive data that remains on this user, it is advised that the profile owner deletes it instead of calling this method. See wipeData(int).

Clears the active profile owner. The caller must be the profile owner of this user, otherwise a SecurityException will be thrown. This method is not available to managed profile owners.

While some policies previously set by the profile owner will be cleared by this method, it is a best-effort process and some other policies will still remain in place after the profile owner is cleared.

Parameters
admin ComponentName: The component to remove as the profile owner.

This value must never be null.

Throws
SecurityException if admin is not an active profile owner, or the method is being called from a managed profile.

clearResetPasswordToken

boolean clearResetPasswordToken (ComponentName admin)

Called by a profile or device owner to revoke the current password reset token.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

Returns
boolean true if the operation is successful, false otherwise.

clearUserRestriction

added in API level 21
void clearUserRestriction (ComponentName admin, 
                String key)

Called by a profile or device owner to clear a user restriction specified by the key.

The calling device admin must be a profile or device owner; if it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

key String: The key of the restriction. See the constants in UserManager for the list of keys.

Throws
SecurityException if admin is not a device or profile owner.

createAdminSupportIntent

Intent createAdminSupportIntent (String restriction)

Called by any app to display a support dialog when a feature was disabled by an admin. This returns an intent that can be used with startActivity(Intent) to display the dialog. It will tell the user that the feature indicated by restriction was disabled by an admin, and include a link for more information. The default content of the dialog can be changed by the restricting admin via setShortSupportMessage(ComponentName, CharSequence). If the restriction is not set (i.e. the feature is available), then the return value will be null.

Parameters
restriction String: Indicates for which feature the dialog should be displayed. Can be a user restriction from UserManager, e.g. DISALLOW_ADJUST_VOLUME, or one of the constants POLICY_DISABLE_CAMERA or POLICY_DISABLE_SCREEN_CAPTURE.

This value must never be null.

Returns
Intent Intent An intent to be used to start the dialog-activity if the restriction is set by an admin, or null if the restriction does not exist or no admin set it.

createAndManageUser

added in API level 24
UserHandle createAndManageUser (ComponentName admin, 
                String name, 
                ComponentName profileOwner, 
                PersistableBundle adminExtras, 
                int flags)

Called by a device owner to create a user with the specified name and a given component of the calling package as profile owner. The UserHandle returned by this method should not be persisted as user handles are recycled as users are removed and created. If you need to persist an identifier for this user, use getSerialNumberForUser(UserHandle). The new user will not be started in the background.

admin is the DeviceAdminReceiver which is the device owner. profileOwner is also a DeviceAdminReceiver in the same package as admin, and will become the profile owner and will be registered as an active admin on the new user. The profile owner package will be installed on the new user.

If the adminExtras are not null, they will be stored on the device until the user is started for the first time. Then the extras will be passed to the admin when onEnable is called.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

name String: The user's name.

This value must never be null.

profileOwner ComponentName: Which DeviceAdminReceiver will be profile owner. Has to be in the same package as admin, otherwise no user is created and an IllegalArgumentException is thrown.

This value must never be null.

adminExtras PersistableBundle: Extras that will be passed to onEnable of the admin receiver on the new user.

This value may be null.

flags int: SKIP_SETUP_WIZARD is supported.

Returns
UserHandle the UserHandle object for the created user, or null if the user could not be created.

This value may be null.

Throws
SecurityException if admin is not a device owner.

See also:

enableSystemApp

added in API level 21
int enableSystemApp (ComponentName admin, 
                Intent intent)

Re-enable system apps by intent that were disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is an enable system app delegate.

This value must never be null.

intent Intent: An intent matching the app(s) to be installed. All apps that resolve for this intent will be re-enabled in the calling profile.

Returns
int int The number of activities that matched the intent and were installed.

Throws
SecurityException if admin is not a device or profile owner.

See also:

enableSystemApp

added in API level 21
void enableSystemApp (ComponentName admin, 
                String packageName)

Re-enable a system app that was disabled by default when the user was initialized. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_ENABLE_SYSTEM_APP scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is an enable system app delegate.

This value must never be null.

packageName String: The package to be re-enabled in the calling profile.

Throws
SecurityException if admin is not a device or profile owner.

See also:

getAccountTypesWithManagementDisabled

added in API level 21
String[] getAccountTypesWithManagementDisabled ()

Gets the array of accounts for which account management is disabled by the profile owner.

Account management can be disabled/enabled by calling setAccountManagementDisabled(ComponentName, String, boolean).

Returns
String[] a list of account types for which account management has been disabled.

This value may be null.

See also:

getActiveAdmins

added in API level 8
List<ComponentName> getActiveAdmins ()

Return a list of all currently active device administrators' component names. If there are no administrators null may be returned.

Returns
List<ComponentName>

This value may be null.

getAffiliationIds

Set<String> getAffiliationIds (ComponentName admin)

Returns the set of affiliation ids previously set via setAffiliationIds(ComponentName, Set), or an empty set if none have been set.

Parameters
admin ComponentName

This value must never be null.

Returns
Set<String>

This value will never be null.

getAlwaysOnVpnPackage

added in API level 24
String getAlwaysOnVpnPackage (ComponentName admin)

Called by a device or profile owner to read the name of the package administering an always-on VPN connection for the current user. If there is no such package, or the always-on VPN is provided by the system instead of by an application, null will be returned.

Parameters
admin ComponentName

This value must never be null.

Returns
String Package name of VPN controller responsible for always-on VPN, or null if none is set.

This value may be null.

Throws
SecurityException if admin is not a device or a profile owner.

getApplicationRestrictions

added in API level 21
Bundle getApplicationRestrictions (ComponentName admin, 
                String packageName)

Retrieves the application restrictions for a given target application running in the calling user.

The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setDelegatedScopes(ComponentName, String, List) with the DELEGATION_APP_RESTRICTIONS scope; otherwise a security exception will be thrown.

NOTE: The method performs disk I/O and shouldn't be called on the main thread

This method may take several seconds to complete, so it should only be called from a worker thread.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if called by the application restrictions managing package.

This value may be null.

packageName String: The name of the package to fetch restricted settings of.

Returns
Bundle Bundle of settings corresponding to what was set last time setApplicationRestrictions(ComponentName, String, Bundle) was called, or an empty Bundle if no restrictions have been set.

This value will never be null.

Throws
SecurityException if admin is not a device or profile owner.

See also:

getApplicationRestrictionsManagingPackage

added in API level 24
String getApplicationRestrictionsManagingPackage (ComponentName admin)

This method was deprecated in API level O.
From O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_APP_RESTRICTIONS scope instead.

Called by a profile owner or device owner to retrieve the application restrictions managing package for the current user, or null if none is set. If there are multiple delegates this function will return one of them.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
String The package name allowed to manage application restrictions on the current user, or null if none is set.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

getAutoTimeRequired

added in API level 21
boolean getAutoTimeRequired ()

Returns
boolean true if auto time is required.

getBindDeviceAdminTargetUsers

List<UserHandle> getBindDeviceAdminTargetUsers (ComponentName admin)

Returns the list of target users that the calling device or profile owner can use when calling bindDeviceAdminServiceAsUser(ComponentName, Intent, ServiceConnection, int, UserHandle).

A device owner can bind to a service from a profile owner and vice versa, provided that:

Parameters
admin ComponentName

This value must never be null.

Returns
List<UserHandle>

This value will never be null.

getBluetoothContactSharingDisabled

added in API level 23
boolean getBluetoothContactSharingDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not Bluetooth devices cannot access enterprise contacts.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

This API works on managed profile only.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
boolean

Throws
SecurityException if admin is not a device or profile owner.

getCameraDisabled

added in API level 14
boolean getCameraDisabled (ComponentName admin)

Determine whether or not the device's cameras have been disabled for this user, either by the calling admin, if specified, or all admins.

Parameters
admin ComponentName: The name of the admin component to check, or null to check whether any admins have disabled the camera

This value may be null.

Returns
boolean

getCertInstallerPackage

added in API level 23
String getCertInstallerPackage (ComponentName admin)

This method was deprecated in API level O.
From O. Use getDelegatePackages(ComponentName, String) with the DELEGATION_CERT_INSTALL scope instead.

Called by a profile owner or device owner to retrieve the certificate installer for the user, or null if none is set. If there are multiple delegates this function will return one of them.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
String The package name of the current delegated certificate installer, or null if none is set.

This value may be null.

Throws
SecurityException if admin is not a device or a profile owner.

getCrossProfileCallerIdDisabled

added in API level 21
boolean getCrossProfileCallerIdDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not caller-Id information has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
boolean

Throws
SecurityException if admin is not a device or profile owner.

getCrossProfileContactsSearchDisabled

added in API level 24
boolean getCrossProfileContactsSearchDisabled (ComponentName admin)

Called by a profile owner of a managed profile to determine whether or not contacts search has been disabled.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
boolean

Throws
SecurityException if admin is not a device or profile owner.

getCrossProfileWidgetProviders

added in API level 21
List<String> getCrossProfileWidgetProviders (ComponentName admin)

Called by the profile owner of a managed profile to query providers from which packages are available in the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
List<String> The white-listed package list.

This value will never be null.

Throws
SecurityException if admin is not a profile owner.

See also:

getCurrentFailedPasswordAttempts

added in API level 8
int getCurrentFailedPasswordAttempts ()

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the number of failed password attemts for the parent user.

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

Returns
int The number of times user has entered an incorrect password since the last correct password entry.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_WATCH_LOGIN

getDelegatePackages

List<String> getDelegatePackages (ComponentName admin, 
                String delegationScope)

Called by a profile owner or device owner to retrieve a list of delegate packages that were granted a delegation scope.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

delegationScope String: The scope whose delegates should be retrieved.

This value must never be null.

Returns
List<String> A list of package names of the current delegated packages for delegationScope.

This value may be null.

Throws
SecurityException if admin is not a device or a profile owner.

getDelegatedScopes

List<String> getDelegatedScopes (ComponentName admin, 
                String delegatedPackage)

Called by a profile owner or device owner to retrieve a list of the scopes given to a delegate package. Other apps can use this method to retrieve their own delegated scopes by passing null for admin and their own package name as delegatedPackage.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is delegatedPackage.

This value may be null.

delegatedPackage String: The package name of the app whose scopes should be retrieved.

This value must never be null.

Returns
List<String> A list containing the scopes given to delegatedPackage.

This value will never be null.

Throws
SecurityException if admin is not a device or a profile owner.

getDeviceOwnerLockScreenInfo

added in API level 24
CharSequence getDeviceOwnerLockScreenInfo ()

Returns
CharSequence The device owner information. If it is not set returns null.

getInstalledCaCerts

added in API level 21
List<byte[]> getInstalledCaCerts (ComponentName admin)

Returns all CA certificates that are currently trusted, excluding system CA certificates. If a user has installed any certificates by other means than device policy these will be included too.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

Returns
List<byte[]> a List of byte[] arrays, each encoding one user CA certificate.

This value will never be null.

Throws
SecurityException if admin is not null and not a device or profile owner.

getKeyguardDisabledFeatures

added in API level 17
int getKeyguardDisabledFeatures (ComponentName admin)

Determine whether or not features have been disabled in keyguard either by the calling admin, if specified, or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to check whether any admins have disabled features in keyguard.

This value may be null.

Returns
int bitfield of flags. See setKeyguardDisabledFeatures(ComponentName, int) for a list.

getLockTaskPackages

String[] getLockTaskPackages (ComponentName admin)

Returns the list of packages allowed to start the lock task mode.

Parameters
admin ComponentName

This value must never be null.

Returns
String[]

This value will never be null.

Throws
SecurityException if admin is not the device owner, or the profile owner of an affiliated user or profile.

See also:

getLongSupportMessage

added in API level 24
CharSequence getLongSupportMessage (ComponentName admin)

Called by a device admin to get the long support message.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
CharSequence The message set by setLongSupportMessage(ComponentName, CharSequence) or null if no message has been set.

This value may be null.

Throws
SecurityException if admin is not an active administrator.

getMaximumFailedPasswordsForWipe

added in API level 8
int getMaximumFailedPasswordsForWipe (ComponentName admin)

Retrieve the current maximum number of login attempts that are allowed before the device or profile is wiped, for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the value for the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int

getMaximumTimeToLock

added in API level 8
long getMaximumTimeToLock (ComponentName admin)

Retrieve the current maximum time to unlock for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
long time in milliseconds for the given admin or the minimum value (strictest) of all admins if admin is null. Returns 0 if there are no restrictions.

getOrganizationColor

added in API level 24
int getOrganizationColor (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the color used for customization. This color is used as background color of the confirm credentials screen for that user.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
int The 24bit (0xRRGGBB) representation of the color to be used.

Throws
SecurityException if admin is not a profile owner.

getOrganizationName

added in API level 24
CharSequence getOrganizationName (ComponentName admin)

Called by a profile owner of a managed profile to retrieve the name of the organization under management.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
CharSequence The organization name or null if none is set.

This value may be null.

Throws
SecurityException if admin is not a profile owner.

getParentProfileInstance

added in API level 24
DevicePolicyManager getParentProfileInstance (ComponentName admin)

Called by the profile owner of a managed profile to obtain a DevicePolicyManager whose calls act on the parent profile.

The following methods are supported for the parent instance, all other methods will throw a SecurityException when called on the parent instance:

Parameters
admin ComponentName

This value must never be null.

Returns
DevicePolicyManager a new instance of DevicePolicyManager that acts on the parent profile.

This value will never be null.

Throws
SecurityException if admin is not a profile owner.

getPasswordExpiration

added in API level 11
long getPasswordExpiration (ComponentName admin)

Get the current password expiration time for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. If admin is null, then a composite of all expiration times is returned - which will be the minimum of all of them.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the password expiration for the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
long The password expiration time, in milliseconds since epoch.

getPasswordExpirationTimeout

added in API level 11
long getPasswordExpirationTimeout (ComponentName admin)

Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given admin or the aggregate of all participating policy administrators if admin is null. Admins that have set restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
long The timeout for the given admin or the minimum of all timeouts

getPasswordHistoryLength

added in API level 11
int getPasswordHistoryLength (ComponentName admin)

Retrieve the current password history length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The length of the password history

getPasswordMaximumLength

added in API level 8
int getPasswordMaximumLength (int quality)

Return the maximum password length that the device supports for a particular password quality.

Parameters
quality int: The quality being interrogated.

Returns
int Returns the maximum length that the user can enter.

getPasswordMinimumLength

added in API level 8
int getPasswordMinimumLength (ComponentName admin)

Retrieve the current minimum password length for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile. user and its profiles or a particular one.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int

getPasswordMinimumLetters

added in API level 11
int getPasswordMinimumLetters (ComponentName admin)

Retrieve the current number of letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of letters required in the password.

getPasswordMinimumLowerCase

added in API level 11
int getPasswordMinimumLowerCase (ComponentName admin)

Retrieve the current number of lower case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of lower case letters required in the password.

getPasswordMinimumNonLetter

added in API level 11
int getPasswordMinimumNonLetter (ComponentName admin)

Retrieve the current number of non-letter characters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of letters required in the password.

getPasswordMinimumNumeric

added in API level 11
int getPasswordMinimumNumeric (ComponentName admin)

Retrieve the current number of numerical digits required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of numerical digits required in the password.

getPasswordMinimumSymbols

added in API level 11
int getPasswordMinimumSymbols (ComponentName admin)

Retrieve the current number of symbols required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of symbols required in the password.

getPasswordMinimumUpperCase

added in API level 11
int getPasswordMinimumUpperCase (ComponentName admin)

Retrieve the current number of upper case letters required in the password for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. This is the same value as set by setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int The minimum number of upper case letters required in the password.

getPasswordQuality

added in API level 8
int getPasswordQuality (ComponentName admin)

Retrieve the current minimum password quality for a particular admin or all admins that set restrictions on this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate all admins.

This value may be null.

Returns
int

getPendingSystemUpdate

SystemUpdateInfo getPendingSystemUpdate (ComponentName admin)

Called by device or profile owners to get information about a pending system update.

Parameters
admin ComponentName: Which profile or device owner this request is associated with.

This value must never be null.

Returns
SystemUpdateInfo Information about a pending system update or null if no update pending.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

See also:

getPermissionGrantState

added in API level 23
int getPermissionGrantState (ComponentName admin, 
                String packageName, 
                String permission)

Returns the current grant state of a runtime permission for a specific application. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PERMISSION_GRANT scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which profile or device owner this request is associated with, or null if the caller is a permission grant delegate.

This value may be null.

packageName String: The application to check the grant state for.

permission String: The permission to check for.

Returns
int the current grant state specified by device policy. If the profile or device owner has not set a grant state, the return value is PERMISSION_GRANT_STATE_DEFAULT. This does not indicate whether or not the permission is currently granted for the package.

If a grant state was set by the profile or device owner, then the return value will be one of PERMISSION_GRANT_STATE_DENIED or PERMISSION_GRANT_STATE_GRANTED, which indicates if the permission is currently denied or granted.

Throws
SecurityException if admin is not a device or profile owner.

See also:

getPermissionPolicy

added in API level 23
int getPermissionPolicy (ComponentName admin)

Returns the current runtime permission policy set by the device or profile owner. The default is PERMISSION_POLICY_PROMPT.

Parameters
admin ComponentName: Which profile or device owner this request is associated with.

Returns
int the current policy for future permission requests.

getPermittedAccessibilityServices

added in API level 21
List<String> getPermittedAccessibilityServices (ComponentName admin)

Returns the list of permitted accessibility services set by this device or profile owner.

An empty list means no accessibility services except system services are allowed. Null means all accessibility services are allowed.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
List<String> List of accessiblity service package names.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

getPermittedCrossProfileNotificationListeners

List<String> getPermittedCrossProfileNotificationListeners (ComponentName admin)

Returns the list of packages installed on the primary user that allowed to use a NotificationListenerService to receive notifications from this managed profile, as set by the profile owner.

An empty list means no notification listener services except system ones are allowed. A null return value indicates that all notification listeners are allowed.

Parameters
admin ComponentName

This value must never be null.

Returns
List<String>

This value may be null.

getPermittedInputMethods

added in API level 21
List<String> getPermittedInputMethods (ComponentName admin)

Returns the list of permitted input methods set by this device or profile owner.

An empty list means no input methods except system input methods are allowed. Null means all input methods are allowed.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
List<String> List of input method package names.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

getRequiredStrongAuthTimeout

long getRequiredStrongAuthTimeout (ComponentName admin)

Determine for how long the user will be able to use secondary, non strong auth for authentication, since last strong method authentication (password, pin or pattern) was used. After the returned timeout the user is required to use strong authentication method.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve restrictions on the parent profile.

Parameters
admin ComponentName: The name of the admin component to check, or null to aggregate accross all participating admins.

This value may be null.

Returns
long The timeout in milliseconds or 0 if not configured for the provided admin.

getScreenCaptureDisabled

added in API level 21
boolean getScreenCaptureDisabled (ComponentName admin)

Determine whether or not screen capture has been disabled by the calling admin, if specified, or all admins.

Parameters
admin ComponentName: The name of the admin component to check, or null to check whether any admins have disabled screen capture.

This value may be null.

Returns
boolean

getShortSupportMessage

added in API level 24
CharSequence getShortSupportMessage (ComponentName admin)

Called by a device admin to get the short support message.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
CharSequence The message set by setShortSupportMessage(ComponentName, CharSequence) or null if no message has been set.

Throws
SecurityException if admin is not an active administrator.

getStorageEncryption

added in API level 11
boolean getStorageEncryption (ComponentName admin)

Called by an application that is administering the device to determine the requested setting for secure storage.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with. If null, this will return the requested encryption setting as an aggregate of all active administrators.

This value may be null.

Returns
boolean true if the admin(s) are requesting encryption, false if not.

getStorageEncryptionStatus

added in API level 11
int getStorageEncryptionStatus ()

Called by an application that is administering the device to determine the current encryption status of the device.

Depending on the returned status code, the caller may proceed in different ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED, the storage system does not support encryption. If the result is ENCRYPTION_STATUS_INACTIVE, use ACTION_START_ENCRYPTION to begin the process of encrypting or decrypting the storage. If the result is ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, the storage system has enabled encryption but no password is set so further action may be required. If the result is ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE or ENCRYPTION_STATUS_ACTIVE_PER_USER, no further action is required.

Returns
int current status of encryption. The value will be one of ENCRYPTION_STATUS_UNSUPPORTED, ENCRYPTION_STATUS_INACTIVE, ENCRYPTION_STATUS_ACTIVATING, ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY, ENCRYPTION_STATUS_ACTIVE, or ENCRYPTION_STATUS_ACTIVE_PER_USER.

getSystemUpdatePolicy

added in API level 23
SystemUpdatePolicy getSystemUpdatePolicy ()

Retrieve a local system update policy set previously by setSystemUpdatePolicy(ComponentName, SystemUpdatePolicy).

Returns
SystemUpdatePolicy The current policy object, or null if no policy is set.

This value may be null.

getTrustAgentConfiguration

added in API level 23
List<PersistableBundle> getTrustAgentConfiguration (ComponentName admin, 
                ComponentName agent)

Gets configuration for the given trust agent based on aggregating all calls to setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for all device admins.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to retrieve the configuration set on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with. If null, this function returns a list of configurations for all admins that declare KEYGUARD_DISABLE_TRUST_AGENTS. If any admin declares KEYGUARD_DISABLE_TRUST_AGENTS but doesn't call setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle) for this or calls it with a null configuration, null is returned.

This value may be null.

agent ComponentName: Which component to get enabled features for.

This value must never be null.

Returns
List<PersistableBundle> configuration for the given trust agent.

This value may be null.

getUserRestrictions

added in API level 24
Bundle getUserRestrictions (ComponentName admin)

Called by a profile or device owner to get user restrictions set with addUserRestriction(ComponentName, String).

The target user may have more restrictions set by the system or other device owner / profile owner. To get all the user restrictions currently set, use getUserRestrictions().

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
Bundle

This value will never be null.

Throws
SecurityException if admin is not a device or profile owner.

getWifiMacAddress

added in API level 24
String getWifiMacAddress (ComponentName admin)

Called by device owner to get the MAC address of the Wi-Fi device.

Parameters
admin ComponentName: Which device owner this request is associated with.

This value must never be null.

Returns
String the MAC address of the Wi-Fi device, or null when the information is not available. (For example, Wi-Fi hasn't been enabled, or the device doesn't support Wi-Fi.)

The address will be in the XX:XX:XX:XX:XX:XX format.

This value may be null.

Throws
SecurityException if admin is not a device owner.

hasCaCertInstalled

added in API level 21
boolean hasCaCertInstalled (ComponentName admin, 
                byte[] certBuffer)

Returns whether this certificate is installed as a trusted CA.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

certBuffer byte: encoded form of the certificate to look up.

Returns
boolean

Throws
SecurityException if admin is not null and not a device or profile owner.

hasGrantedPolicy

added in API level 11
boolean hasGrantedPolicy (ComponentName admin, 
                int usesPolicy)

Returns true if an administrator has been granted a particular device policy. This can be used to check whether the administrator was activated under an earlier set of policies, but requires additional policies after an upgrade.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with. Must be an active administrator, or an exception will be thrown.

This value must never be null.

usesPolicy int: Which uses-policy to check, as defined in DeviceAdminInfo.

Returns
boolean

Throws
SecurityException if admin is not an active administrator.

installCaCert

added in API level 21
boolean installCaCert (ComponentName admin, 
                byte[] certBuffer)

Installs the given certificate as a user CA. The caller must be a profile or device owner on that user, or a delegate package given the DELEGATION_CERT_INSTALL scope via setDelegatedScopes(ComponentName, String, List); otherwise a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

certBuffer byte: encoded form of the certificate to install.

Returns
boolean false if the certBuffer cannot be parsed or installation is interrupted, true otherwise.

Throws
SecurityException if admin is not null and not a device or profile owner.

See also:

installKeyPair

added in API level 24
boolean installKeyPair (ComponentName admin, 
                PrivateKey privKey, 
                Certificate[] certs, 
                String alias, 
                boolean requestAccess)

Called by a device or profile owner, or delegated certificate installer, to install a certificate chain and corresponding private key for the leaf certificate. All apps within the profile will be able to access the certificate chain and use the private key, given direct user approval.

The caller of this API may grant itself access to the certificate and private key immediately, without user approval. It is a best practice not to request this unless strictly necessary since it opens up additional security vulnerabilities.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

privKey PrivateKey: The private key to install.

This value must never be null.

certs Certificate: The certificate chain to install. The chain should start with the leaf certificate and include the chain of trust in order. This will be returned by getCertificateChain(Context, String).

This value must never be null.

alias String: The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.

This value must never be null.

requestAccess boolean: true to request that the calling app be granted access to the credentials immediately. Otherwise, access to the credentials will be gated by user approval.

Returns
boolean true if the keys were installed, false otherwise.

Throws
SecurityException if admin is not null and not a device or profile owner.

See also:

installKeyPair

added in API level 21
boolean installKeyPair (ComponentName admin, 
                PrivateKey privKey, 
                Certificate cert, 
                String alias)

Called by a device or profile owner, or delegated certificate installer, to install a certificate and corresponding private key. All apps within the profile will be able to access the certificate and use the private key, given direct user approval.

Access to the installed credentials will not be granted to the caller of this API without direct user approval. This is for security - should a certificate installer become compromised, certificates it had already installed will be protected.

If the installer must have access to the credentials, call installKeyPair(ComponentName, PrivateKey, Certificate[], String, boolean) instead.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

privKey PrivateKey: The private key to install.

This value must never be null.

cert Certificate: The certificate to install.

This value must never be null.

alias String: The private key alias under which to install the certificate. If a certificate with that alias already exists, it will be overwritten.

This value must never be null.

Returns
boolean true if the keys were installed, false otherwise.

Throws
SecurityException if admin is not null and not a device or profile owner.

See also:

isActivePasswordSufficient

added in API level 8
boolean isActivePasswordSufficient ()

Determine whether the current password the user has set is sufficient to meet the policy requirements (e.g. quality, minimum length) that have been requested by the admins of this user and its participating profiles. Restrictions on profiles that have a separate challenge are not taken into account. The user must be unlocked in order to perform the check.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to determine if the password set on the parent profile is sufficient.

Returns
boolean Returns true if the password meets the current requirements, else false.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_LIMIT_PASSWORD
if the user is not unlocked.

isAdminActive

added in API level 8
boolean isAdminActive (ComponentName admin)

Return true if the given administrator component is currently active (enabled) in the system.

Parameters
admin ComponentName: The administrator component to check for.

This value must never be null.

Returns
boolean true if admin is currently enabled in the system, false otherwise

isApplicationHidden

added in API level 21
boolean isApplicationHidden (ComponentName admin, 
                String packageName)

Determine if a package is hidden. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PACKAGE_ACCESS scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is a package access delegate.

This value must never be null.

packageName String: The name of the package to retrieve the hidden status of.

Returns
boolean boolean true if the package is hidden, false otherwise.

Throws
SecurityException if admin is not a device or profile owner.

See also:

isBackupServiceEnabled

boolean isBackupServiceEnabled (ComponentName admin)

Return whether the backup service is enabled by the device owner.

Backup service manages all backup and restore mechanisms on the device.

Parameters
admin ComponentName

This value must never be null.

Returns
boolean true if backup service is enabled, false otherwise.

See also:

isCallerApplicationRestrictionsManagingPackage

added in API level 24
boolean isCallerApplicationRestrictionsManagingPackage ()

This method was deprecated in API level O.
From O. Use getDelegatedScopes(ComponentName, String) instead.

Called by any application to find out whether it has been granted permission via setApplicationRestrictionsManagingPackage(ComponentName, String) to manage application restrictions for the calling user.

This is done by comparing the calling Linux uid with the uid of the package specified by that method.

Returns
boolean

isDeviceOwnerApp

added in API level 18
boolean isDeviceOwnerApp (String packageName)

Used to determine if a particular package has been registered as a Device Owner app. A device owner app is a special device admin that cannot be deactivated by the user, once activated as a device admin. It also cannot be uninstalled. To check whether a particular package is currently registered as the device owner app, pass in the package name from getPackageName() to this method.

This is useful for device admin apps that want to check whether they are also registered as the device owner app. The exact mechanism by which a device admin app is registered as a device owner app is defined by the setup process.

Parameters
packageName String: the package name of the app, to compare with the registered device owner app, if any.

Returns
boolean whether or not the package is registered as the device owner app.

isLockTaskPermitted

added in API level 21
boolean isLockTaskPermitted (String pkg)

This function lets the caller know whether the given component is allowed to start the lock task mode.

Parameters
pkg String: The package to check

Returns
boolean

isManagedProfile

added in API level 24
boolean isManagedProfile (ComponentName admin)

Return if this user is a managed profile of another user. An admin can become the profile owner of a managed profile with ACTION_PROVISION_MANAGED_PROFILE and of a managed user with createAndManageUser(ComponentName, String, ComponentName, PersistableBundle, int)

Parameters
admin ComponentName: Which profile owner this request is associated with.

This value must never be null.

Returns
boolean if this user is a managed profile of another user.

isMasterVolumeMuted

added in API level 21
boolean isMasterVolumeMuted (ComponentName admin)

Called by profile or device owners to check whether the master volume mute is on or off.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
boolean true if master volume is muted, false if it's not.

Throws
SecurityException if admin is not a device or profile owner.

isNetworkLoggingEnabled

boolean isNetworkLoggingEnabled (ComponentName admin)

Return whether network logging is enabled by a device owner.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with. Can only be null if the caller has MANAGE_USERS permission.

This value may be null.

Returns
boolean true if network logging is enabled by device owner, false otherwise.

Throws
SecurityException if admin is not a device owner and caller has no MANAGE_USERS permission

isPackageSuspended

added in API level 24
boolean isPackageSuspended (ComponentName admin, 
                String packageName)

Determine if a package is suspended. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PACKAGE_ACCESS scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is a package access delegate.

This value must never be null.

packageName String: The name of the package to retrieve the suspended status of.

Returns
boolean true if the package is suspended or false if the package is not suspended, could not be found or an error occurred.

Throws
SecurityException if admin is not a device or profile owner.
PackageManager.NameNotFoundException if the package could not be found.

See also:

isProfileOwnerApp

added in API level 21
boolean isProfileOwnerApp (String packageName)

Used to determine if a particular package is registered as the profile owner for the user. A profile owner is a special device admin that has additional privileges within the profile.

Parameters
packageName String: The package name of the app to compare with the registered profile owner.

Returns
boolean Whether or not the package is registered as the profile owner.

isProvisioningAllowed

added in API level 24
boolean isProvisioningAllowed (String action)

Returns whether it is possible for the caller to initiate provisioning of a managed profile or device, setting itself as the device or profile owner.

Parameters
action String: One of ACTION_PROVISION_MANAGED_DEVICE, ACTION_PROVISION_MANAGED_PROFILE.

This value must never be null.

Returns
boolean whether provisioning a managed profile or device is possible.

Throws
IllegalArgumentException if the supplied action is not valid.

isResetPasswordTokenActive

boolean isResetPasswordTokenActive (ComponentName admin)

Called by a profile or device owner to check if the current reset password token is active.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

Returns
boolean true if the token is active, false otherwise.

Throws
IllegalStateException if no token has been set.

isSecurityLoggingEnabled

added in API level 24
boolean isSecurityLoggingEnabled (ComponentName admin)

Return whether security logging is enabled or not by the device owner.

Can only be called by the device owner, otherwise a SecurityException will be thrown.

Parameters
admin ComponentName: Which device owner this request is associated with.

This value may be null.

Returns
boolean true if security logging is enabled by device owner, false otherwise.

Throws
SecurityException if admin is not a device owner.

isUninstallBlocked

added in API level 21
boolean isUninstallBlocked (ComponentName admin, 
                String packageName)

Check whether the user has been blocked by device policy from uninstalling a package. Requires the caller to be the profile owner if checking a specific admin's policy.

Note: Starting from LOLLIPOP_MR1, the behavior of this API is changed such that passing null as the admin parameter will return if any admin has blocked the uninstallation. Before L MR1, passing null will cause a NullPointerException to be raised.

Parameters
admin ComponentName: The name of the admin component whose blocking policy will be checked, or null to check whether any admin has blocked the uninstallation.

This value may be null.

packageName String: package to check.

Returns
boolean true if uninstallation is blocked.

Throws
SecurityException if admin is not a device or profile owner.

lockNow

added in API level 8
void lockNow ()

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to lock the parent profile.

Equivalent to calling lockNow(int) with no flags.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_FORCE_LOCK

lockNow

void lockNow (int flags)

Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to lock the parent profile.

Parameters
flags int: May be 0 or FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_FORCE_LOCK or the FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY flag is passed by an application that is not a profile owner of a managed profile.
IllegalArgumentException if the FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY flag is passed when locking the parent profile.
UnsupportedOperationException if the FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY flag is passed when getStorageEncryptionStatus() does not return ENCRYPTION_STATUS_ACTIVE_PER_USER.

reboot

added in API level 24
void reboot (ComponentName admin)

Called by device owner to reboot the device. If there is an ongoing call on the device, throws an IllegalStateException.

Parameters
admin ComponentName: Which device owner the request is associated with.

This value must never be null.

Throws
IllegalStateException if device has an ongoing call.
SecurityException if admin is not a device owner.

See also:

removeActiveAdmin

added in API level 8
void removeActiveAdmin (ComponentName admin)

Remove a current administration component. This can only be called by the application that owns the administration component; if you try to remove someone else's component, a security exception will be thrown.

Note that the operation is not synchronous and the admin might still be active (as indicated by getActiveAdmins()) by the time this method returns.

Parameters
admin ComponentName: The administration compononent to remove.

This value must never be null.

Throws
SecurityException if the caller is not in the owner application of admin.

removeCrossProfileWidgetProvider

added in API level 21
boolean removeCrossProfileWidgetProvider (ComponentName admin, 
                String packageName)

Called by the profile owner of a managed profile to disable widget providers from a given package to be available in the parent profile. For this method to take effect the package should have been added via addCrossProfileWidgetProvider(android.content.ComponentName, String).

Note: By default no widget provider package is white-listed.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageName String: The package from which widget providers are no longer white-listed.

Returns
boolean Whether the package was removed.

Throws
SecurityException if admin is not a profile owner.

See also:

removeKeyPair

added in API level 24
boolean removeKeyPair (ComponentName admin, 
                String alias)

Called by a device or profile owner, or delegated certificate installer, to remove a certificate and private key pair installed under a given alias.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

alias String: The private key alias under which the certificate is installed.

This value must never be null.

Returns
boolean true if the private key alias no longer exists, false otherwise.

Throws
SecurityException if admin is not null and not a device or profile owner.

See also:

removeUser

added in API level 21
boolean removeUser (ComponentName admin, 
                UserHandle userHandle)

Called by a device owner to remove a user and all associated data. The primary user can not be removed.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

userHandle UserHandle: the user to remove.

Returns
boolean true if the user was removed, false otherwise.

Throws
SecurityException if admin is not a device owner.

requestBugreport

added in API level 24
boolean requestBugreport (ComponentName admin)

Called by a device owner to request a bugreport.

If the device contains secondary users or profiles, they must be affiliated with the device owner user. Otherwise a SecurityException will be thrown. See setAffiliationIds(ComponentName, Set).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Returns
boolean true if the bugreport collection started successfully, or false if it wasn't triggered because a previous bugreport operation is still active (either the bugreport is still running or waiting for the user to share or decline)

Throws
SecurityException if admin is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device owner user.

resetPassword

added in API level 8
boolean resetPassword (String password, 
                int flags)

Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user. This takes effect immediately.

For device owner and profile owners targeting SDK level O or above, this API is no longer available and will throw SecurityException. Please use the new API resetPasswordWithToken(ComponentName, String, byte[], int) instead.

Note: This API has been limited as of N for device admins that are not device owner and not profile owner. The password can now only be changed if there is currently no password set. Device owner and profile owner can still do this when user is unlocked and does not have a managed profile.

The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

Calling with a null or empty password will clear any existing PIN, pattern or password if the current password constraints allow it. Note: This will not work in N and later for managed profiles, or for device admins that are not device owner or profile owner. Once set, the password cannot be changed to null or empty except by these admins.

The calling device admin must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Parameters
password String: The new password for the user. Null or empty clears the password.

flags int: May be 0 or combination of RESET_PASSWORD_REQUIRE_ENTRY and RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT.

Returns
boolean Returns true if the password was applied, or false if it is not acceptable for the current constraints or if the user has not been decrypted yet.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_RESET_PASSWORD
IllegalStateException if the calling user is locked or has a managed profile.
IllegalArgumentException if the password does not meet system requirements.

resetPasswordWithToken

boolean resetPasswordWithToken (ComponentName admin, 
                String password, 
                byte[] token, 
                int flags)

Called by device or profile owner to force set a new device unlock password or a managed profile challenge on current user. This takes effect immediately.

Unlike resetPassword(String, int), this API can change the password even before the user or device is unlocked or decrypted. The supplied token must have been previously provisioned via setResetPasswordToken(ComponentName, byte[]), and in active state isResetPasswordTokenActive(ComponentName).

The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName); if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

Calling with a null or empty password will clear any existing PIN, pattern or password if the current password constraints allow it.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

password String: The new password for the user. Null or empty clears the password.

token byte: the password reset token previously provisioned by #setResetPasswordToken.

flags int: May be 0 or combination of RESET_PASSWORD_REQUIRE_ENTRY and RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT.

Returns
boolean Returns true if the password was applied, or false if it is not acceptable for the current constraints.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_RESET_PASSWORD
IllegalStateException if the provided token is not valid.
IllegalArgumentException if the password does not meet system requirements.

retrieveNetworkLogs

List<NetworkEvent> retrieveNetworkLogs (ComponentName admin, 
                long batchToken)

Called by device owner to retrieve the most recent batch of network logging events. A device owner has to provide a batchToken provided as part of onNetworkLogsAvailable(Context, Intent, long, int) callback. If the token doesn't match the token of the most recent available batch of logs, null will be returned.

NetworkEvent can be one of DnsEvent or ConnectEvent.

The list of network events is sorted chronologically, and contains at most 1200 events.

Access to the logs is rate limited and this method will only return a new batch of logs after the device device owner has been notified via onNetworkLogsAvailable(Context, Intent, long, int).

If a secondary user or profile is created, calling this method will throw a SecurityException until all users become affiliated again. It will also no longer be possible to retrieve the network logs batch with the most recent batchToken provided by onNetworkLogsAvailable(Context, Intent, long, int). See setAffiliationIds(ComponentName, Set).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

batchToken long: A token of the batch to retrieve

Returns
List<NetworkEvent> A new batch of network logs which is a list of NetworkEvent. Returns null if the batch represented by batchToken is no longer available or if logging is disabled.

This value may be null.

Throws
SecurityException if admin is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device owner user.

See also:

retrievePreRebootSecurityLogs

added in API level 24
List<SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs (ComponentName admin)

Called by device owners to retrieve device logs from before the device's last reboot.

This API is not supported on all devices. Calling this API on unsupported devices will result in null being returned. The device logs are retrieved from a RAM region which is not guaranteed to be corruption-free during power cycles, as a result be cautious about data corruption when parsing.

If there is any other user or profile on the device, it must be affiliated with the device owner. Otherwise a SecurityException will be thrown. See setAffiliationIds(ComponentName, Set)

Parameters
admin ComponentName: Which device owner this request is associated with.

This value must never be null.

Returns
List<SecurityLog.SecurityEvent> Device logs from before the latest reboot of the system, or null if this API is not supported on the device.

This value may be null.

Throws
SecurityException if admin is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device owner user.

See also:

retrieveSecurityLogs

added in API level 24
List<SecurityLog.SecurityEvent> retrieveSecurityLogs (ComponentName admin)

Called by device owner to retrieve all new security logging entries since the last call to this API after device boots.

Access to the logs is rate limited and it will only return new logs after the device owner has been notified via onSecurityLogsAvailable(Context, Intent).

If there is any other user or profile on the device, it must be affiliated with the device owner. Otherwise a SecurityException will be thrown. See setAffiliationIds(ComponentName, Set)

Parameters
admin ComponentName: Which device owner this request is associated with.

This value must never be null.

Returns
List<SecurityLog.SecurityEvent> the new batch of security logs which is a list of SecurityLog.SecurityEvent, or null if rate limitation is exceeded or if logging is currently disabled.

This value may be null.

Throws
SecurityException if admin is not a device owner, or there is at least one profile or secondary user that is not affiliated with the device owner user.

See also:

setAccountManagementDisabled

added in API level 21
void setAccountManagementDisabled (ComponentName admin, 
                String accountType, 
                boolean disabled)

Called by a device owner or profile owner to disable account management for a specific type of account.

The calling device admin must be a device owner or profile owner. If it is not, a security exception will be thrown.

When account management is disabled for an account type, adding or removing an account of that type will not be possible.

From N the profile or device owner can still use AccountManager APIs to add or remove accounts when account management for a specific type is disabled.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

accountType String: For which account management is disabled or enabled.

disabled boolean: The boolean indicating that account management will be disabled (true) or enabled (false).

Throws
SecurityException if admin is not a device or profile owner.

setAffiliationIds

void setAffiliationIds (ComponentName admin, 
                Set<String> ids)

Indicates the entity that controls the device or profile owner. Two users/profiles are affiliated if the set of ids set by their device or profile owners intersect.

Note: Features that depend on user affiliation (such as security logging or bindDeviceAdminServiceAsUser(ComponentName, Intent, ServiceConnection, int, UserHandle)) won't be available when a secondary user or profile is created, until it becomes affiliated. Therefore it is recommended that the appropriate affiliation ids are set by its profile owner as soon as possible after the user/profile is created.

Parameters
admin ComponentName: Which profile or device owner this request is associated with.

This value must never be null.

ids Set: A set of opaque non-empty affiliation ids.

This value must never be null.

Throws
IllegalArgumentException if ids is null or contains an empty string.

setAlwaysOnVpnPackage

added in API level 24
void setAlwaysOnVpnPackage (ComponentName admin, 
                String vpnPackage, 
                boolean lockdownEnabled)

Called by a device or profile owner to configure an always-on VPN connection through a specific application for the current user. This connection is automatically granted and persisted after a reboot.

The designated package should declare a VpnService in its manifest guarded by BIND_VPN_SERVICE, otherwise the call will fail.

Parameters
admin ComponentName

This value must never be null.

vpnPackage String: The package name for an installed VPN app on the device, or null to remove an existing always-on VPN configuration.

This value may be null.

lockdownEnabled boolean: true to disallow networking when the VPN is not connected or false otherwise. This carries the risk that any failure of the VPN provider could break networking for all apps. This has no effect when clearing.

Throws
SecurityException if admin is not a device or a profile owner.
PackageManager.NameNotFoundException if vpnPackage is not installed.
UnsupportedOperationException if vpnPackage exists but does not support being set as always-on, or if always-on VPN is not available.

setApplicationHidden

added in API level 21
boolean setApplicationHidden (ComponentName admin, 
                String packageName, 
                boolean hidden)

Hide or unhide packages. When a package is hidden it is unavailable for use, but the data and actual package file remain. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PACKAGE_ACCESS scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is a package access delegate.

This value must never be null.

packageName String: The name of the package to hide or unhide.

hidden boolean: true if the package should be hidden, false if it should be unhidden.

Returns
boolean boolean Whether the hidden setting of the package was successfully updated.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setApplicationRestrictions

added in API level 21
void setApplicationRestrictions (ComponentName admin, 
                String packageName, 
                Bundle settings)

Sets the application restrictions for a given target application running in the calling user.

The caller must be a profile or device owner on that user, or the package allowed to manage application restrictions via setDelegatedScopes(ComponentName, String, List) with the DELEGATION_APP_RESTRICTIONS scope; otherwise a security exception will be thrown.

The provided Bundle consists of key-value pairs, where the types of values may be:

  • boolean
  • int
  • String or String[]
  • From M, Bundle or Bundle[]

If the restrictions are not available yet, but may be applied in the near future, the caller can notify the target application of that by adding KEY_RESTRICTIONS_PENDING to the settings parameter.

The application restrictions are only made visible to the target application via getApplicationRestrictions(String), in addition to the profile or device owner, and the application restrictions managing package via getApplicationRestrictions(ComponentName, String).

NOTE: The method performs disk I/O and shouldn't be called on the main thread

This method may take several seconds to complete, so it should only be called from a worker thread.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if called by the application restrictions managing package.

This value may be null.

packageName String: The name of the package to update restricted settings for.

settings Bundle: A Bundle to be parsed by the receiving application, conveying a new set of active restrictions.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setApplicationRestrictionsManagingPackage

added in API level 24
void setApplicationRestrictionsManagingPackage (ComponentName admin, 
                String packageName)

This method was deprecated in API level O.
From O. Use setDelegatedScopes(ComponentName, String, List) with the DELEGATION_APP_RESTRICTIONS scope instead.

Called by a profile owner or device owner to grant permission to a package to manage application restrictions for the calling user via setApplicationRestrictions(ComponentName, String, Bundle) and getApplicationRestrictions(ComponentName, String).

This permission is persistent until it is later cleared by calling this method with a null value or uninstalling the managing package.

The supplied application restriction managing package must be installed when calling this API, otherwise an PackageManager.NameNotFoundException will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageName String: The package name which will be given access to application restrictions APIs. If null is given the current package will be cleared.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.
PackageManager.NameNotFoundException if packageName is not found

setAutoTimeRequired

added in API level 21
void setAutoTimeRequired (ComponentName admin, 
                boolean required)

Called by a device or profile owner to set whether auto time is required. If auto time is required, no user will be able set the date and time and network date and time will be used.

Note: if auto time is required the user can still manually set the time zone.

The calling device admin must be a device or profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

required boolean: Whether auto time is set required or not.

Throws
SecurityException if admin is not a device owner.

setBackupServiceEnabled

void setBackupServiceEnabled (ComponentName admin, 
                boolean enabled)

Allows the device owner to enable or disable the backup service.

Backup service manages all backup and restore mechanisms on the device. Setting this to false will prevent data from being backed up or restored.

Backup service is off by default when device owner is present.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

enabled boolean: true to enable the backup service, false to disable it.

Throws
SecurityException if admin is not a device owner.

setBluetoothContactSharingDisabled

added in API level 23
void setBluetoothContactSharingDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether bluetooth devices can access enterprise contacts.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

This API works on managed profile only.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: If true, bluetooth devices cannot access enterprise contacts.

Throws
SecurityException if admin is not a device or profile owner.

setCameraDisabled

added in API level 14
void setCameraDisabled (ComponentName admin, 
                boolean disabled)

Called by an application that is administering the device to disable all cameras on the device, for this user. After setting this, no applications running as this user will be able to access any cameras on the device.

If the caller is device owner, then the restriction will be applied to all users.

The calling device admin must have requested USES_POLICY_DISABLE_CAMERA to be able to call this method; if it has not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: Whether or not the camera should be disabled.

Throws
SecurityException if admin is not an active administrator or does not use USES_POLICY_DISABLE_CAMERA.

setCertInstallerPackage

added in API level 23
void setCertInstallerPackage (ComponentName admin, 
                String installerPackage)

This method was deprecated in API level O.
From O. Use setDelegatedScopes(ComponentName, String, List) with the DELEGATION_CERT_INSTALL scope instead.

Called by a profile owner or device owner to grant access to privileged certificate manipulation APIs to a third-party certificate installer app. Granted APIs include getInstalledCaCerts(ComponentName), hasCaCertInstalled(ComponentName, byte[]), installCaCert(ComponentName, byte[]), uninstallCaCert(ComponentName, byte[]), uninstallAllUserCaCerts(ComponentName) and installKeyPair(ComponentName, PrivateKey, Certificate, String).

Delegated certificate installer is a per-user state. The delegated access is persistent until it is later cleared by calling this method with a null value or uninstallling the certificate installer.

Note:Starting from N, if the caller application's target SDK version is N or newer, the supplied certificate installer package must be installed when calling this API, otherwise an IllegalArgumentException will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

installerPackage String: The package name of the certificate installer which will be given access. If null is given the current package will be cleared.

This value may be null.

Throws
SecurityException if admin is not a device or a profile owner.

setCrossProfileCallerIdDisabled

added in API level 21
void setCrossProfileCallerIdDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether caller-Id information from the managed profile will be shown in the parent profile, for incoming calls.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: If true caller-Id information in the managed profile is not displayed.

Throws
SecurityException if admin is not a device or profile owner.

setCrossProfileContactsSearchDisabled

added in API level 24
void setCrossProfileContactsSearchDisabled (ComponentName admin, 
                boolean disabled)

Called by a profile owner of a managed profile to set whether contacts search from the managed profile will be shown in the parent profile, for incoming calls.

The calling device admin must be a profile owner. If it is not, a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: If true contacts search in the managed profile is not displayed.

Throws
SecurityException if admin is not a device or profile owner.

setDelegatedScopes

void setDelegatedScopes (ComponentName admin, 
                String delegatePackage, 
                List<String> scopes)

Called by a profile owner or device owner to grant access to privileged APIs to another app. Granted APIs are determined by scopes, which is a list of the DELEGATION_* constants.

A broadcast with the ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED action will be sent to the delegatePackage with its new scopes in an ArrayList<String> extra under the EXTRA_DELEGATION_SCOPES key. The broadcast is sent with the FLAG_RECEIVER_REGISTERED_ONLY flag.

Delegated scopes are a per-user state. The delegated access is persistent until it is later cleared by calling this method with an empty scopes list or uninstalling the delegatePackage.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

delegatePackage String: The package name of the app which will be given access.

This value must never be null.

scopes List: The groups of privileged APIs whose access should be granted to delegatedPackage.

This value must never be null.

Throws
SecurityException if admin is not a device or a profile owner.

setDeviceOwnerLockScreenInfo

added in API level 24
void setDeviceOwnerLockScreenInfo (ComponentName admin, 
                CharSequence info)

Sets the device owner information to be shown on the lock screen.

If the device owner information is null or empty then the device owner info is cleared and the user owner info is shown on the lock screen if it is set.

If the device owner information contains only whitespaces then the message on the lock screen will be blank and the user will not be allowed to change it.

If the device owner information needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

Parameters
admin ComponentName: The name of the admin component to check.

This value must never be null.

info CharSequence: Device owner information which will be displayed instead of the user owner info.

Throws
SecurityException if admin is not a device owner.

setGlobalSetting

added in API level 21
void setGlobalSetting (ComponentName admin, 
                String setting, 
                String value)

Called by device owners to update Settings.Global settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller.

The settings that can be updated with this method are:

Changing the following settings has no effect as of M:

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

setting String: The name of the setting to update.

value String: The value to update the setting to.

Throws
SecurityException if admin is not a device owner.

setKeyguardDisabled

added in API level 23
boolean setKeyguardDisabled (ComponentName admin, 
                boolean disabled)

Called by a device owner to disable the keyguard altogether.

Setting the keyguard to disabled has the same effect as choosing "None" as the screen lock type. However, this call has no effect if a password, pin or pattern is currently set. If a password, pin or pattern is set after the keyguard was disabled, the keyguard stops being disabled.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: true disables the keyguard, false reenables it.

Returns
boolean false if attempting to disable the keyguard while a lock password was in place. true otherwise.

Throws
SecurityException if admin is not a device owner.

setKeyguardDisabledFeatures

added in API level 17
void setKeyguardDisabledFeatures (ComponentName admin, 
                int which)

Called by an application that is administering the device to disable keyguard customizations, such as widgets. After setting this, keyguard features will be disabled according to the provided feature list.

The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.

Calling this from a managed profile before version M will throw a security exception. From version M the profile owner of a managed profile can set:

KEYGUARD_DISABLE_TRUST_AGENTS and KEYGUARD_DISABLE_FINGERPRINT can also be set on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Requests to disable other features on a managed profile will be ignored.

The admin can check which features have been disabled by calling getKeyguardDisabledFeatures(ComponentName)

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

which int: KEYGUARD_DISABLE_FEATURES_NONE (default), KEYGUARD_DISABLE_WIDGETS_ALL, KEYGUARD_DISABLE_SECURE_CAMERA, KEYGUARD_DISABLE_SECURE_NOTIFICATIONS, KEYGUARD_DISABLE_TRUST_AGENTS, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, KEYGUARD_DISABLE_FINGERPRINT, KEYGUARD_DISABLE_FEATURES_ALL

Throws
SecurityException if admin is not an active administrator or does not user USES_POLICY_DISABLE_KEYGUARD_FEATURES

setLockTaskPackages

added in API level 21
void setLockTaskPackages (ComponentName admin, 
                String[] packages)

Sets which packages may enter lock task mode.

Any packages that share uid with an allowed package will also be allowed to activate lock task. From M removing packages from the lock task package list results in locked tasks belonging to those packages to be finished.

This function can only be called by the device owner or by a profile owner of a user/profile that is affiliated with the device owner user. See setAffiliationIds(ComponentName, Set). Any packages set via this method will be cleared if the user becomes unaffiliated.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packages String: The list of packages allowed to enter lock task mode

This value must never be null.

Throws
SecurityException if admin is not the device owner, or the profile owner of an affiliated user or profile.

See also:

setLongSupportMessage

added in API level 24
void setLongSupportMessage (ComponentName admin, 
                CharSequence message)

Called by a device admin to set the long support message. This will be displayed to the user in the device administators settings screen.

If the long support message needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

message CharSequence: Long message to be displayed to the user in settings or null to clear the existing message.

This value may be null.

Throws
SecurityException if admin is not an active administrator.

See also:

setMasterVolumeMuted

added in API level 21
void setMasterVolumeMuted (ComponentName admin, 
                boolean on)

Called by profile or device owners to set the master volume mute on or off. This has no effect when set on a managed profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

on boolean: true to mute master volume, false to turn mute off.

Throws
SecurityException if admin is not a device or profile owner.

setMaximumFailedPasswordsForWipe

added in API level 8
void setMaximumFailedPasswordsForWipe (ComponentName admin, 
                int num)

Setting this to a value greater than zero enables a built-in policy that will perform a device or profile wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA}.

To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement onPasswordFailed(Context, android.content.Intent) instead. Do not use this API, because if the maximum count is reached, the device or profile will be wiped immediately, and your callback will not be invoked.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set a value on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

num int: The number of failed password attempts at which point the device or profile will be wiped.

Throws
SecurityException if admin is not an active administrator or does not use both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA.

setMaximumTimeToLock

added in API level 8
void setMaximumTimeToLock (ComponentName admin, 
                long timeMs)

Called by an application that is administering the device to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately.

The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

timeMs long: The new desired maximum time to lock in milliseconds. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or it does not use USES_POLICY_FORCE_LOCK

setNetworkLoggingEnabled

void setNetworkLoggingEnabled (ComponentName admin, 
                boolean enabled)

Called by a device owner to control the network logging feature.

Network logs contain DNS lookup and connect() library call events. The following library functions are recorded while network logging is active:

  • getaddrinfo()
  • gethostbyname()
  • connect()

Network logging is a low-overhead tool for forensics but it is not guaranteed to use full system call logging; event reporting is enabled by default for all processes but not strongly enforced. Events from applications using alternative implementations of libc, making direct kernel calls, or deliberately obfuscating traffic may not be recorded.

Some common network events may not be reported. For example:

  • Applications may hardcode IP addresses to reduce the number of DNS lookups, or use an alternative system for name resolution, and so avoid calling getaddrinfo() or gethostbyname.
  • Applications may use datagram sockets for performance reasons, for example for a game client. Calling connect() is unnecessary for this kind of socket, so it will not trigger a network event.

It is possible to directly intercept layer 3 traffic leaving the device using an always-on VPN service. See setAlwaysOnVpnPackage(ComponentName, String, boolean) and VpnService for details.

Note: The device owner won't be able to retrieve network logs if there are unaffiliated secondary users or profiles on the device, regardless of whether the feature is enabled. Logs will be discarded if the internal buffer fills up while waiting for all users to become affiliated. Therefore it's recommended that affiliation ids are set for new users as soon as possible after provisioning via setAffiliationIds(ComponentName, Set).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

enabled boolean: whether network logging should be enabled or not.

Throws
SecurityException if admin is not a device owner.

See also:

setOrganizationColor

added in API level 24
void setOrganizationColor (ComponentName admin, 
                int color)

Called by a profile owner of a managed profile to set the color used for customization. This color is used as background color of the confirm credentials screen for that user. The default color is teal (#00796B).

The confirm credentials screen can be created using createConfirmDeviceCredentialIntent(CharSequence, CharSequence).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

color int: The 24bit (0xRRGGBB) representation of the color to be used.

Throws
SecurityException if admin is not a profile owner.

setOrganizationName

added in API level 24
void setOrganizationName (ComponentName admin, 
                CharSequence title)

Called by the device owner or profile owner to set the name of the organization under management.

If the organization name needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

title CharSequence: The organization name or null to clear a previously set name.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

setPackagesSuspended

added in API level 24
String[] setPackagesSuspended (ComponentName admin, 
                String[] packageNames, 
                boolean suspended)

Called by device or profile owners to suspend packages for this user. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PACKAGE_ACCESS scope via setDelegatedScopes(ComponentName, String, List).

A suspended package will not be able to start activities. Its notifications will be hidden, it will not show up in recents, will not be able to show toasts or dialogs or ring the device.

The package must already be installed. If the package is uninstalled while suspended the package will no longer be suspended. The admin can block this by using setUninstallBlocked(ComponentName, String, boolean).

Parameters
admin ComponentName: The name of the admin component to check, or null if the caller is a package access delegate.

This value must never be null.

packageNames String: The package names to suspend or unsuspend.

This value must never be null.

suspended boolean: If set to true than the packages will be suspended, if set to false the packages will be unsuspended.

Returns
String[] an array of package names for which the suspended status is not set as requested in this method.

This value will never be null.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setPasswordExpirationTimeout

added in API level 11
void setPasswordExpirationTimeout (ComponentName admin, 
                long timeout)

Called by a device admin to set the password expiration timeout. Calling this method will restart the countdown for password expiration for the given admin, as will changing the device password (for all admins).

The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.

To disable password expiration, a value of 0 may be used for timeout.

The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

Note that setting the password will automatically reset the expiration time for all active admins. Active admins do not need to explicitly call this method in that case.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

timeout long: The limit (in ms) that a password can remain in effect. A value of 0 means there is no restriction (unlimited).

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_EXPIRE_PASSWORD

setPasswordHistoryLength

added in API level 11
void setPasswordHistoryLength (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_NUMERIC_COMPLEX PASSWORD_QUALITY_ALPHABETIC, or PASSWORD_QUALITY_ALPHANUMERIC with setPasswordQuality(ComponentName, int).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired length of password history. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumLength

added in API level 8
void setPasswordMinimumLength (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_NUMERIC_COMPLEX, PASSWORD_QUALITY_ALPHABETIC, PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int).

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum password length. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumLetters

added in API level 11
void setPasswordMinimumLetters (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumLowerCase

added in API level 11
void setPasswordMinimumLowerCase (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of lower case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of lower case letters required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumNonLetter

added in API level 11
void setPasswordMinimumNonLetter (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumNumeric

added in API level 11
void setPasswordMinimumNumeric (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of numerical digits required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of numerical digits required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumSymbols

added in API level 11
void setPasswordMinimumSymbols (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of symbols required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 1.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of symbols required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordMinimumUpperCase

added in API level 11
void setPasswordMinimumUpperCase (ComponentName admin, 
                int length)

Called by an application that is administering the device to set the minimum number of upper case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int). The default value is 0.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

length int: The new desired minimum number of upper case letters required in the password. A value of 0 means there is no restriction.

Throws
SecurityException if admin is not an active administrator or admin does not use USES_POLICY_LIMIT_PASSWORD

setPasswordQuality

added in API level 8
void setPasswordQuality (ComponentName admin, 
                int quality)

Called by an application that is administering the device to set the password restrictions it is imposing. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD or ACTION_SET_NEW_PARENT_PROFILE_PASSWORD after calling this method.

Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.

The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

quality int: The new desired quality. One of PASSWORD_QUALITY_UNSPECIFIED, PASSWORD_QUALITY_SOMETHING, PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_NUMERIC_COMPLEX, PASSWORD_QUALITY_ALPHABETIC, PASSWORD_QUALITY_ALPHANUMERIC or PASSWORD_QUALITY_COMPLEX.

Throws
SecurityException if admin is not an active administrator or if admin does not use USES_POLICY_LIMIT_PASSWORD

setPermissionGrantState

added in API level 23
boolean setPermissionGrantState (ComponentName admin, 
                String packageName, 
                String permission, 
                int grantState)

Sets the grant state of a runtime permission for a specific application. The state can be default in which a user can manage it through the UI, denied, in which the permission is denied and the user cannot manage it through the UI, and granted in which the permission is granted and the user cannot manage it through the UI. This might affect all permissions in a group that the runtime permission belongs to. This method can only be called by a profile owner, device owner, or a delegate given the DELEGATION_PERMISSION_GRANT scope via setDelegatedScopes(ComponentName, String, List).

Setting the grant state to default does not revoke the permission. It retains the previous grant, if any.

Permissions can be granted or revoked only for applications built with a targetSdkVersion of M or later.

Parameters
admin ComponentName: Which profile or device owner this request is associated with.

This value must never be null.

packageName String: The application to grant or revoke a permission to.

permission String: The permission to grant or revoke.

grantState int: The permission grant state which is one of PERMISSION_GRANT_STATE_DENIED, PERMISSION_GRANT_STATE_DEFAULT, PERMISSION_GRANT_STATE_GRANTED,

Returns
boolean whether the permission was successfully granted or revoked.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setPermissionPolicy

added in API level 23
void setPermissionPolicy (ComponentName admin, 
                int policy)

Set the default response for future runtime permission requests by applications. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_PERMISSION_GRANT scope via setDelegatedScopes(ComponentName, String, List). The policy can allow for normal operation which prompts the user to grant a permission, or can allow automatic granting or denying of runtime permission requests by an application. This also applies to new permissions declared by app updates. When a permission is denied or granted this way, the effect is equivalent to setting the permission * grant state via setPermissionGrantState(ComponentName, String, String, int).

As this policy only acts on runtime permission requests, it only applies to applications built with a targetSdkVersion of M or later.

Parameters
admin ComponentName: Which profile or device owner this request is associated with.

This value must never be null.

policy int: One of the policy constants PERMISSION_POLICY_PROMPT, PERMISSION_POLICY_AUTO_GRANT and PERMISSION_POLICY_AUTO_DENY.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setPermittedAccessibilityServices

added in API level 21
boolean setPermittedAccessibilityServices (ComponentName admin, 
                List<String> packageNames)

Called by a profile or device owner to set the permitted accessibility services. When set by a device owner or profile owner the restriction applies to all profiles of the user the device owner or profile owner is an admin for. By default the user can use any accessiblity service. When zero or more packages have been added, accessiblity services that are not in the list and not part of the system can not be enabled by the user.

Calling with a null value for the list disables the restriction so that all services can be used, calling with an empty list only allows the builtin system's services.

System accessibility services are always available to the user the list can't modify this.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageNames List: List of accessibility service package names.

Returns
boolean true if setting the restriction succeeded. It fail if there is one or more non-system accessibility services enabled, that are not in the list.

Throws
SecurityException if admin is not a device or profile owner.

setPermittedCrossProfileNotificationListeners

boolean setPermittedCrossProfileNotificationListeners (ComponentName admin, 
                List<String> packageList)

Called by a profile owner of a managed profile to set the packages that are allowed to use a NotificationListenerService in the primary user to see notifications from the managed profile. By default all packages are permitted by this policy. When zero or more packages have been added, notification listeners installed on the primary user that are not in the list and are not part of the system won't receive events for managed profile notifications.

Calling with a null value for the list disables the restriction so that all notification listener services be used. Calling with an empty list disables all but the system's own notification listeners. System notification listener services are always available to the user.

If a device or profile owner want to stop notification listeners in their user from seeing that user's notifications they should prevent that service from running instead (e.g. via setApplicationHidden(ComponentName, String, boolean))

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageList List: List of package names to whitelist

This value may be null.

Returns
boolean true if setting the restriction succeeded. It will fail if called outside a managed profile

Throws
SecurityException if admin is not a profile owner.

See also:

setPermittedInputMethods

added in API level 21
boolean setPermittedInputMethods (ComponentName admin, 
                List<String> packageNames)

Called by a profile or device owner to set the permitted input methods services. When set by a device owner or profile owner the restriction applies to all profiles of the user the device owner or profile owner is an admin for. By default the user can use any input method. When zero or more packages have been added, input method that are not in the list and not part of the system can not be enabled by the user. This method will fail if it is called for a admin that is not for the foreground user or a profile of the foreground user.

Calling with a null value for the list disables the restriction so that all input methods can be used, calling with an empty list disables all but the system's own input methods.

System input methods are always available to the user this method can't modify this.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

packageNames List: List of input method package names.

Returns
boolean true if setting the restriction succeeded. It will fail if there are one or more non-system input methods currently enabled that are not in the packageNames list.

Throws
SecurityException if admin is not a device or profile owner.

setProfileEnabled

added in API level 21
void setProfileEnabled (ComponentName admin)

Sets the enabled state of the profile. A profile should be enabled only once it is ready to be used. Only the profile owner can call this.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

Throws
SecurityException if admin is not a profile owner.

See also:

setProfileName

added in API level 21
void setProfileName (ComponentName admin, 
                String profileName)

Sets the name of the profile. In the device owner case it sets the name of the user which it is called from. Only a profile owner or device owner can call this. If this is never called by the profile or device owner, the name will be set to default values.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associate with.

This value must never be null.

profileName String: The name of the profile.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setRecommendedGlobalProxy

added in API level 21
void setRecommendedGlobalProxy (ComponentName admin, 
                ProxyInfo proxyInfo)

Set a network-independent global HTTP proxy. This is not normally what you want for typical HTTP proxies - they are generally network dependent. However if you're doing something unusual like general internal filtering this may be useful. On a private network where the proxy is not accessible, you may break HTTP using this.

This method requires the caller to be the device owner.

This proxy is only a recommendation and it is possible that some apps will ignore it.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

proxyInfo ProxyInfo: The a ProxyInfo object defining the new global HTTP proxy. A null value will clear the global HTTP proxy.

This value may be null.

Throws
SecurityException if admin is not the device owner.

See also:

setRequiredStrongAuthTimeout

void setRequiredStrongAuthTimeout (ComponentName admin, 
                long timeoutMs)

Called by a device/profile owner to set the timeout after which unlocking with secondary, non strong auth (e.g. fingerprint, trust agents) times out, i.e. the user has to use a strong authentication method like password, pin or pattern.

This timeout is used internally to reset the timer to require strong auth again after specified timeout each time it has been successfully used.

Fingerprint can also be disabled altogether using KEYGUARD_DISABLE_FINGERPRINT.

Trust agents can also be disabled altogether using KEYGUARD_DISABLE_TRUST_AGENTS.

The calling device admin must be a device or profile owner. If it is not, a SecurityException will be thrown.

The calling device admin can verify the value it has set by calling getRequiredStrongAuthTimeout(ComponentName) and passing in its instance.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set restrictions on the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

timeoutMs long: The new timeout in milliseconds, after which the user will have to unlock with strong authentication method. A value of 0 means the admin is not participating in controlling the timeout. The minimum and maximum timeouts are platform-defined and are typically 1 hour and 72 hours, respectively. Though discouraged, the admin may choose to require strong auth at all times using KEYGUARD_DISABLE_FINGERPRINT and/or KEYGUARD_DISABLE_TRUST_AGENTS.

Throws
SecurityException if admin is not a device or profile owner.

setResetPasswordToken

boolean setResetPasswordToken (ComponentName admin, 
                byte[] token)

Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via resetPasswordWithToken(ComponentName, String, byte[], int).

If the user currently has a lockscreen password, the provisioned token will not be immediately usable; it only becomes active after the user performs a confirm credential operation, which can be triggered by createConfirmDeviceCredentialIntent(CharSequence, CharSequence). If the user has no lockscreen password, the token is activated immediately. In all cases, the active state of the current token can be checked by isResetPasswordTokenActive(ComponentName). For security reasons, un-activated tokens are only stored in memory and will be lost once the device reboots. In this case a new token needs to be provisioned again.

Once provisioned and activated, the token will remain effective even if the user changes or clears the lockscreen password.

This token is highly sensitive and should be treated at the same level as user credentials. In particular, NEVER store this token on device in plaintext. Do not store the plaintext token in device-encrypted storage if it will be needed to reset password on file-based encryption devices before user unlocks. Consider carefully how any password token will be stored on your server and who will need access to them. Tokens may be the subject of legal access requests.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

token byte: a secure token a least 32-byte long, which must be generated by a cryptographically strong random number generator.

Returns
boolean true if the operation is successful, false otherwise.

Throws
IllegalArgumentException if the supplied token is invalid.
SecurityException

setRestrictionsProvider

added in API level 21
void setRestrictionsProvider (ComponentName admin, 
                ComponentName provider)

Designates a specific service component as the provider for making permission requests of a local or remote administrator of the user.

Only a profile owner can designate the restrictions provider.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

provider ComponentName: The component name of the service that implements RestrictionsReceiver. If this param is null, it removes the restrictions provider previously assigned.

This value may be null.

Throws
SecurityException if admin is not a device or profile owner.

setScreenCaptureDisabled

added in API level 21
void setScreenCaptureDisabled (ComponentName admin, 
                boolean disabled)

Called by a device/profile owner to set whether the screen capture is disabled. Disabling screen capture also prevents the content from being shown on display devices that do not have a secure video output. See FLAG_SECURE for more details about secure surfaces and secure displays.

The calling device admin must be a device or profile owner. If it is not, a security exception will be thrown.

From version M disabling screen capture also blocks assist requests for all activities of the relevant user.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: Whether screen capture is disabled or not.

Throws
SecurityException if admin is not a device or profile owner.

setSecureSetting

added in API level 21
void setSecureSetting (ComponentName admin, 
                String setting, 
                String value)

Called by profile or device owners to update Settings.Secure settings. Validation that the value of the setting is in the correct form for the setting type should be performed by the caller.

The settings that can be updated by a profile or device owner with this method are:

A device owner can additionally update the following settings:

Note: Starting from Android O, apps should no longer call this method with the setting INSTALL_NON_MARKET_APPS, which is deprecated. Instead, device owners or profile owners should use the restriction DISALLOW_INSTALL_UNKNOWN_SOURCES. If any app targeting O or higher calls this method with INSTALL_NON_MARKET_APPS, an UnsupportedOperationException is thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

setting String: The name of the setting to update.

value String: The value to update the setting to.

Throws
SecurityException if admin is not a device or profile owner.

setSecurityLoggingEnabled

added in API level 24
void setSecurityLoggingEnabled (ComponentName admin, 
                boolean enabled)

Called by device owner to control the security logging feature.

Security logs contain various information intended for security auditing purposes. See SecurityLog.SecurityEvent for details.

Note: The device owner won't be able to retrieve security logs if there are unaffiliated secondary users or profiles on the device, regardless of whether the feature is enabled. Logs will be discarded if the internal buffer fills up while waiting for all users to become affiliated. Therefore it's recommended that affiliation ids are set for new users as soon as possible after provisioning via setAffiliationIds(ComponentName, Set).

Parameters
admin ComponentName: Which device owner this request is associated with.

This value must never be null.

enabled boolean: whether security logging should be enabled or not.

Throws
SecurityException if admin is not a device owner.

See also:

setShortSupportMessage

added in API level 24
void setShortSupportMessage (ComponentName admin, 
                CharSequence message)

Called by a device admin to set the short support message. This will be displayed to the user in settings screens where funtionality has been disabled by the admin. The message should be limited to a short statement such as "This setting is disabled by your administrator. Contact someone@example.com for support." If the message is longer than 200 characters it may be truncated.

If the short support message needs to be localized, it is the responsibility of the DeviceAdminReceiver to listen to the ACTION_LOCALE_CHANGED broadcast and set a new version of this string accordingly.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

message CharSequence: Short message to be displayed to the user in settings or null to clear the existing message.

This value may be null.

Throws
SecurityException if admin is not an active administrator.

See also:

setStatusBarDisabled

added in API level 23
boolean setStatusBarDisabled (ComponentName admin, 
                boolean disabled)

Called by device owner to disable the status bar. Disabling the status bar blocks notifications, quick settings and other screen overlays that allow escaping from a single use device.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

disabled boolean: true disables the status bar, false reenables it.

Returns
boolean false if attempting to disable the status bar failed. true otherwise.

Throws
SecurityException if admin is not a device owner.

setStorageEncryption

added in API level 11
int setStorageEncryption (ComponentName admin, 
                boolean encrypt)

Called by an application that is administering the device to request that the storage system be encrypted.

When multiple device administrators attempt to control device encryption, the most secure, supported setting will always be used. If any device administrator requests device encryption, it will be enabled; Conversely, if a device administrator attempts to disable device encryption while another device administrator has enabled it, the call to disable will fail (most commonly returning ENCRYPTION_STATUS_ACTIVE).

This policy controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this policy does not require or control the encryption of any other storage areas. There is one exception: If isExternalStorageEmulated() is true, then the directory returned by getExternalStorageDirectory() must be written to disk within the encrypted storage area.

Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

encrypt boolean: true to request encryption, false to release any previous request

Returns
int the new request status (for all active admins) - will be one of ENCRYPTION_STATUS_UNSUPPORTED, ENCRYPTION_STATUS_INACTIVE, or ENCRYPTION_STATUS_ACTIVE. This is the value of the requests; Use getStorageEncryptionStatus() to query the actual device state.

Throws
SecurityException if admin is not an active administrator or does not use USES_ENCRYPTED_STORAGE

setSystemUpdatePolicy

added in API level 23
void setSystemUpdatePolicy (ComponentName admin, 
                SystemUpdatePolicy policy)

Called by device owners to set a local system update policy. When a new policy is set, ACTION_SYSTEM_UPDATE_POLICY_CHANGED is broadcasted.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with. All components in the device owner package can set system update policies and the most recent policy takes effect.

This value must never be null.

policy SystemUpdatePolicy: the new policy, or null to clear the current policy.

Throws
SecurityException if admin is not a device owner.

See also:

setTrustAgentConfiguration

added in API level 23
void setTrustAgentConfiguration (ComponentName admin, 
                ComponentName target, 
                PersistableBundle configuration)

Sets a list of configuration features to enable for a TrustAgent component. This is meant to be used in conjunction with KEYGUARD_DISABLE_TRUST_AGENTS, which disables all trust agents but those enabled by this function call. If flag KEYGUARD_DISABLE_TRUST_AGENTS is not set, then this call has no effect.

The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if not, a security exception will be thrown.

This method can be called on the DevicePolicyManager instance returned by getParentProfileInstance(ComponentName) in order to set the configuration for the parent profile.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

target ComponentName: Component name of the agent to be enabled.

This value must never be null.

configuration PersistableBundle: TrustAgent-specific feature bundle. If null for any admin, agent will be strictly disabled according to the state of the KEYGUARD_DISABLE_TRUST_AGENTS flag.

If KEYGUARD_DISABLE_TRUST_AGENTS is set and options is not null for all admins, then it's up to the TrustAgent itself to aggregate the values from all device admins.

Consult documentation for the specific TrustAgent to determine legal options parameters.

Throws
SecurityException if admin is not an active administrator or does not use USES_POLICY_DISABLE_KEYGUARD_FEATURES

setUninstallBlocked

added in API level 21
void setUninstallBlocked (ComponentName admin, 
                String packageName, 
                boolean uninstallBlocked)

Change whether a user can uninstall a package. This function can be called by a device owner, profile owner, or by a delegate given the DELEGATION_BLOCK_UNINSTALL scope via setDelegatedScopes(ComponentName, String, List).

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if the caller is a block uninstall delegate.

This value may be null.

packageName String: package to change.

uninstallBlocked boolean: true if the user shouldn't be able to uninstall the package.

Throws
SecurityException if admin is not a device or profile owner.

See also:

setUserIcon

added in API level 23
void setUserIcon (ComponentName admin, 
                Bitmap icon)

Called by profile or device owners to set the user's photo.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

icon Bitmap: the bitmap to set as the photo.

Throws
SecurityException if admin is not a device or profile owner.

switchUser

added in API level 21
boolean switchUser (ComponentName admin, 
                UserHandle userHandle)

Called by a device owner to switch the specified user to the foreground.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with.

This value must never be null.

userHandle UserHandle: the user to switch to; null will switch to primary.

This value may be null.

Returns
boolean true if the switch was successful, false otherwise.

Throws
SecurityException if admin is not a device owner.

See also:

uninstallAllUserCaCerts

added in API level 21
void uninstallAllUserCaCerts (ComponentName admin)

Uninstalls all custom trusted CA certificates from the profile. Certificates installed by means other than device policy will also be removed, except for system CA certificates.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

Throws
SecurityException if admin is not null and not a device or profile owner.

uninstallCaCert

added in API level 21
void uninstallCaCert (ComponentName admin, 
                byte[] certBuffer)

Uninstalls the given certificate from trusted user CAs, if present. The caller must be a profile or device owner on that user, or a delegate package given the DELEGATION_CERT_INSTALL scope via setDelegatedScopes(ComponentName, String, List); otherwise a security exception will be thrown.

Parameters
admin ComponentName: Which DeviceAdminReceiver this request is associated with, or null if calling from a delegated certificate installer.

This value may be null.

certBuffer byte: encoded form of the certificate to remove.

Throws
SecurityException if admin is not null and not a device or profile owner.

See also:

wipeData

added in API level 8
void wipeData (int flags)

Ask that all user data be wiped. If called as a secondary user, the user will be removed and other users will remain unaffected. Calling from the primary user will cause the device to reboot, erasing all device data - including all the secondary users and their data - while booting up.

The calling device admin must have requested USES_POLICY_WIPE_DATA to be able to call this method; if it has not, a security exception will be thrown.

Parameters
flags int: Bit mask of additional options: currently supported flags are WIPE_EXTERNAL_STORAGE and WIPE_RESET_PROTECTION_DATA.

Throws
SecurityException if the calling application does not own an active administrator that uses USES_POLICY_WIPE_DATA
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields

Hooray!

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a one-minute survey?
Help us improve Android tools and documentation.