The features in this guide describe device management capabilities you can implement in your device policy controller (DPC) app. You can also use the Test DPC app as a source of sample code for Android's enterprise features.
A DPC app can run in profile owner mode on personal devices or in device owner mode on fully managed devices. This table indicates which features are available when the DPC runs in profile owner mode or device owner mode:
Feature | Profile owner | Device owner |
Create a custom lock screen message | ✓ | |
Disable data roaming | ✓ | |
Give users a customized message if a setting is blocked | ✓ | ✓ |
Lock down the wallpaper | ✓ | ✓ |
Lock down a customer user icon | ✓ | ✓ |
Remotely monitor device health and status | ✓ | ✓ |
Remotely reboot an Android device | ✓ |
Create a custom lock screen message
Running in device owner mode, a DPC can create a custom lock screen message on
their users’ devices using the
setDeviceOwnerLockScreenInfo
method. This message displays on the device screen when locked, and is useful
for a lost or stolen device. A common message is “This phone belongs to
<company name>, call <phone number> if found.”
Disable data roaming
Data roaming can cause significant charges on mobile carrier bills. To help
streamline those costs, a DPC running in device owner mode can disable
data roaming by setting the DISALLOW_DATA
ROAMING
restriction. Once the user restriction is set by the DPC, a user can’t change
data roaming via Settings on their device.
Give users a customized message if a setting is blocked
When a user clicks a setting or feature blocked by their IT department, the support message gives a brief explanation of why they can’t access the feature.
These messages can be more descriptive than “Action not allowed.” A DPC running
in device owner or profile owner mode can customize these messages
using the
DevicePolicyManager setShortSupportMessage()
and setLongSupportMessage()
methods.
Create support messages
To explain why a setting is restricted, you can use short or long messages:
To create a short message, use the
setShortSupportMessage()
method.- The short message is restricted to 200 characters.
- A common message is "This setting is disabled by your admin. Contact <yourITdepartment@example.com> for support."
To create a long message, use the
setLongSupportMessage()
method. The user can view this message on their device under Settings > Security > Device admins, and then select a specific admin.
If either of these messages needs to be translated, the
DeviceAdminReceiver
needs to listen to the
ACTION_LOCALE_CHANGED
broadcast and set a new version of this string accordingly.
Lock down the wallpaper
Organizations such as schools or companies that run Android devices as shared devices can block their users from changing the wallpaper on their device home screen.
To lock down the wallpaper, a DPC running in device owner or profile owner
mode can set
DISALLOW_SET_WALLPAPER
to true
. The default for this setting is
false
.
Lock down a customer user icon
A DPC running in either device owner or profile owner mode can add users and specify an icon for each user. This user icon is only on the device and is separate from the profile icon that appears in other Google properties, such as a Gmail message or Google Plus profile.
A DPC can configure the
DISALLOW_SET_USER_ICON
to true
to restrict a user from changing their icon. The
default for this setting is false
.
Remotely monitor device health and status
A DPC running in device owner or profile owner mode can monitor unattended
devices running in a remote location, such as digital signage displays or kiosks
run off of Android devices. To do this, a DPC uses the
HardwarePropertiesManager
interface to get information about device health, such as GPU temperatures and
CPU usage. This is useful to diagnose issues with devices that automatically
turn off because of overheating or other issues.
To access the device’s Hardware Property Manager service, use
Context.getSystemService()
with string Context.HARDWARE_PROPERTIES_SERVICE
.
Remotely reboot an Android device
A DPC can remotely reboot Android devices only when it runs in device owner
mode. In some cases, devices deployed in public places inside enclosures or as
digital signage displays can prevent easy access to the power button. If a
device needs to be rebooted, a DPC can do so using the
DevicePolicyManager.reboot()
method.
A device doesn’t reboot if there’s an ongoing call. The device needs to be
in an idle state to reboot. This is to prevent an admin interrupting a user’s
phone call with a reboot request. If the device is active, it throws an
IllegalStateException
until
CALL_STATE_IDLE
.