Make my Android app to fully kiosk mode when enabled

Question

I am trying to make my feedback app to support fully kiosk, I have tried a lot of solutions but Nothing is completely satisfying my need. Here are the things that I found yet.

1. Make my app as Device Admin/Owner App(Lock Task) -

If we follow this link/procedure https://developer.android.com/work/dpc/dedicated-devices/lock-task-mode, some limitations are there as follows -

a. We have to factory reset all the devices where Feedback app is installed, follow some steps to make it as admin app(launcher app).

b. Installation of the app will be possible using the command line, each installation will take some line of code through cmd, which means for installing a person has to go there with the computer and connect the device with USB and then install the app using commands.

c. Update on an app will also follow the same procedure (Couldn't be performed using google play store)

d. In this case, end-user will never be able to exit from our app, restart the device would also launch the same feedback app every single time.

2. Programmatically screen pinning + programmatically volume and power button controlling. (https://github.com/mrugacz95/kiosk)

a. In this, we will make the app in screen pinning mode where all the three bottom buttons(Overview, home, recent) will be hidden/disabled. and same with the power key and volume keys.

b. So As soon user clicks on kiosk mode, a screen pinning system generated prompt would be shown to user But the biggest disadvantage of it is that app would be unpinned/unlocked as soon as the user presses overview+recent buttons together.

3. The third Case is, where all the keys are controlled including power+voulme+back+overview etc. Only pressing home will make the app to go on the background and within seconds it will again come foreground.

So all I found up until now, is not very satisfiable. One more Question-

Is this something to be fully controlled by MDM(Mobile Device Management)?

Any help is appreciated.

Answer 1

1. Make my app as Device Admin/Owner App

a. A device owner can only be installed on a newly initialized device (before an account is added). I believe this is by design : A device owner can completely lock the device down, you don't want a malicious app to be able to seize the phone of an unsuspecting user after a few "I agree" popups.

b. You don't need to install it using adb. The simplest provisioning method is via NFC : While the device shows the very first screen of the setup wizard, touch it with a tag (or another device) containing the provisioning configuration, most importantly an URL where the apk can be downloaded and a WiFi config.

Another method is via QR code (Android 7+) : tap 6 times the first setup screen. It is a bit less convenient than NFC because you usually have to provision the WiFi manually.

c. A device owner can be updated like any other app. As it can itself install or update applications without asking the user, you can implement a fully automatized self update mechanism : check for update / download / update.

2. Lock task / screen pinning

Any application can programatically enter lock task mode. How it happens depends on whether the application is white listed by a device owner app (possibly itself) :

If not, the user is prompted and must accept, they can also exit at any time. This is basically the same thing as screen pinning.

If yes, there is no popup : the user can not decline to enter, nor exit, the lock task mode.

Additionally a kiosk application can act as a launcher. A device owner (again, possibly itself) can set it without user intervention

Is this something to be fully controlled by MDM(Mobile Device Management)?

While device owner apps are usually DPC connected to a MDM console of some sort, this is not a technical requirement. How you control it is completely up to you. (I hope I understood correctly the question)

Overall, I think that the only reliable way a device can be locked in kiosk mode is to use a device owner app (separately or included in the kiosk application). The setup via NFC or QR code is actually faster than a normal device setup. It can also protect against safe mode reboot or factory reset. The only real constraint is that you can not deploy this kind of application on existing devices without wiping them first.