Android Application
Development
Enterprise Features
October 2013
Developing for MSI Android Devices
•
Majority is the same as developing
for any Android device
•
Fully compatible with Android SDK
•
We test using the Android
•
We test using the Android
Compatibility Test Suite (CTS) to
ensure compatibility
•
We have added extensions and
features to enable enterprise
applications/deployments
Getting Started with Android
Development
•
Download ADT bundle from
http://developer.android.com/sdk/index.html
•
Single download, includes
everything you need to begin
developing apps (almost)
– Eclipse + ADT plugin
– Android SDK Tools
– Android Platform-tools
Install the Android Developer Tools
– Android Platform-tools
– The latest Android platform
– The latest Android system image for the emulator
•
JDK 6 (JRE alone is not sufficient)
from Sun (Oracle)
– JDK 7 not officially supported, but works
http://www.oracle.com/technetwork/java/javasebusiness/d
•
MSI devices fully compatible with ADB and other tools
•
ADB creates a link over USB used for command line tools and Eclipse IDE
debugger
•
Google provides USB ADB driver with Android SDK
•
Configuring Google USB ADB Driver
– Windows XP and Windows7 Driver available
Configuring Android Debug Bridge
(ADB)
– Windows XP and Windows7 Driver available
• Copy driver to PC
• Update to adb_usb.ini to include Motorola devices (0x0451 and 0x05E0)
• Connect device to PC and navigate to folder with driver when asked
– Windows 8
• Disable device driver signature enforcement
• Same procedure as above
– Linux
USB Media Transfer Protocol (MTP)
•
Starting with Ice Cream Sandwich , Android changed its
default USB protocol from USB Mass Storage to Media
Transfer Protocol (MTP)
•
Windows 7 works with MTP out of the box
•
Windows XP requires update to Windows Media Player 11
to install MTP patch
to install MTP patch
–
Click Help -> Check for Player Updates from WMP
–
Or download MTP kit from
http://www.microsoft.com/en-us/download/details.aspx?id=19153
•
Ensure select Composite ADB Device when installing USB
•
Use system settings to Enable Android Debug Bridge
Device Set- Up for Development
Jelly BeanSettings -> Developer Options Gingerbread
Android API Levels
•
Each Version of Android has a unique API Level, allowing applications
to ensure compatibility
– Gingerbread devices – API Level 10
– Jelly Bean devices – API Level 16
– Complete list at developer.android.com/guide/topics/uses-sdk-element.html
•
The Application manifest.xml <uses-sdk> element lets you define
•
The Application manifest.xml <uses-sdk> element lets you define
compatibility with one or more versions of Android
– android:minSdkVersion — Specifies the minimum API Level on which the application is able to run. The default value is "1“ (runs on all versions)
– android:targetSdkVersion — Specifies the API Level on which the application is designed to run (i.e. what is was tested on)
– android:maxSdkVersion — Specifies the maximum API Level on which the application is able to run.
More Info on
Native Development
•
Google’s Android Training Site:
http://developer.android.com/training/index.html
•
Google’s API Reference:
http://developer.android.com/reference/packages.html
http://developer.android.com/reference/packages.html
•
Google’s Developer News and Documents:
Retrieving Battery Status
•
Receive standard Android
ACTION_BATTERY_CHANGED
broadcast Intent
•
Intent Extended Data has various battery information
•
Motorola Adds additional battery data in the
•
Motorola Adds additional battery data in the
standard Android Intent
Standard Battery Data Available
Constant Data value
EXTRA_HEALTH integer containing the current health constant.
EXTRA_ICON_SMALL integer containing the resource ID of a small status bar icon with battery state
EXTRA_LEVEL integer field containing the current battery level, from 0 to EXTRA_SCALE EXTRA_PLUGGED integer indicating whether the device is plugged in to a power sourcepower source EXTRA_PRESENT boolean indicating whether a battery is present
EXTRA_SCALE integer containing the maximum battery level EXTRA_STATUS integer containing the current status constant
EXTRA_TECHNOLOGY String describing the technology of the current battery EXTRA_TEMPERATURE integer containing the current battery temperature
Motorola Battery Data Available
Constant Data value
"bkvoltage" Backup Battery Voltage "mfd" Battery Manufacture Date "serialnumber" Battery Serial Number "partnumber" Part Number for Battery "uniqueid" Unique ID for Battery "uniqueid" Unique ID for Battery
"ratedcapacity" Rated Capacity of the Battery
Example: Retrieving Battery Status
mBattFilter = new IntentFilter(Intent.ACTION_BATTERY_CHANGED );
mBattIntent = this.registerReceiver(this.batteryInfoReceiver, mBattFilter);
private static final String MOTO_EXTRA_SERIAL_NUMBER = "serialnumber";
private BroadcastReceiver batteryInfoReceiver = new BroadcastReceiver() {
Register the Intent
Receiver runs when battery
private BroadcastReceiver batteryInfoReceiver = new BroadcastReceiver() { @Override
public void onReceive(Context context, Intent intent) { /* Standard Android Battery Information */
int status = intent.getIntExtra(BatteryManager.EXTRA_STATUS,-1);
String tech = intent.getExtras().getString(BatteryManager.EXTRA_TECHNOLOGY);
int voltage = intent.getIntExtra(BatteryManager.EXTRA_VOLTAGE, 0);
/* Motorola Solutions specific Data (only one field shown here as an example)*/
String SerialNumber = intent.getExtras().getString(MOTO_EXTRA_SERIAL_NUMBER);
when battery status changes
Battery Info is in Intent “extra”
•
On ET-1, 5V power for
accessories can be
controlled by an application
via Intents
•
Accessory port is the top
USB Power
•
Accessory port is the top
USB port
USB Power Control Intents
com.motorolasolutions.intent.USBPOWERENABLE
com.motorolasolutions.intent.USBPOWERDISABLE
What is Mx?
•
Mx represents a suite of Enterprise Features
on Top of standard, commercially available
AOSP (Android Open Source Project)
•
Mx maintains Compatibility with Standard
Android Applications
•
Mx maintains Compatibility with Standard
Android Applications
•
There is no generally available exposed API
Surface for Mx (currently exclusive to MDM
partners)
•
Multiuser Authentication
•
Separation of User Data Spaces
•
Reduced System Settings Dialog
•
Whitelist Application
•
Secure Storage
•
Volume Encryption
Mx OS Extension Features
•
Volume Encryption
•
Full SD Card Encryption
•
Certificate Management
•
Silent Application Installation
•
Ability to enable/disable USB Mass Storage & ADB
•
Set a New APK as the Default Home Screen
•
Overview
–
Allows multiple users to access the device
• Each user optionally has their own data space and settings
–
Unlock screen replaced by a credentials dialog
• Username and password required to unlock the device
–
Notification area will indicate the current user. Tapping on the
MX Multiuser Framework
–
Notification area will indicate the current user. Tapping on the
notification will trigger the logout process
–
Choice of Local or Remote Authentication
• Local database on the device
• Authenticate against an Active Directory server
• When remote authentication is selected, users in the local database are permitted as well.
–
Only administrator users are permitted to modify any system
setting
•
Development Impact
–
The multiuser framework is transparent
–
Although data separation adds a layer of abstraction, no special
coding is needed
•
Avoid using hard coded paths
–
All open applications are forced closed upon logout
Development Info & Tips
MX Multiuser Framework
–
All open applications are forced closed upon logout
•
Exception: those applications or services that are required to span
users
•
Tips
–
Always create at least one administrative user in the local
database. This will allow a device using remote authentication
to be unlocked and configured if connection to the AD server is
lost.
•
Overview
–
Works in conjunction with Multiuser Framework
–
Each user is assigned to a group(s)
–
Each group is assigned a white list of packages which are
permitted
–
Each white list consists of three separate pieces
Development Info & Tips
MX Application Lock
–
Each white list consists of three separate pieces
• System list – applications needed for the system to operate properly
• Common list – applications permitted for ALL groups
• Individual list – applications permitted for the individual group
–
Users included in multiple groups are permitted the sum of the
individual list for each group
–
Packages are defined by their package name
–
Any application not included on the white list is NOT permitted
to be installed or launched
•
Development Impact
–
All applications spawned from another application must be
included on the same white list
•
Tips
Development Info & Tips
MX Application Lock
•
Tips
–
Be sure to create an administrator group for users that are
permitted to use ALL applications
–
Be careful with use of the wildcard character in the white list,
this may lead to permitting applications that are unintended for
that group
•
Overview
– Encryption can span the entire SD Card or only an individual folder tree
– When the entire SD Card is encrypted:
• The card will be reformatted
– When only a folder tree is encrypted:
• Different folder trees can use different keys
• The folder tree can be mounted under /data or /sdcard
Development Info & Tips
MX Secure Storage
• The folder tree can be mounted under /data or /sdcard
– Encryption / decryption occurs between the file system and the application making this feature transparent to applications.
– The auto mount feature can be used to direct the system to mount the encrypted data automatically on reset
– If the encryption key is known, the data within the encrypted area can be copied to a Linux system and read
•
Development Impact
–
None: once the encrypted area is mounted, the data from the
application is read and written using standard algorithms
•
Tips
–
In many cases the SD Card is used to deploy OS updates. If the
entire SD Card is encrypted, the recovery mechanism will not be
Development Info & Tips
MX Secure Storage
entire SD Card is encrypted, the recovery mechanism will not be
able to read the SD Card
–
When a folder tree is mounted under /data, make sure the path
is correct for the intended application
–
A folder tree cannot be mounted if the mount point contains
unencrypted data
–
Factory reset will erase the encryption keys. Be sure to record
and secure encryption keys to re-install into a device that has
been factory reset.
MSI Utilities – 4 Basic Utilities
1) Multiuser Administrator - on-device utility used to enable/disable the Multiuser feature and populate the credentials database.
2) AppLock Administrator - on-device utility used to enable/disable the Application Lock feature and install groups and white list files
3) Enterprise Administrator - a desktop utility used to manage users, groups and white lists. The export function of this utility will write files in the format necessary for the Multiuser
Administrator and the AppLock Administrator (migrating to XML)
4) Secure Storage Administrator (SSA) – on-device utility used to install and delete encryption keys. Also used to create, mount/un-mount and delete EFS partitions.
Enterprise Administrator
•
Runs on Windows
•
Manage
–
Users
–
Groups
–
Packages
–
Packages
•
Local or Server based user authentication
•
Import and Export
–
Users
–
Groups
Determining Packages Installed on Device
•
On Host computer, open a command prompt
(or a terminal in Ubuntu)
C:\ [path of sdk]\platform-tools\adb shell
$pm list packages –f > sdcard/pkglist.txt
$exit
Multi-User Administrator
•
Users must be defined in the Enterprise
Administrator before enabling
•
Export Files from the Enterprise Administrator
•
Copy to root of device
•
Copy to root of device
•
Loading User list immediately enables
Multi-user Mode
Multi-User
Enabled
•Note Multi-User icon in upper left •Drag icon down to log off
App Lock Administrator
•
Multi-User must be enabled before App Lock
•
Groups and White lists must be defined in the
Enterprise Administrator before enabling
•
Export Files from the Enterprise Administrator
•
Export Files from the Enterprise Administrator
•
Copy to root of device
Secure Storage Administrator
•
Allows creation and maintenance of
encryption keys
•
Allows creation, control, and deletion of
encrypted volumes
Enterprise Home Screen (EHS)
• Comparable to Windows AppCenter• Separately Downloadable App (apk), XML configured (folder = /enterprise/usr/)
• Device Oriented (i.e. Not Individual User)
• Replacement App Launcher – exposes only chosen icons
• Ability to selectively choose Icons/apps on home screen Kiosk Mode (auto app invocation preventing user from
• Kiosk Mode (auto app invocation preventing user from exiting)
• Auto Launch (auto app invocation allowing user to exit)
• A Separate “Tools Screen” (to better organize)
• An Admin Password for enabling configuration (256 bit AES encrypted)
Enterprise Home Screen
Enterprise Home Screen (EHS) is a replacement application launcher Designed to allow only specified applications to be launched.
Enterprise Home Screen is configured via an xml file found in the /enterprise/usr/ folder in the internal memory of the device. This file is read on startup and every time the home button is pressed while in EHS.
Features…
• Kiosk mode and auto launch applications
• Kiosk mode and auto launch applications
• User and Admin modes
– Admin password with 256 bit AES encryption
• Tools menu, battery and wireless status screens
• Customize
– EHS launcher title
– Icon text and background color
– Background wallpaper
– Orientation
Enterprise Home Screen (EHS)
https://developer.motorolasolutions.com/docs/DOC-1875 4
Enterprise Home Screen
Enterprise Home Screen is configured via an xml file. This file is read on startup and every time the home button is pressed while in EHS.
1. Auto launch (optional) 2. Kiosk launch (optional) 3. Applications
4. Tools 5. Password 5. Password 6. Preferences
•Title text displayed in the launcher title bar
•App icon label background color
•App icon label text color
•Screen orientation
•Bypass swipe to unlock
Button Remapping
OS - Key Button Remapping
•
Each device has external buttons that can be remapped
to change function or launch an application
•
Remapping tool on device under Settings|Key
Programmer
•
To deploy to multiple devices, configure the buttons as
•
To deploy to multiple devices, configure the buttons as
desired and then export an XML file
•
To deploy mappings on MC40
– Copy the XML file to a /enterprise/user/keypad folder on the device
– NOTE: no reset is required, the XML file will be automatically consumed and the keys remapped
Folder Persistence in MSI Android Devices
Folder Reboot Enterprise Reset Factory Reset/data Persistent Not Persistent Not Persistent /enterprise Persistent Persistent Not Persistent /sdcard Persistent Persistent Persistent
•
Enterprise and Factory reset thru recovery mode (similar to an OS
update)
•
Reset files available from
http://supportcentral.motorolasolutions.com
•
Ensure you use correct reset file (gingerbread or Jellybean)
GOOGLE MOBILE SERVICES
Google offers a variety of applications and associated services for developers independent of the Android Open Source Project. The services are available as native
Android API’s via an SDK extra. The services can only be used on Android devices that choose to include them.
SECURITY
Google Mobile Services requires devices to be identifiedwith a specific GoogleID, and routes enterprise data through Google’s servers.PRIVACY
Google revamped their privacy policy in early 2012WHY GOOGLE MOBILE SERVICES IS NOT
PRESENT ON ALL MSI DEVICES
PRIVACY
Google revamped their privacy policy in early 2012 allowing for richer user profiling across all services, for targeted advertising.Usage acceptance allows Google to track a device’s every move.
Google may collect IP Addresses,location, nearby wi-fi info, local storage and device setting details.
More Information
•
Join the Motorola Solutions Android Developer Community
https://developer.motorolasolutions.com/community/android
•
The “Go To” place for all your MSI Android development needs
THANK YOU
MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks orregistered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners. © 2013 Motorola Solutions, Inc. All rights reserved.
