New Lock Task Mode Features, Flags and User Restrictions introduced in Android P

2nd July 2018 0 By darryncampbell

New features added to Lock Task Mode

In Android P a Device or Profile owner has the ability to launch any application into lock task mode.  Recall that in Marshmallow, Nougat and Oreo an application could put itself into lockTaskMode, either by calling an API itself or by specifying the lockTaskMode in its manifest.  What this meant in practice was that the application had to be written specifically to run in lock task mode and there was an additional dependency on the Device Owner (DO) or Profile Owner (PO) to ensure the application was whitelisted.

Under Android P there is no longer any need to code specific ‘lock task’ logic into your application, any whitelisted app can be launched into lock task mode by the DO / PO.

Presuming you have whitelisted the calculator, you can launch the calculator from your DO as follows:

final Intent intent = Intent.makeMainActivity(new ComponentName("",
final ActivityOptions options = ActivityOptions.makeBasic();
startActivity(intent, options.toBundle());

The new functionality being provided by the setLockTaskEnabled method in ActivityOptions.  I modified TestDPC to demonstrate a DO launching another application (in this case calculator) & what that looks like:

New flags for lock task mode, introduced in Android P

A new method in the Device Owner for P, setLockTaskFeatures can be used to configure the behaviour of the device in Lock Task mode.  Several flags have been defined:

This flag will disable all configurable UI.  The flag is defined as 0x0 so this is equivalent to not setting any flags

Will display the date / time aswell as the information area to the right side of the status bar.  The documentation states the location of this area can differ across OEMs but includes connectivity, battery, vibration mode e.t.c.

This flag will enable the home button.  You will need to whitelist the launcher for the home button to have any effect (and have a default launcher set)

As shown in the video below, even after whitelisting the launcher only whitelisted applications can be run

Note that this flag can only be used in combination with LOCK_TASK_FEATURE_HOME.

Enabling this flag allows the user to pull down the notification shade to access and interact with notifications.  The application which created the notification does not need to be whitelisted to have its notification displayed.  The quick settings panel remains disabled

Show the keyguard (password prompt when press power).  This flag will only have an effect if there is a keyguard in place, e.g. you have set a PIN.  If this flag is NOT set, the keyguard will NOT be shown even if there is a lock screen credential – remember this feature is designed for enterprise devices such as public facing kiosks.

This flag can only be used in combination with LOCK_TASK_FEATURE_HOME

When set, the overview (AKA recent button) will be displayed

Global actions are the menu shown when the power key is held down.  If set, this flag will permit these power key options to be shown, useful to prevent a user from inadvertently rebooting a device or powering it off.

New user restrictions added in Android P

User restrictions are not the same as lock task mode but they fall under the same umbrella of ways to control what the user is able to do on an Enterprise Device.

User restrictions can be applied by the DO / PO for any primary or secondary user on the device by calling the addUserRestriction API

Newly added in Android P are the following user restrictions

Will prevent the user from turning airplane mode on or off (also covers the quick setting option for airplane mode)

Controls whether the user is able to configure ambient display which shows content like time and notifications without having to unlock the device

Prevents the user from adjusting the screen brightness

Prevents the user from setting the date and time.  Remember having an invalid date and time will prevent the device connecting remotely using certificates (e.g. over an HTTPS connection)

Prevent the user from modifying any of the location settings e.g. location on / off and location accuracy though the user is still able to configure scanning for nearby WiFi / Bluetooth.

Prevents the user from modifying the screen timeout setting

Controls whether the user is allowed to print from the device.