Result code for setStorageEncryption(ComponentName, boolean) and getStorageEncryptionStatus() : indicating that encryption is not supported.

See Also

• ACTION_ADD_DEVICE_ADMIN

Constant for setPasswordQuality(ComponentName, int) : the user must have entered a password containing at least alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the user must have entered a password containing at least both> numeric and alphabetic (or other symbol) characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the policy allows for low-security biometric recognition technology. This implies technologies that can recognize the identity of an individual to about a 3 digit PIN (false detection is less than 1 in 1,000). Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the user must have entered a password containing at least a letter, a numerical digit and a special symbol, by default. With this password quality, passwords can be restricted to contain various sets of characters, like at least an uppercase letter, etc. These are specified using various methods, like setPasswordMinimumLowerCase(ComponentName, int) . Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the user must have entered a password containing at least numeric characters. Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the policy requires some kind of password, but doesn't care what it is. Note that quality constants are ordered so that higher values are more restrictive.

Constant for setPasswordQuality(ComponentName, int) : the policy has no requirements for the password. Note that quality constants are ordered so that higher values are more restrictive.

Return a list of all currently active device administrator's component names. Note that if there are no administrators than null may be returned.

Determine whether or not the device's cameras have been disabled either by the current admin, if specified, or all admins.

Parameters

admin The name of the admin component to check, or null to check if any admins have disabled the camera

Retrieve the number of times the user has failed at entering a password since that last successful password entry.

The calling device admin must have requested USES_POLICY_WATCH_LOGIN to be able to call this method; if it has not, a security exception will be thrown.

Determine whether or not features have been disabled in keyguard either by the current admin, if specified, or all admins.

Parameters

admin The name of the admin component to check, or null to check if any admins have disabled features in keyguard.

Retrieve the current maximum number of login attempts that are allowed before the device wipes itself, for all admins or a particular one.

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Get the current password expiration time for the given admin or an aggregate of all admins if admin is null. If the password is expired, this will return the time since the password expired as a negative number. If admin is null, then a composite of all expiration timeouts is returned - which will be the minimum of all timeouts.

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Get the password expiration timeout for the given admin. The expiration timeout is the recurring expiration timeout provided in the call to setPasswordExpirationTimeout(ComponentName, long) for the given admin or the aggregate of all policy administrators if admin is null.

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Return the maximum password length that the device supports for a particular password quality.

Parameters

quality The quality being interrogated.

Retrieve the current number of letters required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumLetters(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Retrieve the current number of lower case letters required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumLowerCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Retrieve the current number of non-letter characters required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumNonLetter(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Retrieve the current number of numerical digits required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumNumeric(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Retrieve the current number of symbols required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumSymbols(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Retrieve the current number of upper case letters required in the password for all admins or a particular one. This is the same value as set by {#link setPasswordMinimumUpperCase(ComponentName, int) and only applies when the password quality is PASSWORD_QUALITY_COMPLEX .

Parameters

admin The name of the admin component to check, or null to aggregate all admins.

Called by an application that is administering the device to determine the requested setting for secure storage.

Parameters

admin Which DeviceAdminReceiver this request is associated with. If null, this will return the requested encryption setting as an aggregate of all active administrators.

Called by an application that is administering the device to determine the current encryption status of the device. Depending on the returned status code, the caller may proceed in different ways. If the result is ENCRYPTION_STATUS_UNSUPPORTED , the storage system does not support encryption. If the result is ENCRYPTION_STATUS_INACTIVE , use ACTION_START_ENCRYPTION to begin the process of encrypting or decrypting the storage. If the result is ENCRYPTION_STATUS_ACTIVATING or ENCRYPTION_STATUS_ACTIVE , no further action is required.

Returns

• current status of encryption. The value will be one of ENCRYPTION_STATUS_UNSUPPORTED , ENCRYPTION_STATUS_INACTIVE , ENCRYPTION_STATUS_ACTIVATING , or ENCRYPTION_STATUS_ACTIVE .

  Returns true if an administrator has been granted a particular device policy. This can be used to check if the administrator was activated under an earlier set of policies, but requires additional policies after an upgrade.

  Parameters

  admin Which DeviceAdminReceiver this request is associated with. Must be an active administrator, or an exception will be thrown. usesPolicy Which uses-policy to check, as defined in DeviceAdminInfo .

  Determine whether the current password the user has set is sufficient to meet the policy requirements (quality, minimum length) that have been requested.

  The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

  Returns

  • Returns true if the password meets the current requirements, else false.

    Make the device lock immediately, as if the lock screen timeout has expired at the point of this call.

    The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

    Remove a current administration component. This can only be called by the application that owns the administration component; if you try to remove someone else's component, a security exception will be thrown.

    Force a new device unlock password (the password needed to access the entire device, not for individual accounts) on the user. This takes effect immediately. The given password must be sufficient for the current password quality and length constraints as returned by getPasswordQuality(ComponentName) and getPasswordMinimumLength(ComponentName) ; if it does not meet these constraints, then it will be rejected and false returned. Note that the password may be a stronger quality (containing alphanumeric characters when the requested quality is only numeric), in which case the currently active quality will be increased to match.

    The calling device admin must have requested USES_POLICY_RESET_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    password The new password for the user. flags May be 0 or RESET_PASSWORD_REQUIRE_ENTRY .

    Called by an application that is administering the device to disable all cameras on the device. After setting this, no applications will be able to access any cameras on the device.

    The calling device admin must have requested USES_POLICY_DISABLE_CAMERA to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. disabled Whether or not the camera should be disabled.

    Called by an application that is administering the device to disable keyguard customizations, such as widgets. After setting this, keyguard features will be disabled according to the provided feature list.

    The calling device admin must have requested USES_POLICY_DISABLE_KEYGUARD_FEATURES to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. which KEYGUARD_DISABLE_FEATURES_NONE (default), KEYGUARD_DISABLE_WIDGETS_ALL , KEYGUARD_DISABLE_SECURE_CAMERA , KEYGUARD_DISABLE_FEATURES_ALL

    Setting this to a value greater than zero enables a built-in policy that will perform a device wipe after too many incorrect device-unlock passwords have been entered. This built-in policy combines watching for failed passwords and wiping the device, and requires that you request both USES_POLICY_WATCH_LOGIN and USES_POLICY_WIPE_DATA }.

    To implement any other policy (e.g. wiping data for a particular application only, erasing or revoking credentials, or reporting the failure to a server), you should implement onPasswordFailed(Context, android.content.Intent) instead. Do not use this API, because if the maximum count is reached, the device will be wiped immediately, and your callback will not be invoked.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. The number of failed password attempts at which point the device will wipe its data.

    Called by an application that is administering the device to set the maximum time for user activity until the device will lock. This limits the length that the user can set. It takes effect immediately.

    The calling device admin must have requested USES_POLICY_FORCE_LOCK to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. timeMs The new desired maximum time to lock in milliseconds. A value of 0 means there is no restriction.

    Called by a device admin to set the password expiration timeout. Calling this method will restart the countdown for password expiration for the given admin, as will changing the device password (for all admins).

    The provided timeout is the time delta in ms and will be added to the current time. For example, to have the password expire 5 days from now, timeout would be 5 * 86400 * 1000 = 432000000 ms for timeout.

    To disable password expiration, a value of 0 may be used for timeout.

    The calling device admin must have requested USES_POLICY_EXPIRE_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. timeout The limit (in ms) that a password can remain in effect. A value of 0 means there is no restriction (unlimited).

    Called by an application that is administering the device to set the length of the password history. After setting this, the user will not be able to enter a new password that is the same as any password in the history. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_ALPHABETIC , or PASSWORD_QUALITY_ALPHANUMERIC with setPasswordQuality(ComponentName, int) . The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired length of password history. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum allowed password length. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested either PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_ALPHABETIC PASSWORD_QUALITY_ALPHANUMERIC , or PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) .

    The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum password length. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 1. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of lower case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 0. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of lower case letters required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of non-letter characters (numerical digits or symbols) required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 0. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of letters required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of numerical digits required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 1. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of numerical digits required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of symbols required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 1. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of symbols required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the minimum number of upper case letters required in the password. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value. This constraint is only imposed if the administrator has also requested PASSWORD_QUALITY_COMPLEX with setPasswordQuality(ComponentName, int) . The default value is 0. The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. length The new desired minimum number of upper case letters required in the password. A value of 0 means there is no restriction.

    Called by an application that is administering the device to set the password restrictions it is imposing. After setting this, the user will not be able to enter a new password that is not at least as restrictive as what has been set. Note that the current password will remain until the user has set a new one, so the change does not take place immediately. To prompt the user for a new password, use ACTION_SET_NEW_PASSWORD after setting this value.

    Quality constants are ordered so that higher values are more restrictive; thus the highest requested quality constant (between the policy set here, the user's preference, and any other considerations) is the one that is in effect.

    The calling device admin must have requested USES_POLICY_LIMIT_PASSWORD to be able to call this method; if it has not, a security exception will be thrown.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. quality The new desired quality. One of PASSWORD_QUALITY_UNSPECIFIED , PASSWORD_QUALITY_SOMETHING , PASSWORD_QUALITY_NUMERIC , PASSWORD_QUALITY_ALPHABETIC , PASSWORD_QUALITY_ALPHANUMERIC or PASSWORD_QUALITY_COMPLEX .

    Called by an application that is administering the device to request that the storage system be encrypted.

    When multiple device administrators attempt to control device encryption, the most secure, supported setting will always be used. If any device administrator requests device encryption, it will be enabled; Conversely, if a device administrator attempts to disable device encryption while another device administrator has enabled it, the call to disable will fail (most commonly returning ENCRYPTION_STATUS_ACTIVE ).

    This policy controls encryption of the secure (application data) storage area. Data written to other storage areas may or may not be encrypted, and this policy does not require or control the encryption of any other storage areas. There is one exception: If isExternalStorageEmulated() is true , then the directory returned by getExternalStorageDirectory() must be written to disk within the encrypted storage area.

    Important Note: On some devices, it is possible to encrypt storage without requiring the user to create a device PIN or Password. In this case, the storage is encrypted, but the encryption key may not be fully secured. For maximum security, the administrator should also require (and check for) a pattern, PIN, or password.

    Parameters

    admin Which DeviceAdminReceiver this request is associated with. encrypt true to request encryption, false to release any previous request

    Returns

    • the new request status (for all active admins) - will be one of ENCRYPTION_STATUS_UNSUPPORTED , ENCRYPTION_STATUS_INACTIVE , or ENCRYPTION_STATUS_ACTIVE . This is the value of the requests; Use getStorageEncryptionStatus() to query the actual device state.

      Ask the user date be wiped. This will cause the device to reboot, erasing all user data while next booting up. External storage such as SD cards will be also erased if the flag WIPE_EXTERNAL_STORAGE is set.

      The calling device admin must have requested USES_POLICY_WIPE_DATA to be able to call this method; if it has not, a security exception will be thrown.

      Parameters

      flags Bit mask of additional options: currently 0 and WIPE_EXTERNAL_STORAGE are supported. Except as noted, this content is licensed under Apache 2.0 . For details and restrictions, see the Content License . Android 4.2 r1 —