Implementing Kiosk Mode in Android - Part 3: Android Lollipop (and Marshmallow)
Updated: Oct 19, 2020
Part 3: Android Lollipop (and Marshmallow)
Android 5.0 (Lollipop) and 6.0 (Marshmallow) now have an official Kiosk Mode that anybody can use, but they don’t call it Kiosk Mode. They call it “screen pinning” or “task locking”. This article will provide information on how to implement a kiosk mode in Android 5.0+. We will also cover Android device provisioning using NFC, which we'll use to implement the device owner app, demonstrating the kiosk mode.
Starting Kiosk Mode is deceptively simple: just call startLockTask() in your Activity. But unless you take some extra steps, the user can easily break out of this low-security Kiosk Mode by holding the Back and Overview keys simultaneously.
To enter a high-security Kiosk Mode that the user can’t break out of, you need to install a “device owner” app. The device owner is a new, special kind of device administrator that can grant any app the right to put itself into a Kiosk Mode that the user can’t get out of.
There are currently three known ways to install a device owner app:
Root your device and put the device owner information in the file “/data/system/device_owner.xml”.
Use adb to run the “dpm set-device-owner” command.
Use NFC to send the device owner app to an unprovisioned device.
In this article we will only talk about the adb and NFC methods, not the root method.
NOTE: Once a device owner has been set, it cannot be removed without (1) rooting the device, or (2) performing a factory reset. So make sure you are doing your Kiosk Mode experimentation on a device that does not contain important data.
Using adb to set the device owner
Next, run the following adb command:
adb shell dpm set-device-owner sdg.example.kiosk_mode/.AdminReceiver
Now when you run the “Kiosk Mode Demo” app and press the “Enter Kiosk Mode” button, you’ll see two “toast” notifications at the bottom of the screen: “Screen pinned” (this message comes from Android itself), and “[Kiosk Mode enabled]” (which comes from the app). You’ll also see that the status bar at the top of the screen is blank, and that you cannot use the Back, Home, or Overview buttons to break out of the application.
In Android 5.0, the deprecated method addPreferredActivity() in PackageManger has essentially been replaced with the method addPersistentPreferredActivity() in DevicePolicyManager. When the user presses the “Become Home Activity” button in the Kiosk Mode Demo app, the app calls this new method to make itself the preferred Home activity. Similarly, the “Restore Home Activity” button calls clearPackagePersistentPreferredActivities() to restore the previous Home activity.
If you look at the source code for the Kiosk Mode Demo app, you’ll notice that it’s acting as a device administrator. This allows it to become the device owner. But this is not strictly necessary. We could have used two separate apps: one that runs in Kiosk Mode and another device-owner app that allows it to run in Kiosk Mode.
Using NFC to install a device owner (device provisioning)
First, do a factory reset of your Android 5.0 device. After the device has rebooted into Android, it will be in the “unprovisioned” state. When it reaches this state, don’t touch the screen!
Next, install our pre-built Set Device Owner app, or compile it from source code on a different device that supports NFC. This second device should be running Android 4.1.2 or above. [Update: see our app in the Google Play store that allows you to create a NFC tag for device provisioning, or use the back-to-back device approach.]
Finally, run the Set Device Owner app and click the “Compute Checksum” button. After the checksum has been calculated, touch the two devices together, back-to-back. The second device should pop up a “Touch to beam” message. While the two devices are still together, press the “Touch to beam” message. Then, on the Android 5.0 device, you’ll see a new screen entitled “Set up your profile.” Press the “Encrypt” button, plug in your charger, then press the following two “Encrypt tablet” buttons. Then wait for the device to finish the encryption and reboot into Android.
After the Android 5.0 device has rebooted into Android, and you have finished the initial device setup, the Kiosk Mode Demo app should run automatically, because we made it the Home activity in our AdminReceiver.onEnabled() method, which gets called when the app becomes the device owner.
Now you have a working Kiosk Mode app that you can modify to suit your needs. Have fun!
In Part 4, we discuss how you can provision Android Lollipop and Marshmallow by writing the device owner information to an NFC tag instead of using the bump method.
Video: Setting the Device Owner
Watch the video below to see a demonstration of setting the device owner in Android Lollipop.
Need more help or information?
Please use the comment section below to ask additional questions that you would like answered. For engineering help, we offer programming services to assist you with the development of your Android applications.
Check Out Our Device Conductor MDM Solution
Does your business need a simple kiosk and application management solution for Android? Check out our MDM solution, Device Conductor. It allows you to:
Disable device applications (blacklist apps from being visible)
Disable certain device functionality (e.g. camera)
Select a single app to run in kiosk mode
Please contact us if you're interested in trying it out!