 Good evening, people. I am an Android developer, basically a mobile application developer, made into Android and likely for past two years. So I'll be speaking on Android Enterprise application development, device, and unique station API made for developers. So this is 2009. Android has been in line with it since 2009 style. You know about the Donald period that Google I am the first device from Google? That time, Android was not so glamorous, with tough fight with iPhone and Blackbird in stats. But today, scenario has changed. I don't need to give you any stats in marketplace or anything. That's been wonderful. But besides games and beautiful applications, there is a different word in Android University, that is Android Enterprise applications. So what is this Android applications? Or you can say, Android Enterprise mobile solutions. Enterprises and mobile. Everyone, every person is having a mobile, one or two. Most of them are going to buy or buy smartphones, be it iPhone or Android. In enterprises, big enterprises, basically IT departments purchase mobiles in bulk and issue them to their employees, stick them to some organization policies, some censorship, and basically for work, for productivity. But people are now migrating to smartphones, and they would like to take their smartphones to work. Sometimes it may work, sometimes not. So Android is going into that direction to be a workplace form. Nobody has, nobody likes to have two or three mobiles, one for email, one Blackbird for email checking, and other stuff, and one for Facebook and Twitter. So currently there is one mobile only. So can an Android phone or any smartphone can work as a business form? There's a term which is called workplace acceptance. What is that? At workplace, as a human being, every employee has some leads, like personal leads, talking on phone and watching videos and some other stuff. Other social leads, Twitter, Facebook, LinkedIn, other things, through mobile. And then productivity needs, they take it to work to make work like this, obviously. So besides that, do your phone fulfill IT department requirements, the stick policies, the other things. So what they demand from your phone, the IT department, there are three things, data security, device management, applications, what are they? What is data security? Data security from loss and debt. You are using your phone, you get, you browse your email, sensitive information, data, important things. But suppose that debt is stolen by some other person, you are an important person in your company, you are a CEO of your company and your phone is stolen in a bar, then what will you do? Intersection, you are communicating continuously through mails and talks. So everyone, every normal person, not normal, every hacker or someone can intercept that communication. Sometimes you are not a good employee. Like, you are not with the best intentions for your organization. You can give away some information, sensitive information through your mobile to any other company. Management, we have talked about specific registration with different devices in company network. Company wants to imply some specific security policies for organization or some general policies, like email, et cetera. And then user support. And then company, your organization also wants to keep an eye on you. What are you doing with your phone? What type of information you are accessing through your phone? And then deploying applications to enhance productivity. So as I talk, different types of desktop utilities, software or web applications are now converting, being converted into mobile applications. Like, for example, last year we had a request from Salomon to Spark and from Europe to convert their customer queue application, utility application to an Android-based application for sector calls based on Android as a server and to iPhone and Android apps for their employees and their customers. So what the organization has to do to progress in that way? You just, as an organization, you identify apps for your employees or your customers. If they exist in market, then you buy or otherwise build that application and distribute to employees. Distribution can be done through Android market or directly like through website or email. Just distribute that application file. Android doesn't have any direct provisioning distribution method. iPhone do that. So after distribution, you should keep updates to provide the app to be out of date. And then usage policies. You apply usage policies, how and which employee can use that app in this way. So where is the role of Android? How Android fits it? Right from the release of Donut and Cupcake, Android is introducing some enhancements in this direction in enterprise solutions, among which VPN support, secure Wi-Fi, exchange email, normally, password, pin lock, device policies. This is a very important device. For this, we will be talking about that. This was introduced in Froyo. And then remote lock, a part of that, remote Wi-Fi, exchange calendar, exchange, active sync. And also importantly, NFC, also kind of a part of enterprise solutions. NFC for reading, writing, and peer-to-peer support. And TIL, Ginterfract, and ICS, more enhancements, like securing emails and calendars, and enhancing features of them. So US developers want to ask, what is there for us? How can we leverage benefits of these kind of APIs, applications? According to Google, as Android is open source, every API in which is being used for making applications by Google, the third party developer can use that APIs in that way, except some restrictions for security. So for developers, there is device administration API. What is that? It is introduced from Froyo 2.2. And it is for security awareness. What is security awareness? Application, you just get a basic application. You introduce device administration API to it. And ID people can watch you, can keep an eye on you and on your employees. And the other benefit for you as employees, the basic application plus device administration API, and you get to know the sensitivity data to get to access the sensitive information of organization, the emails, and all that. So there is a two way benefit for you and your organization. If you don't have device administration API, if you don't, any of those APIs, the IP department cannot have access to your device. But other way, for another way, you cannot have that data when you cannot have other vendors. Third point is for almost all type of enterprise mobile solutions, for Android-based device, you have to go through device administration API. This is important. This is kind of tunnel to enterprise solutions in Android. So device administration API features like password policies, remote wipe, disabled camera. This camera can be disabled. This has been introduced in ICS. And then enforce direct encryption, remote law. So what are they? What is password policy? For password policy, your IP department can introduce policies like what type of password you can set on your screen law, what type of length, character length, it should be alphanumeric or numeric, any device password, time, any kind of that thing. Remote wipe. If your device gets stolen or get lost, device that sensitive data, the English, can divide doubt. And the device can be reset to factory settings, just through one click over the network, disabled camera. You are on workplace, you cannot use your camera, because IP department doesn't want to do that. You are in your home, the same device. After 9 to 5, through the same device, you can enable your camera. You can watch videos and all that. You can click images. Enforce direct encryption. To enforce direct encryption, every sensitive data on your device must be in encrypted form. That is also a kind of policy. It can be forced to your device. If you have enabled device administration, APA. And then obviously, remote law. Your IP department admin can remotely lock your device, if it says that there is some malicious kind of thing being happening. You are, for developers, APH superior, three type of main APAs, device admin receiver, device policy manager, device admin info. Most important is device admin receiver, a broadcast receiver, to handle all the intents related to this device administration policy. Broadcast receiver to receive the raw system events or intents, like enabling policies. If remotely or locally, any new policy has been enabled on your device, or you want to enable that policy on your device, device admin receiver, a subclass of device admin receiver will do that. We handle that. Must include a subclass of this receiver in your application if you want to leverage the benefits of this whole device administration policy API. The intent action is device admin enabled. If this application, this particular app is enabled on your device, this action would be broadcasted, this intent is this action. And then permission. Use this permission to all know as an Android developer. My device admin, this is important. And then handle the event when user enables admin application. So how it looks like in Manifest. Receiver, as we declared, any broadcast receiver in our Manifest, with a name, a label, a description if you want, and the permission by a device admin. Matter data. What is matter data? It is corresponding to this API, third plus device admin info. It has all the constants. So you can say all the policies for your application. If you want to set password policies, you have to declare in matter data. Like here, I will show you. If you want to declare remote vibe or remote log or disable camera, any kind of policies you want to declare in your app, you just have to mention that constant, that corresponding constant in matter data. Invent filter for that receiver with action device admin enabled. The code to enable the device admin app on your device. Just a simple code, as API and remote code is simple, but this is really simple. Intent, you have to declare an intent device policy manager with action add device admin. This action will add that device admin to your application. You can add extra information. And admin receiver object. This admin receiver object is the object of that broader receiver you have declared. In this receiver, you have declared all these policies with the help of admin info class. So these three APIs are interconnected. Again, some explanation. You want to add while your employee or your customer is installing that app and just enabling your app to extend that policy. Then start activity for result. So this line, start activity for result will show a pop-up with all the permissions, all the policies you have declared in your application. Like when the employee has just installed the app, this pop-up will occur explaining all the consequences, all the policies and consequences. And if that employee clicks active, that your application now is active on his device and you have full control over his device through the policies you have mentioned. So it is you have created the app. You have distributed the app as an IT admin. But it is in the hand of the employee or the customer that it should active the app or enable the app or not. If it doesn't enable the app, that app is on his device. But it is inactive. It can do anything. Here is the device admin info class. Because we need to matter data. Here you can declare all the policies. Like limit password, what type of password you require. Reset password if you want your employee to reset password during some duration, after some duration, after a month or not. Or you can just force lock that device at any moment through network and write data, write all the sensitive data to make the device convert to original seconds, factory seconds. And then expire password policy. This policy is to, if employee doesn't change his password in some duration mentioned duration, the password will expire. And employee will have to again reset that password according to your requirements. And then end cryptic storage. If you declare that all the data must be in end cryptic form. So how does it look like? The broadcast receiver in Java. Forming methods on enabled, then the policies are enabled on your device. This you can, what you want to do as admin, what you want to do here, you can do. Again, on disable if that's it. If the employee or you, yourself, want to disable that all the policies. Firstly, if employee want to disable all the policies, if he wants enabled, he will have to register as admin. Only then you can disable those policies. If the policies are disabled, then the action will be performed on disabled. And if a password is changed, what you want to do, you can do it here in this method. The second thing is, important thing is device policy manager. So this has named this simply managed policies. What type of policies are declared by Google in Android? What kind of policies you can leverage? This all has been defined here. Can they relate it to one or more admin receivers? Two, there can be one or two or three admin policies, admin applications in your device. And one thing is important, no other application can decrease the security. Two or more applications can only increase. Like if one application has entered, has a policy to set password, four digits minimum and other has policy to set password with six digits minimum, then the strict policy will be applied. That is six password, six digit password. So you cannot make an application to counter the policies of another applications to decrease the security. Device policy manager, this is the code. Device policy manager object, you make an object, get system service, like you get access to all other managers, like location manager and other things. The same way, get system service, you just declare a constant for that, type us, and you get the object for that device policy manager. You can ask it is admin active or not. If the response is true, you know that admin active, admin active, and you do your required things, like white data or lock, locking the device, other things. So other things, device policy manager can do, set all the password policies. As here, yes, here, this is the intent I have shown you here, we are using extras from device policy manager. So these are, I have shown you only two, but they are plenty of actions or policies you can use. Like I have mentioned that minimum password, alphanumeric password, password quality, password expiration period duration, remote white, should there be a remote white facility or not, remote lock facility or not, camera should be disabled or not. Here are some code snippets to again use an intent to prompt the user, your employee, at any certain moment. If you want the user to reset the password, you can do that. So these policies can not only be hard coded, these can be applied at runtime through network only. This is the main facility of this manager. So you can set the password quality, like alphanumeric and other digital or anything, specific characters, or check maximum time to log. You want to set the duration, like if the device has been inactive for five minutes, the employee's device should be automatically be logged. So you can do that easily. Again, if you want, at a certain moment of time, to immediately log the device of your employee at any place involved, you can do that just by log now. Simple method. Data-wide, object device policy manager don't write data, just write the data and set all the settings to factory settings. Here is an argument. Currently, it must be 0. How the server-side implementation will be? In order, something I want to lock the device now. So what would be the call that I do for the server-side if I want to end that policy? I have not worked on server-side code, but yeah, you can find, I have seen that code, you can find that code in samples, end-order samples. Just, it is provided in the documents, as in that. But I have worked on it, but there is not specific code, not some end-order specific code for server-side. So that is simple. That is just to communicate with some specific messages for in response to some specific email. With this device policy manager of the device administration API, are there any APIs with which we can configure VPN profiles or configure email accounts on a device? These applications are just integrated into Android framework. You just buy a phone, you find those applications specific in settings. There is no, you can get your custom application for that, for your specific policies or other things. But for physical settings, you will find those applications in Android framework. Just like how there is a lock-down or a wipe data, is there a way that I can configure a VPN profile? So we have a native VPN profile configuration on Android, right? So that we can manually add VPN profiles. So is there an API that is there which can be used? I'm not surely aware of specifically VPN settings, but I'm not sure for specific VPN settings. But yeah, you can set others and execute the settings, policy-related settings through your applications. This whole device policy manager of the staff, can it be effectively tested on email address also? No. For example, wipe data. What? Wipe data. Wipe data. I have not tested on email address because this is not something that you would directly test it on the device. So I have to do my first one on email address. I think I doubt that in trial, there was not such, no exactly, there is no, I remember there is no such kind of specific Android emulators. In ICS, about ICS I don't know, but earlier there was nothing. So you need a device to run these kind of, or do some testing on these deviators. Yes, very best. OK, thanks. We'll take one last question. You said that you have to have an application activated in order to take these policies into account. Yes, sir. What if someone uninstalls the application or doesn't activate at all? Will you have to write that application as a native once that it starts with the phone booth, or will you have any policies to make sure that it will start? Yes, there is a provision to indicate the application to phone booth, the booth. There are certain levels of this device admin policies, application, this is your choice, what you want to do. In the case that an employee uninstalls the application, who keeps the phone booth in the same place, uninstalls it. There are two benefits for this admin application. If your employee has uninstalled the device, then he cannot connect to your email exchange. And if you can also introduce the code is on installing, write on installing the device, you can just write the data. The thing is, I can anyhow uninstall the application or from the phone, the phone becomes a normal one. Yeah.