I was trying to use Android Password expiration feature using
DeviceAdmin
. When I call setPasswordExpirationTimeout()
API , it only
sends a notification and doesn't actually force the user to change the
password. It only sends a notification after timeout:
V/DevicePolicyManagerService( 662): Sending password expiration notifications for action com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION
You have to get the callback in DeviceAdminReceiver in onPasswordExpired() to force user to change password.
Any specific reason it's been implemented this way (or is it just to give flexibility to the programmer)?
The only option I could see is starting activity with intent ACTION_SET_NEW_PASSWORD
in the callback in Devic开发者_运维知识库eAdminReceiver
which the user can overrule by simply pressing 'Cancel' button.
How to 100% enforce the to change password ?
Have you tried looking at the DeviceAdminSample (source code)? The Android SDK comes with all the samples so you can easily add the ApiDemos as an Eclipse project and run it in the simulator.
I originally thought you could call the resetPassword method in the DevicePolicyManager, but you would need the user to have given you their new password to do that, which I assume you don't want to do!
精彩评论