What an excellent question! Security on any smartphone is pretty darn important, and the simple fact is that most of the time when it gets compromised, it's because of something we did. I don't mean something crazy like installing cracked apps from a website you had to use Google Translate to read, though that's always a good way to compromise everything. I'm talking about changing device settings or just not using some functions because we don't fully understand them. The Device Administration API is a great example.
Originally baked into Android with version 2.2, the Device Admin API allows you to alter the remote or local security policy of your Android. We'll use my Unlock with Wifi app as a walkthrough of what that means after the break.
Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!
The default security policy of your Android is that once you've set a secure (as in Pattern, Password or PIN) lock screen option on your device, you need to re-enter those credentials to change it. This keeps someone from grabbing your phone while it's not locked, and changing the setting so they can get in later. In simple terms -- to change from a PIN to the unsecured swipe to unlock, you need to enter the PIN first.
The Unlock with Wifi app alters this, so that the lock screen option can be changed from a secure method to the swipe method when you've connected to a certain Wifi access point. This requires a change to the local security policy on your Android. Examples that change the remote security policy would be your IT department at work requiring you to have a password of a certain strength to unlock your phone, or allowing the to remotely wipe all the data if you report it as lost or stolen. Things like this are a big part of Exchange email systems.
But Carolyn wants to specifically know if it's OK to allow an app to alter the security policy by giving it device administration privileges. That's not quite so cut and dried. You should only allow this for an app if you understand why it needs to be enabled. We talked about Unlock with Wifi, but there are several popular applications that need to affect this policy for things like remote wipe. I use Cerberus on my phones, because if I ever lost one I would need all my data to be wiped away. My bootloader is unlocked, so to the right person with the right tools, my PIN lock means nothing.
In short, if you install an app that asks to be set as a device administrator, you need to ask yourself why the app might need this, and if you trust the people who wrote it.
This is one of those times when it's good to ask questions. Ask the folks in the Android forums, ask your friends who may be big Android nerds, or do like Carolyn did and email someone who should know the answer.
So to answer your question Carolyn, yes it's safe to allow Unlock with Wifi to act as a device administrator. It needs this option to enable and disable the secure lock screen on the fly, and the application has been around a long time and the developer is trustworthy. If you get an update for the app that changes permissions, ask again if you're unsure. We're one big happy Android family, and helping folks with their Androids is what we like best about this job.
Activating* Posted via Android Central App
That's why I don't use AirDroid, I don't understand the business model or why his VC would fund it seemingly for free.
I use AirDroid without the Admin option & it works fine.
LookOut has this option too. Posted via my themed "WHITE DRAGON" LiquidSmooth Sprint GSIII.
"Installing cracked apps from a website that required Google translate" is the sentence of the day. Posted via Android Central App
I see you are using Cerberus. Great app, and underexposed. How about a review! Posted via Android Central App
Great write up!
Thanks I also downloaded unlock with wifi after your review a couple of weeks ago. Handy app! Posted via Android Central App on my Note 2!
I'm being asked if I want to "Activate device administrator" for S Voice. Should I say YES?
I have just left the orchard and come to the dark side, and am totally unfamiliar with all of this.
if you are seeing this for MailWise, like I did, goto http://mail-wise.com/faq/ and look for "Exchange Security Bypass" and you can avoid giving the device admin rights
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.