Setting a package as Device Administrator with StageNow, reversing the DevAdmin class name

I had to perform a simple task recently: set up the Battery Swap application on out TC51 as a Device Administrator, so that it can do its battery swapping preparations correctly (for some reason it’s not set up as such by default). MX and StageNow allow this via the DevMgr CSP. But that CSP requires Package Name and Class Name. Let’s find out and do some more package dumping for fun and profit!



Calling Android Settings pages programmatically during Staging

In quite a few situations we need the user to input specific data during device Staging. For instance, I have been doing a job for a customer, requiring a PIN code pre-set on the device, when it comes back from repairs. This PIN code can only be set programmatically by Device Administrator class app (or MDM agent, which usually registers as one). Given the circumstances, this was not an option.

Normally, this means that you’d have to provide instruction containing lots of “tap this” and “skip that” as well as lots of screenshots to ensure that there is no way the user will be lost. However, this approach is error prone and time consuming. And for repair loop operations this means $$$. Wouldn’t it be better to just scan a barcode? But how?

Each page of the Settings app in an Activity. Thus, we can write an intent to pop it up. StageNow (via MX) allows us to run intents. The question is, how do we find, which data to populate the intent with? Let’s find out!


Should I attempt to uninstall Android bloatware? Android storage explained (or part of it)

There is a significant number of posts on the internet regarding how people hate bloatware that comes bundled with their devices, how it eats at their precious internal storage space and how they would want to uninstall it (which is impossible w/o rooting your device). While I agree with one’s right to hate the bloatware, everything else is a delusion. Let’s take a look.


Bypassing Android security via backups (PSK recovery)

In my recent Android trainings and the Android security talk I gave at AppForum 2014 I was asked to provide a sort of a demo that can be easily replicated to explain the importance of maintaining a proper security posture. So I created a script that ‘recovers’ PSKs from the device and displays them.

Before moving on, a brief disclaimer: Android (or iOS, or Windows) are pretty secure, it is up to the user how much of this security is traded for convenience (or ignorance).